|Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site|
Published: October 2003
(last updated December 2003)
The nice thing about the RPC over HTTP functionality, besides the users get full Outlook access, is you only have to open one port in the firewall, typically port 443 (SSL), just like with OWA – Outlook Web Access. You could of course make use of a VPN connection, but the Outlook client has never worked well through VPN connections.
The client needs to have Outlook 2003 installed, previous Outlook versions won’t work.
You will also need to have a Microsoft Certificate Authority (CA) installed , this should be used to issue the respective certificates needed in order to have SSL/443 working properly. You could as well go the easy way and get the certificate from a certificate provider like Verisign or Thawte.
Note: Installation of a Microsoft Certificate Authority (CA) is beyond the scope of this article, but you should be able to find a few articles describing the procedure by doing a search on Google.
I will use a scenario existing of an Exchange 2003 server and a Windows 2003 DC, the Exchange server will be acting as the RPC Proxy Server.
First we will need to install the RPC Proxy Service on the Exchange server, so logon to it and do the following:
- Click Start | Settings | Control
Now we need to edit some values in the registry editor, so start it up and navigate to the following registry key:
Here you need to change the value of the ValidPorts key, the values should be entered in the below format:
ExchangeServer:593; ExchangeServerFQDN:593; ExchangeServer:6001-6002; ExchangeServerFQDN:6001-6002; ExchangeServer:6004; ExchangeServerFQDN:6004; GlobalCatalogServer:593; GlobalCatalogServerFQDN:593; GlobalCatalogServer:6004; GlobalCatalogServerFQDN:6004
This means if your Exchange server is named Exchange01 and your Global Catalog server is called GlobalCatalog01 and both are members of the AD domain privatedomain.com , it should look like:
Exchange01:593; Exchange01.privatedomain.com:593; Exchange01:6001-6002; Exchange01.privatedomain.com:6001-6002; Exchange01:6004; Exchange01.privatedomain.com:6004; GlobalCatalog01:593; GlobalCatalog01.privatedomain.com:593; GlobalCatalog01:6004; GlobalCatalog01.privatedomain.com:6004
Note: If you had several other servers (could be additionel Exchange & Global Catolog servers), which the Outlook client needed to communicate with, you would have to add these to above string as well.
Now close the registry editor then open the IIS Manager and do the following:
- Expand Local Computer | Websites | Default
- Then click Edit in the menu > New then
click Multi-String Value
That was it for the Servers part, let move on to the Outlook RPC over HTTP profile configuration.
- Open the Control Panel | Double-click Mail
Give the profile a name and click Ok
- Click Next and set bullet in Microsoft Exchange Server
Now you should type in your Fully Qualified Domain Name, this
should be the same as the one used on your SSL certificate.
- Click the Connection tab
Type in your FQDN (still the same as on your SSL certificate) in Use this url to connect to my proxy server for Exchange:
Put a checkmark in Mutually authenticate session when connecting with SSL Principal name for proxy server:
MSSTD:FQDN (again FQDN should be the same as on the SSL certificate)
It’s also recommended you set a checkmark in both:
On fast networks, connect using HTTP first, then TCP/IP and
At last but not least make sure you have chosen Basic Authentication
under Proxy authentication settings
You’re finished !
You should now be able to connect to your Exchange Server from anywhere over
the Internet. Be aware when you start up your Outlook client, you will be asked
for user credentials.
Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.
Copyright Stephen Bryant 2008