0% found this document useful (0 votes)

149 views

E2 K 3 RPCHTTPDep

Exchange 2k RPC to HTTP

Uploaded by

John Williams

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOC, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

149 views

E2 K 3 RPCHTTPDep

Exchange 2k RPC to HTTP

Uploaded by

John Williams

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOC, PDF, TXT or read online on Scribd

You are on page 1/ 189

Microsoft Exchange Server 2003 RPC over

HTTP Deployment Scenarios

Microsoft Corporation

Published: December 12, 2006

Author: Exchange Server Documentation Team

Abstract
This guide includes information about deploying RPC over HTTP in Exchange Server 2003.

Comments? Send feedback to [email protected].

Contents
Exchange Server 2003 RPC over HTTP Deployment Scenarios...........................................13

New for Exchange Server 2003 Service Pack 1.....................................................................14

Benefits When You Have Exchange Server 2003 SP1 Installed on Your RPC Proxy Server
......................................................................................................................................... 14

Technical Details of Using RPC over HTTP to Access Exchange from an Outlook Client......15

Benefits of Using RPC over HTTP.........................................................................................16

The RPC over HTTP Process................................................................................................16

RPC over HTTP Interactions on the Client Computer............................................................16

How to Create an Outlook Profile for Users to Use with RPC over HTTP..............................18
Procedure........................................................................................................................... 18
For More Information........................................................................................................... 23

RPC over HTTP Interactions on the RPC Proxy Server.........................................................24

How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server. 25
Before You Begin................................................................................................................ 26
Procedure........................................................................................................................... 26
For More Information........................................................................................................... 27

RPC over HTTP Interactions on the Back-End Servers.........................................................27

Mailbox Servers.................................................................................................................. 27
Public Folder Servers.......................................................................................................... 27
Global Catalog Servers....................................................................................................... 28
DSProxy.............................................................................................................................. 28

RPC over HTTP Process Example......................................................................................... 29

Step 1.................................................................................................................................. 29
Step 2.................................................................................................................................. 30
Step 3.................................................................................................................................. 30
Step 4.................................................................................................................................. 30
Step 5.................................................................................................................................. 30
Step 6.................................................................................................................................. 30
Step 7.................................................................................................................................. 30
Step 8.................................................................................................................................. 31

RPC over HTTP Protocol Specifics........................................................................................ 31

HTTP Protocol..................................................................................................................... 31
RPC.................................................................................................................................... 32

How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server. 35
Before You Begin................................................................................................................ 35
Procedure........................................................................................................................... 35
For More Information........................................................................................................... 36

The Role of Exchange System Manager and Exchange System Attendant in RPC over HTTP
............................................................................................................................................ 36

Exchange System Manager on the Back-End Server............................................................37

Exchange System Manager on an RPC Proxy Server That is a Front-End Server................38

Exchange System Attendant on an RPC Proxy Server That Is a Front-End Server...............38

RPC over HTTP Authentication and Security.........................................................................40

HTTP Authentication........................................................................................................... 40
Basic Authentication and NTLM Authentication...................................................................41
Requirements for RPC over HTTP to Use the Current Windows Operating System Logon
Information....................................................................................................................... 42
RPC Authentication............................................................................................................. 43
SSL..................................................................................................................................... 43
SSL Offloading.................................................................................................................... 43

How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server. 44
Before You Begin................................................................................................................ 44
Procedure........................................................................................................................... 44
For More Information........................................................................................................... 45

RPC over HTTP Scalability.................................................................................................... 45

HTTP Sessions Established by Outlook by Using RPC over HTTP....................................46
RPC over HTTP Scalability Limitations...............................................................................47
Network Load Balancing..................................................................................................... 47

How to View Established Connections in Outlook..................................................................48

Before You Begin................................................................................................................ 48
Procedure........................................................................................................................... 48
For More Information........................................................................................................... 49

How to Increase the Size of the Kernel Request Queue Limit................................................49

Before You Begin................................................................................................................ 49
Procedure........................................................................................................................... 49
For More Information........................................................................................................... 49

System Requirements for RPC over HTTP on Exchange Server 2003..................................50

Recommendations for Deploying RPC over HTTP Communications.....................................51
Best Practices to Follow When Deploying RPC over HTTP................................................51
For More Information........................................................................................................... 52

Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment.....................53

Scenario 1: Front-End and Back-End Server Architecture with ISA Server in the Perimeter
Network........................................................................................................................... 53
Scenario 2: Positioning the RPC Proxy Server in the Perimeter Network...........................54
Scenario 3: Using Exchange Single-Server Installations....................................................55
Scenario 4: Secure Sockets Layer Offloading.....................................................................56

Deployment Scenarios for RPC over HTTP...........................................................................57

Running Exchange Server 2003 Service Pack 1................................................................57
Running Exchange Server 2003 on Windows Small Business Server 2003.......................58
Running Exchange Server 2003 Without Service Packs.....................................................59
Upgrading RPC over HTTP Deployment from Exchange Server 2003 to Exchange Server
2003 SP1......................................................................................................................... 60
For More Information........................................................................................................... 60

How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)..................................................................................................... 61
Before You Begin................................................................................................................ 61
Procedure........................................................................................................................... 62
For More Information........................................................................................................... 62

How to Configure a Server as an RPC Proxy Server.............................................................63

Before You Begin................................................................................................................ 63
Procedure........................................................................................................................... 63
For More Information........................................................................................................... 64

How to Configure the Back-End Server to Act as a Target for the RPC Proxy Server............64
Before You Begin................................................................................................................ 64
Procedure........................................................................................................................... 65
For More Information........................................................................................................... 66

How to Configure the RPC Proxy Server Settings on a Front-End Server in Exchange System
Manager.............................................................................................................................. 66
Before You Begin................................................................................................................ 66
Procedure........................................................................................................................... 66
For More Information........................................................................................................... 68

How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server. 68
Before You Begin................................................................................................................ 68
Procedure........................................................................................................................... 69
For More Information........................................................................................................... 69
How to Create an Outlook Profile for Users to Use with RPC over HTTP..............................70
Procedure........................................................................................................................... 70
For More Information........................................................................................................... 75

How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No Front-
End Server.......................................................................................................................... 76
Before You Begin................................................................................................................ 76
Procedure........................................................................................................................... 77
For More Information........................................................................................................... 78

How to Configure a Server as an RPC Proxy Server.............................................................78

Before You Begin................................................................................................................ 79
Procedure........................................................................................................................... 79
For More Information........................................................................................................... 79

How to Configure a Back-End Server That is in a Back-End Only Topology to Use RPC over
HTTP................................................................................................................................... 80
Before You Begin................................................................................................................ 80
Procedure........................................................................................................................... 80
For More Information........................................................................................................... 81

How to Configure the RPC Virtual Directory in IIS..................................................................81

Before You Begin................................................................................................................ 81
Procedure to Configure RPC Virtual Directory in IIS...........................................................81
Procedure to Configure RPC Virtual Directory to Use SSL.................................................83
For More Information........................................................................................................... 83

How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP...........84
Before You Begin................................................................................................................ 84
Procedure........................................................................................................................... 85
For More Information........................................................................................................... 86

How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server. 87
Before You Begin................................................................................................................ 87
Procedure........................................................................................................................... 87
For More Information........................................................................................................... 88

How to Create an Outlook Profile for Users to Use with RPC over HTTP..............................88
Procedure........................................................................................................................... 89
For More Information........................................................................................................... 93

How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario...................................................................................................... 94
Before You Begin................................................................................................................ 94
Procedure........................................................................................................................... 95
For More Information........................................................................................................... 95
How to Configure a Server as an RPC Proxy Server.............................................................96
Before You Begin................................................................................................................ 96
Procedure........................................................................................................................... 96
For More Information........................................................................................................... 97

How to Configure the RPC Virtual Directory in IIS..................................................................97

Before You Begin................................................................................................................ 98
Procedure to Configure RPC Virtual Directory in IIS...........................................................98
Procedure to Configure RPC Virtual Directory to Use SSL.................................................99
For More Information......................................................................................................... 100

How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP.........100
Before You Begin.............................................................................................................. 101
Procedure......................................................................................................................... 102
For More Information......................................................................................................... 103

How to Create an Outlook Profile for Users to Use with RPC over HTTP............................105
Procedure......................................................................................................................... 105
For More Information......................................................................................................... 110

How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server..........................................111
Before You Begin............................................................................................................... 111
Procedure.......................................................................................................................... 112
For More Information......................................................................................................... 113

How to Configure a Server as an RPC Proxy Server............................................................113

Before You Begin............................................................................................................... 114
Procedure.......................................................................................................................... 114
For More Information......................................................................................................... 114

How to Configure the RPC Virtual Directory in IIS................................................................115

Before You Begin............................................................................................................... 115
Procedure to Configure RPC Virtual Directory in IIS.........................................................115
Procedure to Configure RPC Virtual Directory to Use SSL...............................................116
For More Information......................................................................................................... 117

How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP..........117
Before You Begin............................................................................................................... 118
Procedure.......................................................................................................................... 119
For More Information......................................................................................................... 120

How to Set the NTDS Port on a Global Catalog Server Acting as an Exchange Server 2003
Back-End Server............................................................................................................... 120
Before You Begin.............................................................................................................. 120
Procedure......................................................................................................................... 121
For More Information......................................................................................................... 121

How to Create an Outlook Profile for Users to Use with RPC over HTTP............................123
Procedure......................................................................................................................... 124
For More Information......................................................................................................... 128

How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-End
Server............................................................................................................................... 129
Before You Begin.............................................................................................................. 129
Procedure......................................................................................................................... 130
For More Information......................................................................................................... 130

How to Configure a Server as an RPC Proxy Server...........................................................131

Before You Begin.............................................................................................................. 131
Procedure......................................................................................................................... 131
For More Information......................................................................................................... 132

How to Configure the RPC Virtual Directory in IIS................................................................132

Before You Begin.............................................................................................................. 133
Procedure to Configure RPC Virtual Directory in IIS.........................................................133
Procedure to Configure RPC Virtual Directory to Use SSL...............................................134
For More Information......................................................................................................... 134

How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP.........135
Before You Begin.............................................................................................................. 135
Procedure......................................................................................................................... 137
For More Information......................................................................................................... 137

How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server
.......................................................................................................................................... 138
Before You Begin.............................................................................................................. 138
Procedure......................................................................................................................... 138
For More Information......................................................................................................... 139
How to Create an Outlook Profile for Users to Use with RPC over HTTP............................139
Procedure......................................................................................................................... 140
For More Information......................................................................................................... 145

How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-End
Server, Back-End on Global Catalog Server.....................................................................145
Before You Begin.............................................................................................................. 146
Procedure......................................................................................................................... 146
For More Information......................................................................................................... 147

How to Configure a Server as an RPC Proxy Server...........................................................148

Before You Begin.............................................................................................................. 148
Procedure......................................................................................................................... 148
For More Information......................................................................................................... 148

How to Configure the RPC Virtual Directory in IIS................................................................149

Before You Begin.............................................................................................................. 149
Procedure to Configure RPC Virtual Directory in IIS.........................................................150
Procedure to Configure RPC Virtual Directory to Use SSL...............................................151
For More Information......................................................................................................... 151

How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP.........152
Before You Begin.............................................................................................................. 152
Procedure......................................................................................................................... 153
For More Information......................................................................................................... 154

How to Set the NTDS Port on a Global Catalog Server Acting as an Exchange Server 2003
Back-End Server............................................................................................................... 155
Before You Begin.............................................................................................................. 155
Procedure......................................................................................................................... 155
For More Information......................................................................................................... 156

How to Create an Outlook Profile for Users to Use with RPC over HTTP............................158
Procedure......................................................................................................................... 158
For More Information......................................................................................................... 163

How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to Exchange Server
2003 SP1.......................................................................................................................... 164
Before You Begin.............................................................................................................. 164
Procedure......................................................................................................................... 165
For More Information......................................................................................................... 166

How to Configure the Back-End Server to Act as a Target for the RPC Proxy Server..........166
Before You Begin.............................................................................................................. 166
Procedure......................................................................................................................... 167
For More Information......................................................................................................... 168

How to Configure the RPC Proxy Server Settings on a Front-End Server in Exchange System
Manager............................................................................................................................ 168
Before You Begin.............................................................................................................. 168
Procedure......................................................................................................................... 168
For More Information......................................................................................................... 170

How to Deploy RPC over HTTP for the First Time in Small Business Server 2003 (Standard
or Premium)...................................................................................................................... 170
Before You Begin.............................................................................................................. 170
Procedure......................................................................................................................... 170
For More Information......................................................................................................... 171

Adding a Back-End Server to an RPC over HTTP Deployment...........................................172

Troubleshooting RPC over HTTP Communications.............................................................172

Troubleshoot RPC over HTTP Communications...............................................................173
For More Information......................................................................................................... 173

How to Verify That RPC over HTTP Support Is Installed......................................................173

Procedure......................................................................................................................... 173
For More Information......................................................................................................... 174

How to Verify That World Wide Web Publishing Service Is Running....................................175

Procedure......................................................................................................................... 175
For More Information......................................................................................................... 175

How to Verify That SSL Certificate Is Installed on RPC Proxy Server..................................176

Procedure......................................................................................................................... 176
For More Information......................................................................................................... 176

How to Verify RPC Virtual Directory Configuration...............................................................177

Procedure......................................................................................................................... 177
Procedure......................................................................................................................... 178
For More Information......................................................................................................... 180

How to Verify That RPC Proxy Server Has Basic Authentication Configured.......................180
Procedure......................................................................................................................... 181
For More Information......................................................................................................... 181

How to Verify That RPC Proxy Server Extension Is Loading Properly..................................182

Procedure......................................................................................................................... 182
For More Information......................................................................................................... 183

How to Verify Client Computer Configuration.......................................................................184

Procedure......................................................................................................................... 184
For More Information......................................................................................................... 185

How to Enable 'Exchange over the Internet' in Outlook 2003 E-mail Accounts Wizard........186
Before You Begin.............................................................................................................. 186
Procedure......................................................................................................................... 186
For More Information......................................................................................................... 187

How to Check RPC over HTTP Connection Status on Outlook 2003 Client.........................187
Before You Begin.............................................................................................................. 187
Procedure......................................................................................................................... 187
For More Information......................................................................................................... 188

How to Verify Exchange Server 2003 Port Configuration.....................................................188

Procedure......................................................................................................................... 189
For More Information......................................................................................................... 190

Copyright.............................................................................................................................. 190
13

Exchange Server 2003 RPC over HTTP

Deployment Scenarios
Microsoft® Exchange Server 2003 and Microsoft Office Outlook® 2003, combined with
Microsoft Windows Server™ 2003, support the use of RPC over HTTP to access Exchange
servers. Using the Microsoft Windows RPC over HTTP feature to enable your users to
connect to their Exchange mailbox eliminates the requirement for remote office users to use a
virtual private network (VPN) to connect to their Exchange servers. Users who are running
Outlook 2003 on client computers can connect directly to an Exchange server in a corporate
environment from the Internet.

The Windows RPC over HTTP feature enables an RPC client (such as Outlook 2003) to
establish connections across the Internet by tunneling the remote procedure call (RPC) traffic
over Hypertext Transfer Protocol (HTTP). RPC is not designed for use on the Internet and
does not work well with perimeter networks. RPC over HTTP makes it possible to use RPC
clients with perimeter networks. If the RPC client can make an HTTP connection to a remote
computer that is running Internet Information Services (IIS), the client can connect to any
server on the remote network that you have configured to be available to this client. The client
can execute remote procedure calls to available servers on the remote network. Moreover,
the RPC client and server programs can connect across the Internet—even if both are behind
firewalls on different networks.

For more information, see the following topics:

 New for Exchange Server 2003 Service Pack 1

 Technical Details of Using RPC over HTTP to Access Exchange from an Outlook Client

 System Requirements for RPC over HTTP on Exchange Server 2003

 Recommendations for Deploying RPC over HTTP Communications

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

 Deployment Scenarios for RPC over HTTP

 Adding a Back-End Server to an RPC over HTTP Deployment

 Troubleshooting RPC over HTTP Communications

Note:
Download Microsoft Exchange Server 2003 RPC over HTTP Deployment Scenarios
to print or read offline.
14

New for Exchange Server 2003 Service

Pack 1
Microsoft® Exchange Server 2003 Service Pack 1 (SP1) includes a new user interface in
Exchange System Manager that enables you to configure your Exchange messaging system
to use RPC over HTTP without manually modifying the registry settings. With this new
interface, enabling RPC over HTTP for your organization involves doing the following steps:

1. Configuring your Exchange Server 2003 back-end servers as a target for the RPC proxy
servers in Exchange System Manager

2. Configuring your Exchange Server 2003 front-end servers as RPC proxy servers in
Exchange System Manager

To use this new functionality to deploy RPC over HTTP, you will need to install Exchange
Server 2003 SP1 on all Exchange front-end servers that will be used as RPC proxy servers.
It is also recommended that you install Service Pack 1 on all of your Exchange back-end
servers. However, you can enable RPC over HTTP on Exchange Server 2003 back-end
servers using Exchange System Manager from another Exchange server that has Service
Pack 1 installed.

Benefits When You Have Exchange Server 2003

SP1 Installed on Your RPC Proxy Server
If your RPC proxy server is an Exchange front-end server that is running Exchange Server
2003 with Service Pack 1 or a later version, you gain the following benefits:

 Exchange automatically configures the RPC over HTTP proxy component

 Exchange automatically configures Internet Information Services (IIS) settings for RPC
over HTTP

 Exchange verifies that the Exchange servers used for RPC over HTTP meet all the
requirements. For more information about requirements for Exchange servers used for
RPC over HTTP, see System Requirements for RPC over HTTP on Exchange Server
2003.

 Exchange automatically updates the RPC over HTTP proxy component with the
Exchange servers to which it can forward requests.
15

Technical Details of Using RPC over HTTP

to Access Exchange from an Outlook
Client
RPC over HTTP allows Microsoft® Office Outlook® 2003 clients to access Microsoft
Exchange servers by using the MAPI protocol to tunnel Outlook RPC requests inside an
HTTP session, or tunnel. Typically, an Outlook 2003 client contacts an Exchange server over
a TCP session.

If you use RPC over HTTP, you can use Outlook 2003 to access Exchange Server over the
Internet, because HTTP is a common Internet protocol. The HTTP session terminates at a
server running Internet Information Services (IIS) that has the Microsoft Windows
Server™ 2003 RPC over HTTP Proxy networking component installed. This server is called
an RPC proxy server.

It is recommended that your RPC proxy server is an Exchange front-end server. The RPC
over HTTP Proxy networking component extracts the RPC requests from the HTTP request
and forwards the RPC requests to the appropriate server. The advantage of this approach is
that only the RPC proxy server has to allow access from the Internet. Back-end Exchange
servers do not have to allow access from the Internet. You should use the Secure Sockets
Layer (SSL) to establish the HTTP session that you use to access Exchange Server over the
Internet from an Outlook 2003 client.

A common misconception is that the use of RPC over HTTP turns a Web request into an
RPC request. Outlook 2003 sends the RPC request inside an HTTP tunnel. The actual RPC
request does not change between the Outlook client and the Exchange server.

The following figure shows an RPC request inside an HTTP tunnel.

RPC request inside HTTP tunnel

Benefits of Using RPC over HTTP

There are several benefits to using RPC over HTTP to enable Microsoft® Office Outlook®
2003 clients to access Microsoft Exchange Server, instead of using a virtual private network
(VPN). The benefits are the following:

 You can use the same URL and namespace that you use for Microsoft Office Outlook
Web Access for Exchange Server 2003, Exchange ActiveSync®, and Microsoft Outlook
Mobile Access.

 You can use the same Secure Sockets Layer (SSL) server certificate that you use for
Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access.
 No unauthenticated requests from Outlook can access Exchange servers.

 Clients must trust server certificates, and certificates must be valid.

You must allow only port 443 through your firewall, because Outlook requests use HTTP over
SSL. If you already use Outlook Web Access with SSL, Exchange ActiveSync with SSL, or
Outlook Mobile Access with SSL, you do not have to open any additional ports from the
Internet.

The RPC over HTTP Process

The process of connecting to a server running Microsoft® Exchange Server from a Microsoft
Office Outlook® 2003 client by using RPC over HTTP has three types of interactions:

 RPC over HTTP Interactions on the Client Computer

 RPC over HTTP Interactions on the RPC Proxy Server

 RPC over HTTP Interactions on the Back-End ServerRPC over HTTP Interactions on the
Client Computer

Microsoft® Office Outlook® 2003 tries to use either RPC over HTTP or RPC over TCP,
depending on your Outlook 2003 profile settings.

For more information about Outlook 2003 profile settings for RPC over HTTP, see Configuring
Outlook 2003 for RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=45954).

If Outlook tries to use either RPC over HTTP or RPC over TCP, Outlook calls the RPC layer
on the client computer. Outlook uses a specific protocol sequence to indicate if it must
connect to an Exchange server that uses RPC over HTTP or to an Exchange server that use
RPC over TCP. If the protocol sequence indicates that Outlook must connect to an Exchange
server that uses RPC over HTTP, the RPC layer then creates the HTTP session, controls
authentication, and puts the RPC requests inside the HTTP session. Rpcrt4.dll contains
17

support for the RPC layer of RPC over HTTP. Rpcrt4.dll uses any Microsoft Internet Explorer
proxy settings that apply to outbound HTTP connections.

Both the HTTP session and the RPC requests inside the HTTP session require
authentication. Outlook passes authentication information for the HTTP session and the RPC
request to the RPC layer for each request from the client computer to the Exchange server.

You cannot select the type of authentication for the RPC request inside the HTTP tunnel.
Outlook always uses NTLM authentication for the RPC request. You can select the type of
authentication for the HTTP session.

To select the type of authentication, you must set your Outlook profile to use either Basic
authentication or NTLM authentication.
If you use Basic authentication, Outlook prompts you for user name and password
information. In the user name field, you must enter your user name information in one of the
following formats:

 <domain>\<user name>

 user principle name (UPN)

If you use NTLM authentication, Outlook tries to use your current Microsoft Windows®
operating system logon information. If your current Windows operating system logon
information fails, Outlook prompts you for domain, user name, and password information.

For more information about requirements for RPC over HTTP to use the current Windows
operating system logon information, see RPC over HTTP Authentication and Security.

For more information about how to use your current Windows operating system logon
information instead of entering logon information, see Microsoft Knowledge Base article
820281, "You must provide Windows account credentials when you connect to Exchange
Server 2003 by using the Outlook 2003 RPC over HTTP feature"
(http://go.microsoft.com/fwlink/?Linkid=3052&kbid=820281).

After Outlook connects to the RPC proxy server by using the logon information that is
provided, Outlook caches the logon information for the current Outlook session. You do not
have to re-enter logon information until you exit and restart Outlook.

For detailed steps for how to set the RPC over HTTP settings in your Outlook 2003 profile,
see How to Create an Outlook Profile for Users to Use with RPC over HTTP.

How to Create an Outlook Profile for Users

to Use with RPC over HTTP
This topic explains how to create a Microsoft® Office Outlook® profile for users to use with
RPC over HTTP.
18

For your users to use RPC over HTTP from their client computer, they must create an
Outlook profile that uses the required RPC over HTTP settings. These settings enable Secure
Sockets Layer (SSL) communication with Basic authentication or NTLM authentication. SSL
is required when you use RPC over HTTP.

Before you begin the procedure in this topic, confirm the following:

 You are running one of the following on the client computer:

 Microsoft Windows® XP with Service Pack 1 and 331320 hotfix or later

 Microsoft Windows Server 2003

 You are running Outlook 2003 on the client computer.

 You have completed all other steps for configuring RPC over HTTP on your Exchange
servers.

Procedure
To create an Outlook profile for users to use with RPC over HTTP
1. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

2. In Control Panel, perform one of the following tasks:

 If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

 If you are using Classic View, double-click Mail.

3. In Mail Setup, under Profiles, click Show Profiles.

4. In Mail, click Add.

5. In New Profile, in the Profile Name box, type a name for this profile, and then click
OK.

6. In the E-mail Accounts wizard, click Add a new e-mail account, and then click
Next.

7. On the Server Type page, click Microsoft Exchange Server, and then click Next.

8. On the E-mail Accounts page, do the following:

a. In the Microsoft Exchange Server box, type the fully qualified domain name
(FQDN) of your back-end Exchange server where your mailbox resides.

b. Click to clear the Use Cached Exchange Mode check box.

Important:
19

Temporarily turn off Cached Exchange mode to test your configuration.

We recommend that you enable Cached Exchange mode after you test
your RPC over HTTP configuration.

c. In the User Name box, type the name of the user account that you want to use.

d. Click More Settings.

Note:
At this stage, the client application attempts to resolve the user name on
the Exchange server. If you cannot access your Exchange back-end
server directly by using TCP/IP, this operation will time out and present a
dialog box that prompts you to confirm your user name and mailbox.
Click Cancel on this dialog box.

9. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

Note:
If the Exchange over the Internet area does not appear on the
Connection tab, see the How to Verify Client Computer Configuration.

c. Click Exchange Proxy Settings.

10. In the Exchange Proxy Settings dialog box, in the Connections Settings pane,
perform the following steps:

a. Enter the FQDN of the RPC proxy server in the Use this URL to connect to my
proxy server for Exchange box. The RPC proxy server is the Exchange server
that users can connect to on the Internet. For example, type mail.contoso.com.

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
20

then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

11. In the Exchange Proxy Settings dialog box, in the Proxy authentication settings
pane, in the Use this authentication when connecting to my proxy server for
Exchange list, select either Basic Authentication or NTLM Authentication.

12. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

To modify an existing Outlook profile for users to use with RPC over HTTP
1. Use either Control Panel or Outlook to open the E-Mail Accounts wizard.
21

To open the E-Mail Accounts wizard using Control Panel, do the following:

a. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

b. In Control Panel, perform one of the following tasks:

• If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

• If you are using Classic View, double-click Mail.

c. In Mail Setup, under Profiles, click Show Profiles.

d. In Mail, click the profile that you want to change, and then click Properties.
e. In Mail Setup, click E-mail Accounts.

To open the E-Mail Accounts wizard using Outlook, do the following:

a. In Outlook, on the Tools menu, click E-Mail Accounts.

2. In the E-mail Accounts wizard, click View or change existing e-mail accounts,
and then click Next.

3. On the E-mail Accounts page, select the Microsoft Exchange Server account, and
then click Change.

4. On the Exchange Server Settings page, click More Settings.

5. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

c. Click Exchange Proxy Settings.

6. In the Exchange Proxy Settings dialog box, in the Connections Settings pane, do
the following steps:

a. Enter the fully qualified domain name (FQDN) of the RPC proxy server in the
Use this URL to connect to my proxy server for Exchange box. The RPC
proxy server is the Exchange server that users can connect to on the Internet.
For example, type mail.contoso.com.

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.
22

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

7. In the Exchange Proxy Settings dialog box, in the Proxy authentication settings
pane, in the Use this authentication when connecting to my proxy server for
Exchange list, select either Basic Authentication or NTLM Authentication.
23

8. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

For More Information

For more information about configuring Outlook 2003 profiles for RPC over HTTP, see:

 Video that shows how to configure Outlook 2003 MAPI profile to connect to Exchange
Server 2003 using RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=64060)

Note:
The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Configuring Outlook 2003 for RPC over HTTP

 Customizing Outlook Profiles by Using PRF Files

 Configuring Outlook Profiles by Using a PRF File

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see the following topics in the Exchange Server 2003 RPC over HTTP Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

RPC over HTTP Interactions on the RPC

Proxy Server
Microsoft® Office Outlook® establishes an HTTP session over Secure Sockets Layer (SSL)
between the client and the RPC proxy server for each connection that Outlook makes to the
server running Microsoft Exchange Server. Outlook sends MAPI RPC requests over this
HTTP session to the Exchange server. The RPC over HTTP Proxy networking component on
24

the RPC proxy server extracts the RPC requests from the HTTP session and forwards these
requests to the server that is specified in the RPC request. It is recommended that your RPC
proxy server is an Exchange front-end server.

RpcProxy.dll is the DLL that controls the extraction of RPC requests from the HTTP session.
RpcProxy.dll is an Internet Server API (ISAPI) that runs in Internet Information Services (IIS).
RpcProxy.dll listens for activity on the RPC virtual directory.

IIS authenticates the HTTP request using Basic authentication or NTLM authentication,
depending on the Outlook profile setting. After IIS authenticates the request, it sends the
request to RpcProxy.dll. RpcProxy.dll only accepts authenticated requests. Even if IIS is
configured to allow anonymous users, RpcProxy.dll does not forward an anonymous request
to the Exchange server. Additionally, RpcProxy.dll only accepts HTTP requests over SSL. If
the HTTP session does not use SSL, RpcProxy.dll blocks the request.

Note:
If you offload SSL, you must configure an additional registry key to tell the RPC over
HTTP Proxy networking component to accept non-SSL connections. An example of
SSL offloading is when the firewall in front of the RPC proxy server stops the SSL
session. For information about how to configure the RPC proxy server for SSL
offloading, see How to Configure the RPC Proxy Server to Allow for SSL Offloading
on a Separate Server.

RpcProxy.dll forwards RPC requests to specific services on Exchange servers. Each service
is specified by a port number in the RPC request. The following services are the allowed
services:

 Microsoft Exchange Information Store service (port 6001)

 The referral service of DSProxy within the Exchange system attendant service (port
6002)

 DSProxy service within the Exchange system attendant service (port 6004)

The valid ports are contained in the following registry key on the RPC proxy server:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

In Exchange Server 2003 Service Pack 1 (SP1), the system attendant can maintain the
ValidPorts registry entry automatically. The system attendant updates the ValidPorts registry
entry when you add new RPC over HTTP back-end servers to the organization.

Note:
For information about editing the registry to set the ValidPorts registry value, see
How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP.

You can install the RPC over HTTP Proxy networking component on a back-end server. You
should only install the RPC over HTTP Proxy networking component on a back-end server if
you do not have an Exchange front-end server in your organization. If you install the RPC
25

over HTTP Proxy networking component on a back-end server, you must manually configure
the RPC over HTTP Proxy component settings and IIS settings.

How to Configure the RPC Proxy Server to

Allow for SSL Offloading on a Separate
Server
This topic explains how to configure the RPC proxy server to allow for Secure Sockets Layer
(SSL) offloading on a separate server. SSL offloading occurs when you use a server other
than the RPC proxy server to handle your SSL encryption and decryption. For example, if the
firewall in front of the RPC proxy server handles the SSL encryption and decryption,
terminates the SSL session and then establishes a new non-SSL session to the RPC proxy
server, you are using SSL offloading. If you use SSL offloading, you must set a special
registry setting on the RPC proxy server.

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

Caution:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
26

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:

 Microsoft Knowledge Base article 833003, "Description of the RPC over HTTP feature
and the AllowAnonymous registry entry in Windows Server 2003"
(http://go.microsoft.com/fwlink/?Linkid=3052&kbid=833003)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

RPC over HTTP Interactions on the Back-

End Servers
Microsoft® Office Outlook® requires access to three types of back-end servers:

 Mailbox servers

 Public folder servers

 Global catalog servers

Mailbox Servers
Mailbox servers store user mailboxes, including any mailboxes that a user must access as a
delegate. The Microsoft Exchange Information Store service listens for incoming RPC
requests on port 6001.

Public Folder Servers

Public folder servers store public folder data. Public folder servers include both the home
public folder servers of users and any servers that hold replicas of the data to which Outlook
may be redirected.

Public folder servers store free/busy data. Public folder servers that store free/busy data must
be accessible to Outlook so that users can view other users' free/busy data.

Public folder servers store the Outlook offline address book. Public folder servers that store
offline address book data must be accessible to Outlook so that users can download the
offline address book.

Global Catalog Servers

Outlook does not connect directly to global catalog servers when you use RPC over HTTP, so
you do not have to add global catalog servers to the list of servers that the RPC proxy server
can access. Instead, the users’ mailbox server forwards directory RPC requests to the global
catalog servers. However, because of product version changes in the RPC protocol that are
designed to support RPC over HTTP, these servers must also meet the requirements for RPC
over HTTP.

DSProxy
Directory Service Proxy (DSProxy) is an internal component of the Exchange system
attendant. It provides an address book service to Outlook clients. When RpcProxy.dll
forwards an RPC request to port 6002 or port 6004, DSProxy receives that request.

Note:
For more information about RpcProxy.dll, see RPC over HTTP Interactions on the
RPC Proxy Server.

An RPC request to the referral service port (6002) of DSProxy requests a referral to a global
catalog server.

A client computer cannot connect to a global catalog server directly over the Internet.
Therefore, the referral service of DSProxy replies to the request with the local Exchange
server on which DSProxy is running. The client uses the local Exchange server on which
28

DSProxy is running, instead of the global catalog server. The client computer then uses the
DSProxy proxy service port (6004) on the local Exchange server for requests for directory
information. The local Exchange server forwards the request to the global catalog server.

Note:
In Exchange Server 2003 with no service packs installed, the referral service of
DSProxy cannot distinguish between an RPC over TCP request and an RPC over
HTTP request. If the Exchange back-end server has Exchange Server 2003 installed
with no service packs, you should not publish the referral service port (6002) in the
ValidPorts registry entry on the RPC proxy server. When Outlook tries to contact the
referral service of DSProxy, it fails because you did not publish the referral service
port on the RPC proxy server. Outlook then tries to contact the proxy service of
DSProxy on the Exchange server. The proxy service forwards the request to a global
catalog server.

For more information about Exchange Server 2003 and the Active Directory® directory
service, see "Exchange Server 2003 and Active Directory" in the Exchange Server 2003
Technical Reference Guide (http://go.microsoft.com/fwlink/?LinkId=47891).

RPC over HTTP Process Example

The following figure illustrates the interactions between the Microsoft® Office Outlook® client,
the RPC proxy server, and the back-end servers. This example assumes that the user’s
public folder server is the same server as the user’s mailbox server. This example also
assumes that you are running Microsoft Exchange Server 2003 Service Pack 1 (SP1) on your
Exchange servers.

RPC over HTTP Process example

Step 1
The client computer has determined that it will connect to the Exchange server by using RPC
over HTTP. The client computer initiates two HTTP sessions to the Exchange server for each
RPC request that it must send. The client computer initiates one HTTP session for RPC
requests into the Exchange server and another HTTP session for responses from the
Exchange server.

The client computer sends the initial RPC requests to the referral service of DSProxy on the
Exchange server prompting for a directory referral. The referral service port is 6002.

Step 2
The RPC proxy server extracts the RPC request from the HTTP session and forwards the
RPC request to port 6002 on the Exchange server. The Exchange server responds to the
directory referral request with itself as the target. This approach is unique to RPC over HTTP.
If the client computer was not using RPC over HTTP, the Exchange server would respond
with a global catalog server. However, when the client computer uses RPC over HTTP, the
Exchange server recognizes the request from the client computer as RPC over HTTP. The
client computer cannot access a global catalog server directly when the client computer uses
RPC over HTTP. Therefore, the Exchange server responds to the client computer with itself,
the Exchange server, as the server to use for directory lookups.

Step 3
The client computer initiates two HTTP sessions to the proxy service of DSProxy on the
Exchange server. The proxy service is on port 6004. The client computer initiates one HTTP
session for RPC requests into the server and another HTTP session for RPC requests from
the server.

Step 4
The RPC proxy server extracts the RPC request from the HTTP session and forwards the
RPC request to port 6004 on the Exchange server.

Step 5
The Exchange server forwards the directory request to a global catalog server. The global
catalog server responds to the Exchange server that has the appropriate directory
information.
30

Step 6
The Exchange server sends the directory information that it received from the global catalog
server to the client computer.

Step 7
The client computer initiates two HTTP sessions to the Microsoft Exchange Information Store
service on the Exchange server. The Microsoft Exchange Information Store service is on port
6001. The client computer initiates one HTTP session for RPC requests into the server and
another HTTP session for RPC requests from the server.

Step 8
The RPC proxy server extracts the RPC request from the HTTP session and forwards the
RPC request to port 6001 on the Exchange server.

Steps 7 and 8 are repeated as needed for any additional store connections, such as
accessing public folder data.

RPC over HTTP Protocol Specifics

This topic provides details about the HTTP protocol and the RPC protocol. Both sections
include information about the Microsoft® Exchange Server service ports.

HTTP Protocol
31

HTTP Feature Details

Ports HTTP with SSL: 443

HTTP: 80

The HTTP session should always be

established over Secure Sockets Layer
(SSL) (port 443). If you offload SSL, you
have to configure the AllowAnonymous
registry entry to tell the RPC over HTTP
Proxy networking component to accept non-
SSL connections. For more information
about how to configure the RPC proxy
server for SSL offloading, see How to
Configure the RPC Proxy Server to Allow for
SSL Offloading on a Separate Server.

Verbs RPC_IN_DATA

RPC_OUT_DATA

The HTTP protocol uses these two new

HTTP verbs to establish the HTTP tunnel to
the RPC proxy server.

Content Length 1 GB

1 GB of RPC request data can pass through

the tunnel before Microsoft Office Outlook®
must reset the tunnel.

Minimum Connection Time-out 30 seconds

The connection time-out on the Web site that

hosts the RPC over HTTP proxy networking
component cannot be less than 30 seconds.
If the connection time-out is less than 30
seconds, the RPC over HTTP proxy
networking component will not load.

RPC
Microsoft RPC allows communication and the exchange of data between processes. Outlook
uses RPC to exchange data with the Exchange store and with Active Directory® directory
service.
32

RPC Information Details

Protocol Sequence ncacn_http

A protocol sequence is the language that a

network operating system uses to talk over
the network to other computers. The protocol
sequence is a string that represents a
combination of an RPC protocol, a transport
protocol, and a network protocol. NCACN
refers to the Network Computing
Architecture connection-oriented protocol.
Ncacn_http is a connection-oriented TCP/IP
sequence that uses Internet Information
Services (IIS) as an HTTP proxy. For more
information about Microsoft RPC Protocol
Sequences, see Selecting a Protocol
Sequence (http://go.microsoft.com/fwlink/?
LinkId=45960).

When Outlook does not connect to

Exchange Server by using RPC over HTTP,
it uses ncacn_ip_tcp. Ncacn_ip_tcp is a
connection-oriented TCP/IP sequence.

In Exchange Server 2003 SP1, the referral

service of DSProxy distinguishes an RPC
over HTTP session from an RPC over TCP
session by using the protocol sequence.
33

RPC Information Details

Ports Microsoft Exchange Information Store

service: 6001

referral service of DSProxy: 6002

proxy service of DSProxy: 6004

Active Directory (if the global catalog server

and Exchange Server are on the same
server): 6004

Note:
The system attendant does not load
the DSProxy component on a server
that is both a global catalog server
and an Exchange server.

After the RPC proxy server removes the

RPC requests from the HTTP session, it
forwards the requests over TCP to services
listening on these ports.

UUIDs The Exchange Server and directory services

Universal Unique Identifiers (UUIDs):

Microsoft Exchange Information Store:

a4f1db00-ca47-1067-b31f-00dd010662da

System Attendant directory referral:

1544f5e0-613c-11d1-93df-00c04fd7bd09

System Attendant directory proxy: f5cc5a18-

4264-101a-8c59-08002b2f8426

Active Directory: f5cc5a18-4264-101a-8c59-

08002b2f8426

How to Configure the RPC Proxy Server to

than the RPC proxy server to handle your SSL encryption and decryption. For example, if the
firewall in front of the RPC proxy server handles the SSL encryption and decryption,
terminates the SSL session and then establishes a new non-SSL session to the RPC proxy
server, you are using SSL offloading. If you use SSL offloading, you must set a special
registry setting on the RPC proxy server.

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).
35

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

The Role of Exchange System Manager

and Exchange System Attendant in RPC
over HTTP
In Microsoft® Exchange Server 2003 Service Pack 1 (SP1), Exchange System Manager and
the Exchange system attendant have important roles in RPC over HTTP configuration.

The following topics describe the roles:

 Exchange System Manager on the Back-End Server

 Exchange System Manager on an RPC Proxy Server That is a Front-End Server

 Exchange System Attendant on an RPC Proxy Server That Is a Front-End Server

Exchange System Manager on the Back-

End Server
In Microsoft® Exchange Server 2003, Exchange System Manager can help configure
Exchange back-end servers as RPC over HTTP back-end servers. When you select an
36

Exchange server to be an RPC over HTTP back-end server, Exchange System Manager
performs the following actions:

 It verifies that the Exchange server and operating system support RPC over HTTP by
verifying that you have installed Exchange Server 2003 and Microsoft Windows Server™
2003.

 It verifies that you have configured the Microsoft Exchange Information Store service and
system attendant ports correctly for RPC over HTTP. If you have not configured the
Microsoft Exchange Information Store service and system attendant ports correctly for
RPC over HTTP, Exchange System Manager sets the ports and prompts the
administrator to restart any services that require restarts.

 If the back-end server is also a global catalog server, Exchange System Manager also
sets the RPC directory port on the global catalog server to the correct value (6004).
Exchange System Manager then prompts the administrator to restart the server.

Note:
If your RPC over HTTP back-end server is also a domain controller, it is
recommended that you make this domain controller a global catalog server. If an
RPC over HTTP back-end server is a domain controller but not a global catalog
server, you may experience problems with connectivity to this server.

 If the back-end server is part of a cluster, Exchange System Manager tries to verify the
Microsoft Exchange Information Store service port and the proxy and referral service
ports of DSProxy.

Exchange System Manager sets the Microsoft Exchange Information Store service port
and the proxy and referral service ports of DSProxy on all the physical nodes of the
cluster if they are not set correctly.

If Exchange System Manager cannot access a node of the cluster, Exchange System
Manager instructs the administrator to examine the node manually. For example, if one of
the nodes is down for maintenance, Exchange System Manager instructs the
administrator to examine the node manually.

 If you have not configured any front-end servers as RPC over HTTP front-end servers,
Exchange System Manager warns the administrator that a front-end server must be
configured as an RPC over HTTP front-end server for Exchange System Manager to
publish the back-end server in the ValidPorts registry entry on the RPC proxy server
automatically.

After Exchange System Manager completes verification, Exchange System Manager sets a
value on the Exchange server directory object to identify the server as an RPC over HTTP
back-end server. Exchange System Manager now displays the server as an RPC over HTTP
back-end server in the Exchange System Manager user interface.
37

Exchange System Manager on an RPC

Proxy Server That is a Front-End Server
In Microsoft® Exchange Server 2003, you can use Exchange System Manager to configure a
front-end server as an RPC over HTTP front-end server. You must have already configured
the server as a front-end server for the RPC over HTTP front-end server role to apply. When
you select a front-end server to be an RPC over HTTP front-end server, Exchange System
Manager performs the following actions:

 It verifies that you have installed the RPC proxy component.

 It locks down the RPC virtual directory in Internet Information Services (IIS) with the
correct permissions.

 It changes the error responses for the RPC virtual directory to text-only error codes.
Exchange System Manager changes the error responses to reduce the amount of
network traffic. The error responses for the RPC virtual directory never appear in a
browser. Therefore, by changing them to be text-only, you reduce the number of bytes
that are sent over the network. Additionally, NTLM authentication always generates 401
Access denied messages as part of its challenge/response. Therefore, by reducing the
size of the responses, you can accelerate NTLM authentication.

Exchange System Manager checks to see whether RPC over HTTP was ever configured on
this server. If RPC over HTTP was configured in the past, Exchange System Manager notifies
you that it will back up the previous configuration to a location on the server. After all the
checks have passed, Exchange System Manager sets a bit on the Exchange Server object in
the Active Directory® directory service. The bit identifies the server as an RPC over HTTP
front-end server. After the Exchange System Manager has set this bit, Exchange System
Manager displays the server as an RPC over HTTP front-end server in the Exchange System
Manager user interface.

Exchange System Attendant on an RPC

Proxy Server That Is a Front-End Server
When you configure the front-end server as an RPC over HTTP front-end server, the system
attendant immediately scans the directory to gather information for the ValidPorts registry
entry. Additionally, the system attendant scans the directory periodically to update the
configuration in the ValidPorts registry entry. By default, the system attendant performs this
scan every 15 minutes.

The following registry key controls how frequently the directory is polled:
38

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

DWORD: HTTPFEPollingInterval

Default = 15 minutes, minimum = 1

During its next poll interval, the system attendant automatically finds any new back-end
servers that you configure as RPC over HTTP back-end servers.

The system attendant writes the following information to the ValidPorts registry entry. This
information varies depending on the version of the back-end Exchange server.

Product Version Information in the ValidPorts registry entry

Exchange Server 2003 with no service <NetBIOS name of server>:6001;

packs
<NetBIOS name of server>:6004;

<Fully Qualified Domain Name (FQDN) of

server>:6001;

<FQDN of server>:6004

Exchange Server 2003 Service Pack 1 <NetBIOS name of server>:6001-6002;

(SP1) or subsequent service packs
<NetBIOS name of server>:6004;

<FQDN of server>:6001-6002;

<FQDN of server>:6004

The product version difference in the information that is written to the ValidPorts registry
entry reflects changes in the referral service of the Directory Service Proxy (DSProxy)
component that were introduced in Exchange Server 2003 SP1. If a back-end server has
Exchange 2003 SP1 or subsequent service packs installed, the Exchange front-end server
allows access to the referral port of DSProxy (6002) for faster directory access.

For more information about DSProxy, see RPC over HTTP Interactions on the Back-End
Servers.

RPC over HTTP Authentication and

Security
The authentication and security benefits of using RPC over HTTP are the following:
39

 You do not have to allow any Internet ports other than those you already allow for
Microsoft® Office Outlook® Web Access, Microsoft Exchange ActiveSync®, or Outlook
Mobile Access.

 You must use Secure Sockets Layer (SSL).

 Outlook must send authenticated requests.

 Both the RPC proxy server and the Exchange server authenticate Outlook requests that
use RPC over HTTP.

 You do not expose the end point mapper.

 Client computers can access only specified Exchange services on specified Exchange
servers.

HTTP Authentication
Internet Information Services (IIS) on the RPC proxy server controls the HTTP session
authentication. When you configure the RPC proxy server, you must set the RPC virtual
directory to use Basic authentication, NTLM authentication, or both Basic authentication and
NTLM authentication. Outlook can send either Basic authentication or NTLM authentication
for the HTTP session, depending on how you have configured the Outlook profile. The RPC
proxy server Internet Server API (ISAPI) does not accept anonymously authenticated
connections.

Note:
When you use Exchange System Manager in Exchange Server 2003 Server Pack 1
(SP1) to configure RPC over HTTP, Exchange System Manager automatically
configures the authentication settings on the RPC virtual directory for you.

Note:
NTLM authentication is also known as Integrated Windows authentication.

The authentication mechanism that you configure in your Outlook profile is used only for the
HTTP session to the RPC proxy server. The authentication mechanism between Outlook and
the Exchange server, when Outlook accesses the Exchange server by using RPC over HTTP,
is always NTLM. It is strongly recommended that you use SSL encryption for the HTTP
session to the RPC proxy server, especially if you use Basic authentication for the HTTP
session. If you use SSL encryption, you prevent your user name and password from being
sent in clear text. Outlook does not allow you to use Basic authentication when connecting to
your RPC proxy server without using SSL encryption.

If you have a firewall that examines HTTP traffic and modifies it in any way, you may have to
use Basic authentication, instead of NTLM authentication. NTLM authentication fails if the
RPC proxy server does not trust the authentication information. For example, you may have a
firewall that ends the session from the Internet and establishes a new session to the RPC
40

proxy server, instead of passing the HTTPS (SSL) session to the Exchange server without
modification. This process is known as reverse proxying or Web publishing. Certain firewalls,
such as Microsoft Internet Security and Acceleration (ISA) Server 2004, can successfully
reverse proxy or Web publish the session and still permit NTLM authentication to succeed.

Note:
ISA Server 2000 cannot reverse proxy or Web publish the session and still permit
NTLM authentication to succeed.

Basic authentication is not affected by reverse proxying or Web publishing and works
regardless of firewalls. However, if you use Basic authentication, you must type your domain,
user name, and password every time that you start an Outlook session.

Basic Authentication and NTLM Authentication

The following table illustrates some of the differences between Basic authentication and
NTLM authentication.

Basic authentication NTLM authentication

The client computer sends user name and The client computer sends a logon request
password in clear text. to the server.

You should always use SSL when you use The server replies with a randomly
Basic authentication. generated "token" or challenge to the client
computer.
Outlook does not allow you to select Basic
authentication without also selecting SSL. The client computer hashes the currently
logged-on user's cryptographically protected
The RPC proxy server also requires SSL.
password with the challenge and sends the
resulting "response" to the server.

The server receives the challenge-hashed

response and compares it to what it knows
to be the appropriate response. (The server
takes a copy of the original token, which it
generated, and hashes it against what it
knows to be the user's password hash from
its own user account database.)

If the received response matches the

expected response, the user is successfully
authenticated to the host.
41

Basic authentication NTLM authentication

Basic authentication works with reverse NTLM authentication may not work with
proxy firewalls. some reverse proxy firewalls.

If the firewall examines the traffic and

modifies it, the NTLM authentication can be
invalidated.

Basic authentication requires the user to NTLM can use the current Microsoft
enter domain, user name, and password. Windows® operating system logon
information.

Requirements for RPC over HTTP to Use the

Current Windows Operating System Logon
Information
For RPC over HTTP to use the current Windows operating system logon information, the
following requirements must be met:

 The user logs on to the client computer with correct domain credentials.

 The user selects NTLM authentication in the Outlook profile.

 The firewall allows NTLM authentication. This can occur if the firewall is just passing the
SSL session to the Exchange server without modification (port filtering), or if the firewall is
an advanced firewall, such as ISA Server 2004. ISA Server 2004 can reverse proxy Web
publish the Exchange server and still permit NTLM authentication to succeed.

 The user automatically sends NTLM authentication information with the connection. This
occurs if either of the following conditions is true:

 You configure Outlook to perform mutual authentication over SSL. This is the
recommended method.

 The client computer’s LmCompatibilityLevel is set to 2 or 3.

For more information about setting the LmCompatibilityLevel, see Microsoft Knowledge Base
article 820281, "You must provide Windows account credentials when you connect to
Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature"
(http://go.microsoft.com/fwlink/?linkid=3052&kbid=820281).

RPC Authentication
The RPC requests that the Exchange server authenticates always use NTLM authentication.
42

SSL
The client computer must trust the certificate that is used for SSL. For the client computer to
trust the certificate that is used for SSL, the following conditions must be true:

 The name of the certificate matches the Web site that is being accessed.

 The certificate has not expired.

 The client computer trusts the certification authority that issued the certificate.

If you have already successfully configured Outlook Web Access, Exchange ActiveSync, or
other Web services to use your front-end Exchange server, the certificate meets these
requirements.

You can locate the RPC virtual directory by using Microsoft Internet Explorer to verify that the
certificate is correct. If the certificate is invalid, Internet Explorer issues a warning.

SSL Offloading
SSL offloading occurs when the firewall in front of the RPC proxy server quits the SSL
session and establishes a new non-SSL session to the front-end server. Specifically, it does
not establish a new SSL session.

If you use SSL offloading, you must set a registry key to tell the RPC proxy server that it can
accept a non-SSL session. For detailed information about how to set this registry key, see
How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server.

How to Configure the RPC Proxy Server to

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:
44

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

RPC over HTTP Scalability

RPC over HTTP places a light load on the RPC proxy server and should not adversely affect
its performance.

To validate the load that is generated, you can use Exchange Load Simulator (LoadSim) 2003
to simulate clients that connect over RPC over HTTP. For more information about how to use
LoadSim 2003, see Microsoft Exchange Server 2003 Load Simulator (LoadSim).

RPC over HTTP works best in combination with Microsoft® Office Outlook® 2003 in cached
mode. You should always use cached mode with RPC over HTTP to perform the following
tasks:

 Reduce the number of connections that Outlook has to make to the Exchange server.

 Insulate the client from Internet latency.

HTTP Sessions Established by Outlook by

Using RPC over HTTP
For each RPC connection, Outlook initiates two HTTP sessions: one session for outgoing
data and one session for incoming data. If Outlook shows five connections to the Exchange
server for the Exchange mailbox, public folders, and the directory service, there are actually
ten HTTP sessions. It is possible to fill the queue of concurrent kernel requests in the Internet
Information Services (IIS) application pool. If the queue of concurrent kernel requests is filled,
performance on Outlook clients may be negatively affected.
45

The following example shows how filling the queue of concurrent kernel requests in the IIS
application pool affects performance. The default value of the kernel request queue limit is
dependent upon the version of Windows Server 2003 used to enable IIS. If Microsoft
Windows Server™2003 was used to install IIS, then the default kernel request queue limit is
4000. If Windows Server 2003 Service Pack 1 (SP1) or later was used to install IIS, then the
default kernel request queue limit is 1000. In this example, each Outlook user has an average
of five RPC connections. These connections can be to the Exchange mailbox, public folders,
or to the directory service. If there are five Outlook RPC connections, Outlook has ten HTTP
sessions per user. Therefore, 400 concurrent users, each with ten HTTP sessions, fill the
queue. The addition of more users affects performance because IIS forcibly closes Outlook
sessions. Outlook has to reopen the sessions that IIS closes.

For more information about how to view connections that Outlook currently has established,
see How to View Established Connections in Outlook.

When you increase the value of the kernel request queue limit, you increase memory
consumption slightly on the RPC proxy server. Windows Server 2003 Service Pack 1 (SP1)
has improvements that reduce the memory overhead for increased kernel requests. If you
want to increase the size of the kernel request queue limit, you must increase the limit on the
RPC proxy server to approximately ten times the number of concurrent Outlook users that
you expect to support on the server that has RPC over HTTP.

For more information about how to increase the size of the kernel request queue limit, see
How to Increase the Size of the Kernel Request Queue Limit.

RPC over HTTP Scalability Limitations

The 32-bit version of Windows Server 2003 with SP1 is limited in the number of HTTPS
connections it can reliably support based on kernel memory consumption; specifically Non
Paged Pool memory. This limit is about 17,000-20,000 connections on a server configured
without the /3GB boot.ini switch.

Note:
It is a best practice to run without /3GB on Exchange Server 2003 Front End servers.

Based on the Outlook and HTTPS connection information provided above (5 Outlook
connections using 10 HTTPS connections), a dedicated Exchange 2003 Front End
RPC/HTTPS server could reliably service around 1700-2000 active Outlook 2003 clients
connecting via RPC/HTTPS. For more details on Exchange 2003 and kernel memory, see
Troubleshooting Exchange Server 2003 Performance.
46

Network Load Balancing

You can use Network Load Balancing (NLB) for redundancy and scalability. NLB distributes
client requests across a set of servers. Exchange Server 2003 supports the use of RPC over
HTTP with front-end servers that are NLB clusters.

The following table lists the types of client affinity that NLB supports.

Client Affinity Type Description

None Multiple connections from the same client IP

address go to more than one NLB cluster
host.

Single IP All connections from the same client IP

address go to the same NLB cluster host.

Class C All connections from the same TCP/IP Class

C address range go to the same NLB cluster
host.

If you use NLB on your front-end servers, you should use either Single IP affinity or Class C
affinity to reduce the overhead of negotiating SSL sessions.

Note:
Single IP of Class C affinity is required for Outlook Web Access when you use forms-
based authentication.

For more information about NLB, see Network Load Balancing Technical Reference.

How to View Established Connections in

Outlook
This procedure explains how to view the connections that Microsoft® Office Outlook® 2003
currently has established.

Before You Begin

To perform the procedure in this topic, confirm that you have started Outlook 2003.
47

Procedure
To view established connections in Outlook
1. Press the CTRL key and right-click the Outlook icon in the notification area.

2. Select Connection Status.

3. In the Exchange Server Connection Status window, you can view information about the
current connections Outlook has established to the Exchange server. The following figure
shows the Exchange Server Connection Status window.

Exchange Server Connection Status

Note:
Each connection in the Exchange Server Connection Status window represents
two physical HTTP or HTTPS connections to the RPC proxy server and two
physical RPC connections from the RPC proxy server to the destination server.

For More Information

For more information, see RPC over HTTP Scalability.
48

How to Increase the Size of the Kernel

Request Queue Limit
This procedure explains how to increase the size of the kernel request queue limit.

Before You Begin

Before you perform the procedure in this topic, confirm that the account you use to perform
the procedure is a member of the Domain Admin or Enterprise Admin group.

Procedure
To increase the size of the kernel request queue limit
1. Open Internet Information Services (IIS) Manager.

2. Expand the local computer, and expand the Application Pools folder.

3. Right-click the DefaultAppPool object, and select Properties.

4. Select the Performance tab.

5. Increase the request queue limit to the number you want.

For More Information

For more information, see:

 RPC over HTTP Scalability

System Requirements for RPC over HTTP

on Exchange Server 2003
To use RPC over HTTP, you must run Microsoft® Windows Server™ 2003 on the following
computers:

 All Exchange Server 2003 servers that Microsoft Office Outlook® 2003 clients will access
using RPC over HTTP, such as mailbox servers and public folder servers.

 All Exchange Server 2003 front-end servers that act as RPC proxy servers.

 All global catalog servers that Outlook 2003 clients and Exchange Server 2003 servers
(that are configured to use RPC over HTTP) use.
49

These servers must be able to use the updated RPC protocol that makes RPC over HTTP
possible. Windows Server 2003 and later versions have a version of the DLL rpcrt4.dll that
can understand the updated RPC protocol. Even though the client computer does not access
the global catalog server directly, the RPC request from the client computer does not change
as it passes from the client computer to the Exchange servers and then to the global catalog
server. The global catalog server must be able to use the updated RPC protocol that the
client computer uses.

You must install Exchange Server 2003 on all Exchange servers that the RPC proxy server
uses.

All client computers that run Outlook 2003 must have either Windows Server 2003, or
Microsoft Windows® XP Service Pack 1 (SP1) installed with the following update: "Windows
XP Patch: RPC Updates Needed for Exchange Server 2003."

Note:
This update is included in the SP2 version of Windows XP, so you do not have to
install the update if you are running on Windows XP SP2.

Also, it is recommended that you do the following when you use RPC over HTTP
communication:

 Use Secure Sockets Layer (SSL) encryption. SSL is required by the RPC proxy server for
all client-to-server communication and the server's SSL certificate must be valid and
trusted by the client. Outlook will not connect if the certificate is invalid or not trusted.

 Choose the correct client authentication method. Basic authentication over SSL is
firewall-independent and can be used regardless of firewall configuration. NTLM
authentication can sometimes be used, depending on how the firewall handles SSL
traffic. NTLM is more secure and NTLM can use the current Microsoft Windows operating
system logon information.

Note:
If the firewall does not add a via: pragma to the HTTP header information, NTLM
can be used. If the firewall does add a via: pragma (as many reverse proxies
do), IIS will not allow NTLM authentication.

Use an advanced firewall server in front of the Exchange front-end server in the perimeter
network. It is recommended that you use a dedicated firewall server such as Microsoft
Internet Security and Acceleration (ISA) Server 2004 to help secure your messaging
environment. For information about how to use ISA Server 2004 with Exchange, see the
Exchange online book, Using ISA Server 2004 with Exchange Server 2003
(http://go.microsoft.com/fwlink/?LinkId=42243).
50

Recommendations for Deploying RPC over

HTTP Communications
In this topic, we discuss best practices to follow when deploying RPC over HTTP
communications in Exchange Server 2003 Service Pack 1 (SP1).

Best Practices to Follow When Deploying RPC

over HTTP
We recommend the following when you use Exchange with RPC over HTTP:

 Use basic authentication over Secure Sockets Layer (SSL).

We recommend that you enable and require the use of SSL on the RPC proxy server for
all client-to-server communications. The HTTP session should always be established
over Secure Sockets Layer (SSL) (port 443). For information about RPC over HTTP
authentication using SSL, see RPC over HTTP Authentication and Security.

Note:
Although RPC over HTTP does not require SSL, you must modify the registry to
enable RPC over HTTP if you do not want to use SSL. We recommend that you
enable and require SSL for your RPC over HTTP communications. For more
information, see Microsoft Knowledge Base article 833003, "Description of the
RPC over HTTP feature and the AllowAnonymous registry entry in Windows
Server 2003," and How to Configure the RPC Proxy Server to Allow for SSL
Offloading on a Separate Server.

 Use an advanced firewall server on the perimeter network.

We recommend that you use a dedicated firewall server to help enhance the security of
your Exchange computer. Microsoft Internet Security and Acceleration (ISA) Server 2000
is an example of a dedicated firewall server product. For additional information, see
Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment.

 Obtain a certificate from a third-party certification authority (CA).

To enable and require SSL for all communications between the RPC proxy server and the
Outlook clients, you must obtain and publish a certificate at the default Web site level. We
recommend that you purchase your certificate from a third-party certification authority
whose certificates are trusted by a wide variety of Web browsers.

Important:
As an alternative, you can use the Certification Authority tool in Windows to
install your own certification authority. By default, Web browsers do not trust your
root certification authority in this scenario. When a user tries to connect in
51

Outlook 2003 by using RPC over HTTP, that user loses the connection to
Exchange. The user is not notified. The user loses the connection when one of
the following conditions is true:

 The client does not trust the certificate.

 The certificate does not match the name that the client tries to connect to.

 The certificate date is incorrect.

Therefore, you must make sure that the client computers trust the certification
authority. For more information about how to trust a root certification authority, see
the Microsoft Knowledge Base article 297681, Error message: This security
certificate was issued by a company that you have not chosen to trust.
For additional information, see Policies to establish trust of root certification
authorities.

Additionally, if you use your own certification authority, when you issue a certificate to
your RPC proxy server, you must make sure that the Common Name field or the
Issued to field on that certificate contains the same name as the URL of the RPC
proxy server that is available on the Internet. For example, the Common Name field
or the Issued to field must contain a name that is similar to mail.contoso.com. The
Common Name field or the Issued to field cannot contain the internal fully qualified
domain name of the computer. For example, those fields cannot contain a name that
is similar to mycomputer.contoso.com.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 System Requirements for RPC over HTTP on Exchange Server 2003

 Deployment Scenarios for RPC over HTTP

 Troubleshooting RPC over HTTP Communications

For information about configuration options for the Exchange over the Internet feature, see
Microsoft Knowledge Base article 831050, Description of the configuration options for the
Exchange over the Internet feature in Outlook 2003.
52

Positioning Your RPC Proxy Server and

Firewalls in a Corporate Environment
When you deploy RPC over HTTP in your corporate environment, you have several
deployment strategies available for positioning your RPC proxy server and firewalls. The
recommended deployment strategy for your messaging environment is to deploy an
advanced firewall server, such as Microsoft® Internet Security and Acceleration (ISA)
Server 2000 with Service Pack 1 and Feature Pack 1 or later, in the perimeter network. Then
position your RPC proxy server in the corporate network and use the Exchange front-end and
back-end server architecture.

Note:
When you use ISA Server as your advanced firewall server, you have several
deployment options. These options are explained in the following sections. For
information about how to install ISA Server as an advanced firewall server, see Using
ISA Server 2004 with Exchange Server 2003 (http://go.microsoft.com/fwlink/?
LinkId=42243).

Scenario 1: Front-End and Back-End Server

Architecture with ISA Server in the Perimeter
Network
By using ISA Server in the perimeter network to route RPC over HTTP requests and
positioning the Exchange front-end server in the corporate network, you need to open only
port 443 on the internal firewall for Microsoft Office Outlook® 2003 clients to communicate
with Exchange. The following figure shows this deployment scenario.
53

Deploying RPC over HTTP using ISA Server as a reverse proxy server in the perimeter
network

When located in the perimeter network, ISA Server routes RPC over HTTP requests to the
Exchange front-end server that is acting as an RPC proxy server. The RPC proxy server then
communicates over specific ports to other servers that use RPC over HTTP.

Note:
If your firewalls are configured to allow access only to specific virtual directories, you
must specifically allow access to the /rpc virtual directory that is created when you
install the Microsoft Windows® RPC networking component.

Scenario 2: Positioning the RPC Proxy Server in

the Perimeter Network
Although not recommended, you can position the Exchange Server 2003 front-end server
acting as the RPC proxy server inside the perimeter network. For details about placing an
Exchange front-end server in a perimeter network, see the topic "Scenarios for Deploying
Front-End and Back-End Topology" in Exchange Server 2003 and Exchange 2000 Server
Front-End and Back-End Topology (http://go.microsoft.com/fwlink/?LinkId=34216).

In this scenario, you configure your Exchange servers as in Scenario 1. However, you will
need to make sure to open the ports required by RPC over HTTP on your internal firewall, in
addition to those already required for an Exchange front-end server. The following ports are
required for RPC over HTTP:

 TCP 6001 (Microsoft Exchange Information Store service)

 TCP 6002 (referral service of Directory Service proxy component)

 TCP 6004 (proxy service of Directory Service proxy component)

Note:
When you run Exchange Server 2003 Setup, Exchange is automatically configured to
use port 6001, which is required for the store, and 6004, which is required for
Directory Service proxy component (DSProxy).

For a complete list of the other ports required on the Exchange front-end and back-end
servers, see "Considerations when Deploying a Front-End and Back-End Topology" in
Exchange Server 2003 and Exchange 2000 Server Front-End and Back-End Topology
(http://go.microsoft.com/fwlink/?LinkId=34216). The following figure shows this deployment
scenario.

Deploying RPC over HTTP on the Exchange front-end server in the perimeter network

Scenario 3: Using Exchange Single-Server

Installations
If you plan to use a single server as your Exchange mailbox server and RPC proxy server, or
if you plan to use a single server as your Exchange mailbox server, RPC proxy server, and
global catalog server, and you do not have a separate Exchange front-end server, see one of
the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

The following figure shows this deployment scenario.

Single Exchange server deployment

In this scenario, you will also need to configure your server to use specified ports for RPC
over HTTP. The following ports are required for RPC over HTTP:

 TCP 6001 (Microsoft Exchange Information Store service)

 TCP 6002 (referral service of DSProxy)

 TCP 6004 (proxy service of DSProxy)

Note:
When you run Exchange Server 2003 Setup, Exchange is automatically configured to
use port 6001, which is required for the Microsoft Exchange Information Store
service, and port 6004, which is required for the proxy service of DSProxy.

Scenario 4: Secure Sockets Layer Offloading

You can use a different server than your Exchange front-end server to handle the Secure
Sockets Layer (SSL) decryption for your client connections. In this scenario, you will need to
set a special registry setting to allow SSL decryption to occur on a different computer than
your front-end server. For more information, see How to Configure the RPC Proxy Server to
Allow for SSL Offloading on a Separate Server. The following figure shows this deployment
scenario.
56

Deploying RPC over HTTP using ISA Server as a reverse proxy server in the perimeter
network with SLL offloading

Deployment Scenarios for RPC over HTTP

Depending on your Microsoft® Exchange Server 2003 topology, there are several methods
for deploying RPC over HTTP. This topic provides information about the supported scenarios
and includes links to the appropriate procedures.

Running Exchange Server 2003 Service Pack 1

The following deployment scenarios for RPC over HTTP are supported on Exchange Server
2003 Service Pack 1:

 Front-end/back-end scenario

In this scenario, you have the following roles:

 One or more front-end servers running Exchange Server 2003 SP1

 One or more back-end servers running either Exchange Server 2003 SP1 or
Exchange Server 2003 without service packs

 One or more global catalog servers

These three roles can all be deployed on separate servers, or you can have a server that
is both an Exchange back-end server and a global catalog server. Your Exchange back-
end servers can be clustered.
57

Note:
If your back-end server is also a domain controller, it is recommended that you
make this domain controller a global catalog server. If an RPC over HTTP back-
end server is a domain controller but is not a global catalog server, you can
experience problems with connectivity to this server.

For detailed steps about how to deploy RPC over HTTP in this scenario, see How to
Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario).

 No front-end server

In this scenario, you have the following roles:

 One or more back-end servers running Exchange Server 2003 SP1

 One or more global catalog servers

These two roles can be on separate servers, or you can have a single server that is both
an Exchange back-end server and a global catalog server.

If your back-end servers are clustered, you cannot designate them as RPC proxy
servers. You must designate a separate server as the RPC proxy server.

For detailed steps about how to deploy RPC over HTTP in this scenario, see How to
Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No Front-End
Server.

Running Exchange Server 2003 on Windows

Small Business Server 2003
In this scenario you are running a Windows Small Business Server 2003 that includes
Exchange Server 2003. For detailed steps on deploying RPC over HTTP in this scenario, see
How to Deploy RPC over HTTP for the First Time in Small Business Server 2003 (Standard
or Premium).
58

Running Exchange Server 2003 Without Service

Packs
The following deployment scenarios for RPC over HTTP are supported on Exchange Server
2003 without server packs:

 Front-end/back-end scenario

In this scenario, you have the following roles:

 One or more front-end servers running Exchange Server 2003 without service packs

 One or more back-end servers running Exchange Server 2003 without service packs

 One or more global catalog servers

These three roles are all deployed on separate servers. Your Exchange back-end servers
can be clustered.

For detailed steps for how to deploy RPC over HTTP in this scenario, see How to Deploy
RPC over HTTP for the First Time on Exchange Server 2003, Front-End/Back-End
Scenario.

 Front-end/back-end scenario where at least one global catalog server is also a

back-end Exchange server

In this scenario, you have the following roles:

 One or more front-end servers running Exchange Server 2003 without service packs

 At least one server that is both an Exchange back-end server and a global catalog
server. You can have additional back-end servers and global catalog servers on
separate servers.

Your Exchange back-end servers can be clustered.

For detailed steps for how to deploy RPC over HTTP in this scenario, see How to Deploy
RPC over HTTP for the First Time on Exchange Server 2003, Front-End/Back-End
Scenario, Back End on Global Catalog Server.

 No front-end server

In this scenario, you have the following roles:

 One or more back-end servers running Exchange Server 2003 without service packs

 One or more global catalog servers

These two roles are on separate servers.

If your back-end servers are clustered, you cannot designate them as RPC proxy
servers. You must designate a separate server as the RPC proxy server.

For detailed steps about how to deploy RPC over HTTP in this scenario, see How to
Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-End
Server.

 No front-end server where at least one global catalog server is also a back-end
Exchange server

In this scenario, you have the following roles:

 One or more back-end servers running Exchange Server 2003 without service packs.
 At least one of these servers is also a global catalog server. You can have additional
back-end servers and global catalog servers on separate servers.

If your back-end servers are clustered, you cannot designate them as RPC proxy
servers. You must designate a separate server as the RPC proxy server.

For detailed steps for how to deploy RPC over HTTP in this scenario, see How to Deploy
RPC over HTTP for the First Time on Exchange Server 2003, No Front-End Server,
Back-End on Global Catalog Server.

Upgrading RPC over HTTP Deployment from

Exchange Server 2003 to Exchange Server 2003
SP1
In this scenario, you have already deployed RPC over HTTP in your Exchange Server 2003
organization and you are now upgrading to Exchange Server 2003 SP1. To use RPC over
HTTP in the upgraded organization, you must configure your servers.

For detailed steps for how to upgrade your RPC over HTTP deployment in this scenario, see
How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to Exchange Server
2003 SP1.

For More Information

For more information, see the following topics:
60

 System Requirements for RPC over HTTP on Exchange Server 2003

 Recommendations for Deploying RPC over HTTP Communications

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

 Adding a Back-End Server to an RPC over HTTP Deployment

 Troubleshooting RPC over HTTP Communications

How to Deploy RPC over HTTP for the First

Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)
This topic explains how to deploy RPC over HTTP in a Microsoft® Exchange Server 2003
Service Pack 1 (SP1) front-end and back-end organization.

Before You Begin

Before you perform the procedures in this topic, confirm the following:

 You have read System Requirements for RPC over HTTP on Exchange Server 2003.

 You have one or more front-end servers.

 You have one or more back-end servers.

 You have one or more global catalog servers.

 You have one of the following scenarios:

 All three roles (front-end, back-end, and global catalog) are applied on separate
servers.

 The front-end role is applied on a separate server. The back-end and global catalog
roles are applied on the same server.

Note:
If your back-end server is also a domain controller, it is recommended that
you make this domain controller a global catalog server. If an RPC over
HTTP back-end server is a domain controller but is not a global catalog
server, you can experience problems with connectivity to this server.

 You are running Exchange Server 2003 SP1 on your front-end servers.

 You are running Exchange Server 2003 on your back-end servers. You can have SP1
installed on your back-end servers, but it is not necessary.
61

Procedure
To deploy RPC over HTTP for the first time on Exchange Server 2003 SP1, front-
end/back-end scenario
1. Configure all of your Exchange Server 2003 SP1 front-end servers as RPC proxy
servers. For detailed steps, see How to Configure a Server as an RPC Proxy Server.

2. Configure your Exchange Server 2003 back-end servers to act as targets for the
RPC proxy servers. For detailed steps, see How to Configure the Back-End Server to
Act as a Target for the RPC Proxy Server.

Note:
Performing this task sets a Microsoft Active Directory® directory service
property that will indicate to a front-end server that these back-end servers
should be published for RPC over HTTP access. If your topology has
multiple global catalog servers, you might want to wait for Active Directory
replication to propagate these properties before proceeding to the next step.

3. Configure the settings on the RPC proxy servers. For detailed steps, see How to
Configure the RPC Proxy Server Settings on a Front-End Server in Exchange
System Manager.

4. (Optional) Configure the RPC proxy servers to allow for Secure Sockets Layer (SSL)
offloading on a separate server. For detailed steps, see How to Configure the RPC
Proxy Server to Allow for SSL Offloading on a Separate Server.

5. Create a Microsoft Office Outlook® profile for your users to use with RPC over HTTP.
For detailed steps, see How to Create an Outlook Profile for Users to Use with RPC
over HTTP.

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 SP1, but
you do not have a front-end server, see How to Deploy RPC over HTTP for the First Time
on Exchange Server 2003 SP1, No Front-End Server

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and
have not installed Service Pack 1 on your Exchange servers, see one of the following
topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server
62

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

 If you have already deployed RPC over HTTP in an Exchange Server 2003 topology and
are upgrading that topology from Exchange Server 2003 to Exchange Server 2003 SP1,
see How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to
Exchange Server 2003 SP1

 If you want to add another Exchange Server 2003 back-end server to your topology after
you have deployed RPC over HTTP, see Adding a Back-End Server to an RPC over
HTTP Deployment
 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.

How to Configure a Server as an RPC

Proxy Server
This topic explains how to configure a server as an RPC proxy server. Specifically, the
procedure in this topic describes how to install the Microsoft® Windows Server™ 2003 RPC
over HTTP proxy networking component on your server Microsoft Exchange Server 2003.

Typically, you will configure an Exchange front-end server as an RPC proxy server. However,
if you do not have a front-end server in your organization, you can configure a back-end
server as an RPC proxy server.

Before You Begin

To perform the procedure in this topic, confirm that the Exchange server you are configuring
as an RPC proxy server is running Windows Server 2003 or a later version.

Procedure
To configure a server as an RPC proxy server
1. On the Exchange server that will be the RPC proxy server, click Start, click Control
Panel, and then click Add or Remove Programs.

In Add or Remove Programs, in the left pane, click Add/Remove Windows

Components.
63

2. In the Windows Components Wizard, on the Windows Components page, select

Networking Services, and then click Details.

3. In Networking Services, select the RPC over HTTP Proxy check box, and then
click OK.

4. On the Windows Components page, click Next to install the RPC over HTTP
Proxy Windows component.

For More Information

 If you are positioning your RPC proxy server inside your perimeter network, you must
open the specified ports on the internal firewall for RPC over HTTP in addition to the
standard ports for Exchange front-end communication. For more information about
opening ports on the firewall for RPC over HTTP, see the following topic:

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

 For more information, see the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

How to Configure the Back-End Server to

Act as a Target for the RPC Proxy Server
This topic explains how to configure a back-end server to act as a target for the RPC proxy
server.

Before You Begin

To successfully complete the procedure in this topic, confirm the following:

 You are running Exchange 2003 SP1 on at least one server in the organization.
64

 You configured the back-end server, using Exchange System Manager, on a server that
is running Exchange 2003 SP1.

Note:
The back-end server that you configure does not have to have SP1 installed.

Procedure
To configure the back-end server to act as a target for the RPC proxy server
1. Click Start, point to All Programs, point to Microsoft Exchange, and then click System
Manager.

2. In Exchange System Manager, expand Administrative Groups, and then expand the
administrative group that contains your Exchange back-end server.

3. Expand the Servers object, right-click the Exchange back-end server that you want to
configure, and then select Properties.

4. On the Exchange Server Properties page, click the RPC-HTTP tab, and then select the
option next to RPC-HTTP back-end server.

5. If you do not have a front-end server in your topology, you could receive a warning
message as shown in the following figure. Click OK and proceed to the next step to
configure the Exchange back-end servers.

Warning message—no front-end server configured

6. Click OK on the Exchange Server Properties page.

7. If your back-end server is also a global catalog server, you could receive an additional
warning as shown in the following figure. Restart the back-end and global catalog server
if this warning message appears.

Warning message—incorrect ports configured

8. Perform this procedure on all Exchange Server 2003 SP1 back-end servers that RPC
proxy servers need to be able to access.

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to Exchange
Server 2003 SP1

How to Configure the RPC Proxy Server

Settings on a Front-End Server in
Exchange System Manager
This topic explains how to configure the RPC proxy server settings on a front-end server in
Exchange System Manager.

Before You Begin

To successfully complete the procedure in this topic, confirm that you are running Microsoft®
Exchange Server 2003 SP1 on the RPC proxy server.

Procedure
To configure the RPC proxy server settings in Exchange System Manager
1. In Exchange System Manager, expand Administrative Groups, and then expand
the administrative group that contains your RPC proxy server.

2. Expand the Servers object, right-click the Exchange server that you have configured
66

as the RPC proxy server, and then select Properties.

3. On the Exchange Server Properties page, click the RPC-HTTP tab, and then select
the option next to RPC-HTTP front-end server.

The RPC-HTTP tab in Exchange System Manager

4. Click OK.

5. A warning message will appear stating that Secure Sockets Layer (SSL) is required
for RPC over HTTP to work. Click OK. You must configure SSL on your Exchange
front-end server for RPC over HTTP to work. Alternatively, you can select to offload
SSL on another server. For information about how to do this, see How to Configure
the RPC Proxy Server to Allow for SSL Offloading on a Separate Server.
67

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to Exchange
Server 2003 SP1

How to Configure the RPC Proxy Server to

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server
69

How to Create an Outlook Profile for Users

to Use with RPC over HTTP
This topic explains how to create a Microsoft® Office Outlook® profile for users to use with
RPC over HTTP.

Before you begin the procedure in this topic, confirm the following:
 You are running one of the following on the client computer:

 Microsoft Windows® XP with Service Pack 1 and 331320 hotfix or later

 Microsoft Windows Server 2003

 You are running Outlook 2003 on the client computer.

 You have completed all other steps for configuring RPC over HTTP on your Exchange
servers.

Procedure
To create an Outlook profile for users to use with RPC over HTTP
1. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

2. In Control Panel, perform one of the following tasks:

 If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

 If you are using Classic View, double-click Mail.

3. In Mail Setup, under Profiles, click Show Profiles.

4. In Mail, click Add.

5. In New Profile, in the Profile Name box, type a name for this profile, and then click
OK.

6. In the E-mail Accounts wizard, click Add a new e-mail account, and then click
Next.

7. On the Server Type page, click Microsoft Exchange Server, and then click Next.
70

8. On the E-mail Accounts page, do the following:

a. In the Microsoft Exchange Server box, type the fully qualified domain name
(FQDN) of your back-end Exchange server where your mailbox resides.

b. Click to clear the Use Cached Exchange Mode check box.

Important:
Temporarily turn off Cached Exchange mode to test your configuration.
We recommend that you enable Cached Exchange mode after you test
your RPC over HTTP configuration.

c. In the User Name box, type the name of the user account that you want to use.
d. Click More Settings.

9. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

Note:
If the Exchange over the Internet area does not appear on the
Connection tab, see the How to Verify Client Computer Configuration.

c. Click Exchange Proxy Settings.

10. In the Exchange Proxy Settings dialog box, in the Connections Settings pane,
perform the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.
71

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

12. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

To modify an existing Outlook profile for users to use with RPC over HTTP
1. Use either Control Panel or Outlook to open the E-Mail Accounts wizard.

To open the E-Mail Accounts wizard using Control Panel, do the following:

a. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

b. In Control Panel, perform one of the following tasks:

• If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

• If you are using Classic View, double-click Mail.

c. In Mail Setup, under Profiles, click Show Profiles.

d. In Mail, click the profile that you want to change, and then click Properties.

e. In Mail Setup, click E-mail Accounts.

To open the E-Mail Accounts wizard using Outlook, do the following:

a. In Outlook, on the Tools menu, click E-Mail Accounts.

2. In the E-mail Accounts wizard, click View or change existing e-mail accounts,
and then click Next.

3. On the E-mail Accounts page, select the Microsoft Exchange Server account, and
then click Change.
4. On the Exchange Server Settings page, click More Settings.

5. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

c. Click Exchange Proxy Settings.

6. In the Exchange Proxy Settings dialog box, in the Connections Settings pane, do
the following steps:

a. Enter the fully qualified domain name (FQDN) of the RPC proxy server in the
73

Use this URL to connect to my proxy server for Exchange box. The RPC
proxy server is the Exchange server that users can connect to on the Internet.
For example, type mail.contoso.com.

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

8. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

For More Information

For more information about configuring Outlook 2003 profiles for RPC over HTTP, see:

 Video that shows how to configure Outlook 2003 MAPI profile to connect to Exchange
Server 2003 using RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=64060)

Note:
The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Configuring Outlook 2003 for RPC over HTTP

 Customizing Outlook Profiles by Using PRF Files

 Configuring Outlook Profiles by Using a PRF File

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see the following topics in the Exchange Server 2003 RPC over HTTP Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario
 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Deploy RPC over HTTP for the First

Time on Exchange Server 2003 SP1, No
Front-End Server
This topic explains how to deploy RPC over HTTP in an organization that is running
Microsoft® Exchange Server 2003 Service Pack 1 (SP1).

Before You Begin

Before you perform the procedures in this topic, confirm the following:

 You have read System Requirements for RPC over HTTP on Exchange Server 2003.

 You have one or more back-end Exchange servers.

 You have one or more global catalog servers.

 You have one of the following scenarios:

 The back-end role and the global catalog role are applied on separate servers.

 The back-end role and the global catalog role are applied on the same server.
76

Note:
If your back-end server is also a domain controller, it is recommended that
you make this domain controller a global catalog server. If an RPC over
HTTP back-end server is a domain controller but is not a global catalog
server, you can experience problems with connectivity to this server.

 You do not have a front-end server.

 You are running Exchange Server 2003 SP1 on all of your Exchange servers.

Note:
The Exchange server role and the global catalog server role can be applied on
separate servers, or you can have a single server that is both an Exchange back-end
server and a global catalog server.

Procedure
To deploy RPC over HTTP for the first time on Exchange Server 2003 SP1 with no
front-end server
1. Configure your Exchange Server 2003 SP1 back-end servers as RPC proxy servers.
For detailed steps, see How to Configure a Server as an RPC Proxy Server.

Note:
If your back-end servers are clustered, it is not recommended that you make
them RPC proxy servers.

2. Configure your back-end servers that are running on Exchange Server 2003 SP1 as
RPC over HTTP back-end servers to validate that the settings are correct. For
detailed steps, see How to Configure a Back-End Server That is in a Back-End Only
Topology to Use RPC over HTTP.

3. Configure the RPC over HTTP virtual directory. For detailed steps, see How to
Configure the RPC Virtual Directory in IIS.

4. Configure your back-end servers, which are now RPC proxy servers, to use specified
ports for RPC over HTTP. For detailed steps, see how to How to Configure the RPC
Proxy Server to Use Specified Ports for RPC over HTTP.

5. (optional) Configure the RPC proxy server to allow for SSL offloading on a separate
server. For detailed steps, see How to Configure the RPC Proxy Server to Allow for
SSL Offloading on a Separate Server.

6. Create a Microsoft Office Outlook® profile for users to use with RPC over HTTP. For
detailed steps, see How to Create an Outlook Profile for Users to Use with RPC over
HTTP.
77

Note:
If you have a back-end server that is also a global catalog server, you will be
prompted to restart this computer for the changes to take effect.

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 SP1, and
you do have a front-end server in your organization, see How to Deploy RPC over HTTP
for the First Time on Exchange Server 2003 SP1 (Front-End/Back-End Scenario)

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 and have
not installed Service Pack 1 on your Exchange servers, see one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

 If you have already deployed RPC over HTTP in an Exchange Server 2003 organization
and are upgrading that organization from Exchange Server 2003 to Exchange 2003 SP1,
see How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to
Exchange Server 2003 SP1

 If you want to add another Exchange Server 2003 back-end server to your organization
after you have deployed RPC over HTTP, see Adding a Back-End Server to an RPC over
HTTP Deployment

 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.

How to Configure a Server as an RPC

Before You Begin

To perform the procedure in this topic, confirm that the Exchange server you are configuring
as an RPC proxy server is running Windows Server 2003 or a later version.

Procedure
To configure a server as an RPC proxy server
1. On the Exchange server that will be the RPC proxy server, click Start, click Control
Panel, and then click Add or Remove Programs.

In Add or Remove Programs, in the left pane, click Add/Remove Windows

Components.

2. In the Windows Components Wizard, on the Windows Components page, select

Networking Services, and then click Details.

3. In Networking Services, select the RPC over HTTP Proxy check box, and then
click OK.

4. On the Windows Components page, click Next to install the RPC over HTTP
Proxy Windows component.

For More Information

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

 For more information, see the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server
79

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

How to Configure a Back-End Server That

is in a Back-End Only Topology to Use RPC
over HTTP
This topic explains how to configure a back-end server to use RPC over HTTP in a topology
that does not have a front-end server.

Before You Begin

To perform the procedure in this topic, confirm that the Exchange server that you are
configuring for RPC over HTTP is running Microsoft® Exchange Server 2003 with Service
Pack 1 (SP1).

Procedure
To configure a back-end only topology to use RPC over HTTP
1. In Exchange System Manager, expand Administrative Groups, and then expand
the administrative group that contains your Exchange server.

2. Expand the Servers object, right-click the Exchange server that you want to set as
the RPC proxy server, and then select Properties.

3. On the Exchange Server Properties page, click the RPC-HTTP tab, and then select
the option next to RPC-HTTP back-end server.

4. Click OK.

5. The following dialog box appears informing you that you do not have an Exchange
front-end server in your organization. Click OK to close this dialog box.

Warning message—no front-end server configured

For More Information

For more information, see How to Deploy RPC over HTTP for the First Time on Exchange
Server 2003 SP1, No Front-End Server.

How to Configure the RPC Virtual Directory

in IIS
This topic explains how to configure the RPC virtual directory in Internet Information Services
(IIS) and how to configure the RPC virtual directory to use Secure Sockets Layer (SSL) for all
client-side connections

After you have configured a server in your organization as an RPC proxy server, you must
configure the RPC virtual directory in IIS if either of the following conditions is true:

 The RPC proxy server is running Microsoft® Exchange Server 2003 and does not have
Service Pack 1 (SP1) installed.

 You have SP1 installed in your organization, but you do not have a front-end server.

After completing these procedures, your RPC virtual directory will be ready to use Basic
authentication and NTLM authentication.

Before You Begin

Before you perform the procedures in this topic, confirm that you have configured a server as
an RPC proxy server by installing the Microsoft Windows® RPC networking component.

Procedure to Configure RPC Virtual Directory in

IIS
To configure the RPC virtual directory in IIS
1. Click Start, point to All Programs, point to Administrative Tools, and then click
81

Internet Information Services (IIS) Manager.

2. In Internet Information Services (IIS) Manager, in the console tree, expand the
server you want, then expand Web Sites.

3. Expand Default Web Site, right-click the RPCvirtual directory, and then click
Properties.

4. In the RPC Virtual Directory Properties page, on the Directory Security tab, in the
Authentication and access control pane, click Edit.

5. In the Authentication Methods window, verify that the check box next to Enable
anonymous access is cleared.

Note:
RPC over HTTP does not allow anonymous access by default, despite what
the user interface shows.

6. In the Authentication Methods window, under Authenticated access, select the

check box next to Basic authentication (password is sent in clear text) and click
OK. You receive the following message:

The authentication option you have selected results in passwords being

transmitted over the network without data encryption. Someone attempting to
compromise your system security could use a protocol analyzer to examine user
passwords during the authentication process. For more detail on user
authentication, consult the online help. This warning does not apply to
HTTPS(orSSL) connections.

Are you sure you want to continue?

Note:
In this error message, the word "HTTPS(orSSL)" is a misspelling for the
words "HTTPS (or SSL)."

In the Authentication Methods window, under Authenticated access, you can also
select the check box next to Integrated Windows authentication (NTLM). However,
it is recommended that you use Basic authentication over NTLM because of two
reasons. First, RPC over HTTP currently supports only NTLM – it doesn’t support
Kerberos. Second, if there is an HTTP Proxy or a firewall between the RPC over
HTTP client and the RPC Proxy, which inserts via the pragma in the HTTP header,
NTLM authentication will not work. For more information see, RPC over HTTP
Deployment Recommendations.

7. To save your settings, click Apply, and then click OK.

8. Ensure that you have a valid SSL certificate installed on the virtual server.
82

Procedure to Configure RPC Virtual Directory to

Use SSL
The RPC virtual directory is configured to use basic authentication. We recommend that you
use SSL together with basic authentication. To enable SSL on the RPC virtual directory, you
must obtain and publish a certificate. This procedure assumes that you have obtained and
published a certificate. To configure the RPC virtual directory to require SSL for all client-side
connections, follow these steps:

To configure RPC virtual directory to use SSL

1. Click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.

2. Expand Web Sites, expand Default Web Site, right-click Rpc, and then click
Properties.

3. Click the Directory Security tab, and then click Edit under Secure
communications.

4. Click to select the Require secure channel (SSL) check box and the Require 128-
bit encryption check box.

Note:
We recommend that you click to select the Require 128-bit encryption
check box. However, RPC over HTTP functions correctly even if you do not
require 128-bit encryption.

5. Click OK, click Apply, and then click OK.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server
83

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

 How to Verify RPC Virtual Directory Configuration

How to Configure the RPC Proxy Server to

Use Specified Ports for RPC over HTTP
This topic explains how to configure the RPC proxy server to use specified ports for RPC
over HTTP.

Note:
You can also use the Rpccfg tool to set and troubleshoot port assignments. The
Rpccfg tool is included in the Windows Server 2003 Resource Kit Tools.

After you configure the RPC over HTTP networking component for Internet Information
Services, configure the RPC proxy server. Configure the RPC proxy server to use specific
ports to communicate with the directory service and with the information store on the
Exchange computer.

For information about configuring all your global catalogs to use specific ports for RPC over
HTTP for directory services, see How to Set the NTDS Port on a Global Catalog Server
Acting as an Exchange Server 2003 Back-End Server.

Before You Begin

Verify the registry values automatically set for the Exchange ports mentioned below. When
you run Exchange Server 2003 Setup, Exchange is configured to use the ports in the
following table.

Server Port Service

Exchange Server (Global 6001 Store

Catalog)

6002 DSReferral

6004 DSProxy

The three registry values that follow are automatically configured by Exchange Server 2003
Setup. Although you do not have to configure these registry values, you might want to verify
that these registry values are configured correctly.
84

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Paramet
ersSystem

Value name: Rpc/HTTP Port

Value type: REG_DWORD

Value data: 0x1771 (Decimal 6001)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: HTTP Port

Value type: REG_DWORD

Value data: 0x1772 (Decimal 6002)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: Rpc/HTTP NSPI Port

Value type: REG_DWORD

Value data: 0x1774 (Decimal 6004)

Note:
Do not modify these registry values. If you modify these registry values, RPC over
HTTP may not function correctly.

To configure the RPC proxy server to use specific ports, follow the steps below. The following
steps contain information about editing the registry.

Procedure
To configure the RPC proxy server to use specified ports for RPC over HTTP
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. In the details pane, right-click the ValidPorts subkey, and then click Modify.
85

4. In Edit String, in the Value data box, type the following information:

ExchangeServer:6001-6002;ExchangeServerFQDN:6001-
6002;ExchangeServer:6004;ExchangeServerFQDN:6004;

 ExchangeServer is the NetBIOS name of your Exchange server.

 ExchangeServerFQDN is the fully qualified domain name (FQDN) of your

Exchange server. If the FQDN that is used to access the server from the Internet
differs from the internal FQDN, you must use the internal FQDN.

To determine the NetBIOS name and the fully qualified domain name of your server,
start a command prompt, type ipconfig /all, and then press ENTER. Under Windows
IP Configuration, information that is similar to the following appears:
Host Name .................: mycomputer Primary DNS Suffix ........:
contoso.com

The host name is the NetBIOS name of your computer. The host name together with
the primary DNS suffix is the fully qualified domain name of your computer. In this
example, the fully qualified domain name is mycomputer.contoso.com.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server
86

How to Configure the RPC Proxy Server to

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Create an Outlook Profile for Users

to Use with RPC over HTTP
This topic explains how to create a Microsoft® Office Outlook® profile for users to use with
RPC over HTTP.

Before you begin the procedure in this topic, confirm the following:

 You are running one of the following on the client computer:

 Microsoft Windows® XP with Service Pack 1 and 331320 hotfix or later

 Microsoft Windows Server 2003

 You are running Outlook 2003 on the client computer.

 You have completed all other steps for configuring RPC over HTTP on your Exchange
servers.

Procedure
To create an Outlook profile for users to use with RPC over HTTP
1. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

2. In Control Panel, perform one of the following tasks:

 If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

 If you are using Classic View, double-click Mail.

3. In Mail Setup, under Profiles, click Show Profiles.

4. In Mail, click Add.

5. In New Profile, in the Profile Name box, type a name for this profile, and then click
OK.

6. In the E-mail Accounts wizard, click Add a new e-mail account, and then click
Next.

7. On the Server Type page, click Microsoft Exchange Server, and then click Next.

8. On the E-mail Accounts page, do the following:

a. In the Microsoft Exchange Server box, type the fully qualified domain name
(FQDN) of your back-end Exchange server where your mailbox resides.

b. Click to clear the Use Cached Exchange Mode check box.

Important:
Temporarily turn off Cached Exchange mode to test your configuration.
We recommend that you enable Cached Exchange mode after you test
your RPC over HTTP configuration.

c. In the User Name box, type the name of the user account that you want to use.

d. Click More Settings.

Note:
89

At this stage, the client application attempts to resolve the user name on
the Exchange server. If you cannot access your Exchange back-end
server directly by using TCP/IP, this operation will time out and present a
dialog box that prompts you to confirm your user name and mailbox.
Click Cancel on this dialog box.

9. In the Microsoft Exchange Server dialog box, do the following:

a. On the Connection tab, in the Connection pane, select either Connect using
my Local Area Network (LAN) or Connect using Internet Explorer's or a 3rd
party dialer. Select the connection type based on the method that you use to
connect to the Internet.
b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

Note:
If the Exchange over the Internet area does not appear on the
Connection tab, see the How to Verify Client Computer Configuration.

c. Click Exchange Proxy Settings.

10. In the Exchange Proxy Settings dialog box, in the Connections Settings pane,
perform the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.
90

Exchange Proxy Settings

12. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

To modify an existing Outlook profile for users to use with RPC over HTTP
1. Use either Control Panel or Outlook to open the E-Mail Accounts wizard.

To open the E-Mail Accounts wizard using Control Panel, do the following:

a. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

b. In Control Panel, perform one of the following tasks:

• If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.
91

• If you are using Classic View, double-click Mail.

c. In Mail Setup, under Profiles, click Show Profiles.

d. In Mail, click the profile that you want to change, and then click Properties.

e. In Mail Setup, click E-mail Accounts.

To open the E-Mail Accounts wizard using Outlook, do the following:

a. In Outlook, on the Tools menu, click E-Mail Accounts.

2. In the E-mail Accounts wizard, click View or change existing e-mail accounts,
and then click Next.

3. On the E-mail Accounts page, select the Microsoft Exchange Server account, and
then click Change.

4. On the Exchange Server Settings page, click More Settings.

5. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

c. Click Exchange Proxy Settings.

6. In the Exchange Proxy Settings dialog box, in the Connections Settings pane, do
the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.
92

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

8. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

For More Information

For more information about configuring Outlook 2003 profiles for RPC over HTTP, see:
93

 Video that shows how to configure Outlook 2003 MAPI profile to connect to Exchange
Server 2003 using RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=64060)

Note:
The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Configuring Outlook 2003 for RPC over HTTP

 Customizing Outlook Profiles by Using PRF Files

 Configuring Outlook Profiles by Using a PRF File

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see the following topics in the Exchange Server 2003 RPC over HTTP Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Deploy RPC over HTTP for the First

Time on Exchange Server 2003, Front-
End/Back-End Scenario
This topic explains how to deploy RPC over HTTP in a Microsoft® Exchange Server 2003
organization.

Before You Begin

Before you perform the procedure in this topic:

 It is important that you first read System Requirements for RPC over HTTP on Exchange
Server 2003.

 Confirm the following:

 You have one or more front-end servers.

 You have one or more back-end servers.

 You have one or more global catalog servers.

 All three roles (front-end, back-end, and global catalog) are applied on separate
servers.

 You are running Exchange Server 2003 (without service packs) on your front-end and
back-end servers.

Procedure
To deploy RPC over HTTP for the first time on Exchange Server 2003 in a front-
end/back-end scenario
1. Configure your Exchange Server 2003 front-end server as an RPC proxy server. For
detailed steps, see How to Configure a Server as an RPC Proxy Server.

2. Configure the RPC virtual directory. For detailed steps, see How to Configure the
RPC Virtual Directory in IIS.

3. Configure the RPC proxy server to use specified ports for RPC over HTTP. For
detailed steps, see How to Configure the RPC Proxy Server to Use Specified Ports
for RPC over HTTP.

4. (optional) Configure the RPC proxy server to allow for Secure Sockets Layer (SSL)
offloading on a separate server. For detailed steps, see How to Configure the RPC
Proxy Server to Allow for SSL Offloading on a Separate Server.

5. Create a Microsoft Office Outlook® profile for your users to use with RPC over HTTP.
For detailed steps, see How to Create an Outlook Profile for Users to Use with RPC
over HTTP.

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 without
service packs, and you have a back-end server that is also a global catalog server, see
How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 without
service packs, and you do not have a front-end server in your organization, see How to
Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-End
Server
95

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 without
service packs, and you do not have a front-end server in your organization, and you have
a back-end server that is also a global catalog server, see How to Deploy RPC over
HTTP for the First Time on Exchange Server 2003, No Front-End Server, Back-End on
Global Catalog Server

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 SP1, see
one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server
 If you have already deployed RPC over HTTP in an Exchange Server 2003 topology and
are upgrading that topology to Exchange 2003 SP1, see How to Upgrade an Exchange
Server 2003 RPC over HTTP Deployment to Exchange Server 2003 SP1

 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.

How to Configure a Server as an RPC

Before You Begin

To perform the procedure in this topic, confirm that the Exchange server you are configuring
as an RPC proxy server is running Windows Server 2003 or a later version.

Procedure
To configure a server as an RPC proxy server
1. On the Exchange server that will be the RPC proxy server, click Start, click Control
96

Panel, and then click Add or Remove Programs.

In Add or Remove Programs, in the left pane, click Add/Remove Windows

Components.

2. In the Windows Components Wizard, on the Windows Components page, select

Networking Services, and then click Details.

3. In Networking Services, select the RPC over HTTP Proxy check box, and then
click OK.

4. On the Windows Components page, click Next to install the RPC over HTTP
Proxy Windows component.

For More Information

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

 For more information, see the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

How to Configure the RPC Virtual Directory

After you have configured a server in your organization as an RPC proxy server, you must
configure the RPC virtual directory in IIS if either of the following conditions is true:

 The RPC proxy server is running Microsoft® Exchange Server 2003 and does not have
Service Pack 1 (SP1) installed.

 You have SP1 installed in your organization, but you do not have a front-end server.

After completing these procedures, your RPC virtual directory will be ready to use Basic
authentication and NTLM authentication.

Before You Begin

Before you perform the procedures in this topic, confirm that you have configured a server as
an RPC proxy server by installing the Microsoft Windows® RPC networking component.

Procedure to Configure RPC Virtual Directory in

IIS
To configure the RPC virtual directory in IIS
1. Click Start, point to All Programs, point to Administrative Tools, and then click
Internet Information Services (IIS) Manager.

2. In Internet Information Services (IIS) Manager, in the console tree, expand the
server you want, then expand Web Sites.

3. Expand Default Web Site, right-click the RPCvirtual directory, and then click
Properties.

4. In the RPC Virtual Directory Properties page, on the Directory Security tab, in the
Authentication and access control pane, click Edit.

5. In the Authentication Methods window, verify that the check box next to Enable
anonymous access is cleared.

Note:
RPC over HTTP does not allow anonymous access by default, despite what
the user interface shows.

6. In the Authentication Methods window, under Authenticated access, select the

check box next to Basic authentication (password is sent in clear text) and click
OK. You receive the following message:

The authentication option you have selected results in passwords being

transmitted over the network without data encryption. Someone attempting to
compromise your system security could use a protocol analyzer to examine user
98

passwords during the authentication process. For more detail on user

authentication, consult the online help. This warning does not apply to
HTTPS(orSSL) connections.

Are you sure you want to continue?

Note:
In this error message, the word "HTTPS(orSSL)" is a misspelling for the
words "HTTPS (or SSL)."

7. To save your settings, click Apply, and then click OK.

8. Ensure that you have a valid SSL certificate installed on the virtual server.

Procedure to Configure RPC Virtual Directory to

To configure RPC virtual directory to use SSL

1. Click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.

2. Expand Web Sites, expand Default Web Site, right-click Rpc, and then click
Properties.

3. Click the Directory Security tab, and then click Edit under Secure
communications.

4. Click to select the Require secure channel (SSL) check box and the Require 128-
bit encryption check box.

Note:
99

We recommend that you click to select the Require 128-bit encryption

check box. However, RPC over HTTP functions correctly even if you do not
require 128-bit encryption.

5. Click OK, click Apply, and then click OK.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

 How to Verify RPC Virtual Directory Configuration

How to Configure the RPC Proxy Server to

Use Specified Ports for RPC over HTTP
This topic explains how to configure the RPC proxy server to use specified ports for RPC
over HTTP.

Note:
You can also use the Rpccfg tool to set and troubleshoot port assignments. The
Rpccfg tool is included in the Windows Server 2003 Resource Kit Tools.

Before You Begin

Verify the registry values automatically set for the Exchange ports mentioned below. When
you run Exchange Server 2003 Setup, Exchange is configured to use the ports in the
following table.

Server Port Service

Exchange Server (Global 6001 Store

Catalog)

6002 DSReferral

6004 DSProxy

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Paramet
ersSystem

Value name: Rpc/HTTP Port

Value type: REG_DWORD

Value data: 0x1771 (Decimal 6001)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: HTTP Port

Value type: REG_DWORD

Value data: 0x1772 (Decimal 6002)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: Rpc/HTTP NSPI Port

Value type: REG_DWORD

Value data: 0x1774 (Decimal 6004)

101

Note:
Do not modify these registry values. If you modify these registry values, RPC over
HTTP may not function correctly.

To configure the RPC proxy server to use specific ports, follow the steps below. The following
steps contain information about editing the registry.

Procedure
To configure the RPC proxy server to use specified ports for RPC over HTTP
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. In the details pane, right-click the ValidPorts subkey, and then click Modify.

4. In Edit String, in the Value data box, type the following information:

ExchangeServer:6001-6002;ExchangeServerFQDN:6001-
6002;ExchangeServer:6004;ExchangeServerFQDN:6004;

 ExchangeServer is the NetBIOS name of your Exchange server.

 ExchangeServerFQDN is the fully qualified domain name (FQDN) of your

Exchange server. If the FQDN that is used to access the server from the Internet
differs from the internal FQDN, you must use the internal FQDN.

Host Name .................: mycomputer Primary DNS Suffix ........:

contoso.com

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

How to Configure the RPC Proxy Server to

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

103

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario
104

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Create an Outlook Profile for Users

to Use with RPC over HTTP
This topic explains how to create a Microsoft® Office Outlook® profile for users to use with
RPC over HTTP.

Before you begin the procedure in this topic, confirm the following:

 You are running one of the following on the client computer:

 Microsoft Windows® XP with Service Pack 1 and 331320 hotfix or later

 Microsoft Windows Server 2003

 You are running Outlook 2003 on the client computer.

 You have completed all other steps for configuring RPC over HTTP on your Exchange
servers.

Procedure
To create an Outlook profile for users to use with RPC over HTTP
1. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

2. In Control Panel, perform one of the following tasks:

 If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

 If you are using Classic View, double-click Mail.

3. In Mail Setup, under Profiles, click Show Profiles.

4. In Mail, click Add.

105

5. In New Profile, in the Profile Name box, type a name for this profile, and then click
OK.

6. In the E-mail Accounts wizard, click Add a new e-mail account, and then click
Next.

7. On the Server Type page, click Microsoft Exchange Server, and then click Next.

8. On the E-mail Accounts page, do the following:

a. In the Microsoft Exchange Server box, type the fully qualified domain name
(FQDN) of your back-end Exchange server where your mailbox resides.

b. Click to clear the Use Cached Exchange Mode check box.

Important:
Temporarily turn off Cached Exchange mode to test your configuration.
We recommend that you enable Cached Exchange mode after you test
your RPC over HTTP configuration.

c. In the User Name box, type the name of the user account that you want to use.

d. Click More Settings.

9. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

Note:
If the Exchange over the Internet area does not appear on the
Connection tab, see the How to Verify Client Computer Configuration.

c. Click Exchange Proxy Settings.

10. In the Exchange Proxy Settings dialog box, in the Connections Settings pane,
perform the following steps:

a. Enter the FQDN of the RPC proxy server in the Use this URL to connect to my
106

proxy server for Exchange box. The RPC proxy server is the Exchange server
that users can connect to on the Internet. For example, type mail.contoso.com.

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

107

12. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

To modify an existing Outlook profile for users to use with RPC over HTTP
1. Use either Control Panel or Outlook to open the E-Mail Accounts wizard.

To open the E-Mail Accounts wizard using Control Panel, do the following:

a. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

b. In Control Panel, perform one of the following tasks:

• If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

• If you are using Classic View, double-click Mail.

108

c. In Mail Setup, under Profiles, click Show Profiles.

d. In Mail, click the profile that you want to change, and then click Properties.

e. In Mail Setup, click E-mail Accounts.

To open the E-Mail Accounts wizard using Outlook, do the following:

a. In Outlook, on the Tools menu, click E-Mail Accounts.

2. In the E-mail Accounts wizard, click View or change existing e-mail accounts,
and then click Next.

3. On the E-mail Accounts page, select the Microsoft Exchange Server account, and
then click Change.
4. On the Exchange Server Settings page, click More Settings.

5. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

c. Click Exchange Proxy Settings.

6. In the Exchange Proxy Settings dialog box, in the Connections Settings pane, do
the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
109

Outlook defines a fast connection as a connection that is faster than 128

kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

8. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

For More Information

For more information about configuring Outlook 2003 profiles for RPC over HTTP, see:
110

 Video that shows how to configure Outlook 2003 MAPI profile to connect to Exchange
Server 2003 using RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=64060)

Note:
The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Configuring Outlook 2003 for RPC over HTTP

 Customizing Outlook Profiles by Using PRF Files

 Configuring Outlook Profiles by Using a PRF File

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see the following topics in the Exchange Server 2003 RPC over HTTP Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Deploy RPC over HTTP for the First

Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on
Global Catalog Server
This topic explains how to deploy RPC over HTTP in a Microsoft® Exchange Server 2003
organization that has front-end servers and back-end servers.

Before You Begin

Before you perform the procedure in this topic:

 It is important that you first read System Requirements for RPC over HTTP on Exchange
Server 2003.
111

 Confirm the following:

 You have one or more front-end servers.

 You have one or more back-end servers.

 You have one or more global catalog servers.

 At least one of your back-end servers is located on the same computer as a global
catalog server.

Note:
If your back-end server is also a domain controller, it is recommended that
you make this domain controller a global catalog server. If an RPC over
HTTP back-end server is a domain controller but is not a global catalog
server, you can experience problems with connectivity to this server.

 You are running Exchange Server 2003 without service packs on all your Exchange
servers.

Procedure
To deploy RPC over HTTP for the first time on Exchange Server 2003 in a front-
end/back-end Scenario, with the back end on a global catalog server
1. Configure your Exchange Server 2003 front-end server as an RPC proxy server. For
detailed steps, see How to Configure a Server as an RPC Proxy Server.

2. Configure the RPC virtual directory. For detailed steps, see How to Configure the
RPC Virtual Directory in IIS.

3. Configure the RPC proxy server to use specified ports for RPC over HTTP. For
detailed steps, see How to Configure the RPC Proxy Server to Use Specified Ports
for RPC over HTTP.

4. Set the Microsoft Windows NT® Directory Services (NTDS) port on all global catalog
servers acting as Exchange Server 2003 back-end servers. For detailed steps, see
How to Set the NTDS Port on a Global Catalog Server Acting as an Exchange Server
2003 Back-End Server.

5. (optional) Configure the RPC proxy server to allow for Secure Sockets Layer (SSL)
offloading on a separate server. For detailed steps, see How to Configure the RPC
Proxy Server to Allow for SSL Offloading on a Separate Server.

6. Create a Microsoft Office Outlook® profile for your users to use with RPC over HTTP.
For detailed steps, see How to Create an Outlook Profile for Users to Use with RPC
over HTTP.
112

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and you
do not have a server that is a back-end server and a global catalog server, see one of the
following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and you
have at least one server that is a back-end server and a global catalog server, and you
do not have a front-end server in your organization, see How to Deploy RPC over HTTP
for the First Time on Exchange Server 2003, No Front-End Server, Back-End on Global
Catalog Server

 If you have already deployed RPC over HTTP in an Exchange Server 2003 topology and
are upgrading that topology to Exchange 2003 SP1, see How to Upgrade an Exchange
Server 2003 RPC over HTTP Deployment to Exchange Server 2003 SP1

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 SP1, see
one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.

How to Configure a Server as an RPC

Before You Begin

To perform the procedure in this topic, confirm that the Exchange server you are configuring
as an RPC proxy server is running Windows Server 2003 or a later version.

Procedure
To configure a server as an RPC proxy server
1. On the Exchange server that will be the RPC proxy server, click Start, click Control
Panel, and then click Add or Remove Programs.
In Add or Remove Programs, in the left pane, click Add/Remove Windows
Components.

2. In the Windows Components Wizard, on the Windows Components page, select

Networking Services, and then click Details.

3. In Networking Services, select the RPC over HTTP Proxy check box, and then
click OK.

4. On the Windows Components page, click Next to install the RPC over HTTP
Proxy Windows component.

For More Information

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

 For more information, see the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server
114

How to Configure the RPC Virtual Directory

After you have configured a server in your organization as an RPC proxy server, you must
configure the RPC virtual directory in IIS if either of the following conditions is true:

 The RPC proxy server is running Microsoft® Exchange Server 2003 and does not have
Service Pack 1 (SP1) installed.
 You have SP1 installed in your organization, but you do not have a front-end server.

After completing these procedures, your RPC virtual directory will be ready to use Basic
authentication and NTLM authentication.

Before You Begin

Before you perform the procedures in this topic, confirm that you have configured a server as
an RPC proxy server by installing the Microsoft Windows® RPC networking component.

Procedure to Configure RPC Virtual Directory in

IIS
To configure the RPC virtual directory in IIS
1. Click Start, point to All Programs, point to Administrative Tools, and then click
Internet Information Services (IIS) Manager.

2. In Internet Information Services (IIS) Manager, in the console tree, expand the
server you want, then expand Web Sites.

3. Expand Default Web Site, right-click the RPCvirtual directory, and then click
Properties.

4. In the RPC Virtual Directory Properties page, on the Directory Security tab, in the
Authentication and access control pane, click Edit.

5. In the Authentication Methods window, verify that the check box next to Enable
anonymous access is cleared.

Note:
RPC over HTTP does not allow anonymous access by default, despite what
115

the user interface shows.

6. In the Authentication Methods window, under Authenticated access, select the

check box next to Basic authentication (password is sent in clear text) and click
OK. You receive the following message:

The authentication option you have selected results in passwords being

Are you sure you want to continue?

Note:
In this error message, the word "HTTPS(orSSL)" is a misspelling for the
words "HTTPS (or SSL)."

7. To save your settings, click Apply, and then click OK.

8. Ensure that you have a valid SSL certificate installed on the virtual server.

Procedure to Configure RPC Virtual Directory to

To configure RPC virtual directory to use SSL

1. Click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.

2. Expand Web Sites, expand Default Web Site, right-click Rpc, and then click
116

Properties.

3. Click the Directory Security tab, and then click Edit under Secure
communications.

4. Click to select the Require secure channel (SSL) check box and the Require 128-
bit encryption check box.

Note:
We recommend that you click to select the Require 128-bit encryption
check box. However, RPC over HTTP functions correctly even if you do not
require 128-bit encryption.

5. Click OK, click Apply, and then click OK.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

 How to Verify RPC Virtual Directory Configuration

How to Configure the RPC Proxy Server to

Use Specified Ports for RPC over HTTP
This topic explains how to configure the RPC proxy server to use specified ports for RPC
over HTTP.

Note:
You can also use the Rpccfg tool to set and troubleshoot port assignments. The
Rpccfg tool is included in the Windows Server 2003 Resource Kit Tools.
117

Before You Begin

Verify the registry values automatically set for the Exchange ports mentioned below. When
you run Exchange Server 2003 Setup, Exchange is configured to use the ports in the
following table.

Server Port Service

Exchange Server (Global 6001 Store

Catalog)

6002 DSReferral

6004 DSProxy

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Paramet
ersSystem

Value name: Rpc/HTTP Port

Value type: REG_DWORD

Value data: 0x1771 (Decimal 6001)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: HTTP Port

Value type: REG_DWORD

Value data: 0x1772 (Decimal 6002)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: Rpc/HTTP NSPI Port

118

Value type: REG_DWORD

Value data: 0x1774 (Decimal 6004)

Note:
Do not modify these registry values. If you modify these registry values, RPC over
HTTP may not function correctly.

To configure the RPC proxy server to use specific ports, follow the steps below. The following
steps contain information about editing the registry.

Procedure
To configure the RPC proxy server to use specified ports for RPC over HTTP
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. In the details pane, right-click the ValidPorts subkey, and then click Modify.

4. In Edit String, in the Value data box, type the following information:

ExchangeServer:6001-6002;ExchangeServerFQDN:6001-
6002;ExchangeServer:6004;ExchangeServerFQDN:6004;

 ExchangeServer is the NetBIOS name of your Exchange server.

 ExchangeServerFQDN is the fully qualified domain name (FQDN) of your

Exchange server. If the FQDN that is used to access the server from the Internet
differs from the internal FQDN, you must use the internal FQDN.

Host Name .................: mycomputer Primary DNS Suffix ........:

contoso.com

The host name is the NetBIOS name of your computer. The host name together with
the primary DNS suffix is the fully qualified domain name of your computer. In this
119

example, the fully qualified domain name is mycomputer.contoso.com.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

How to Set the NTDS Port on a Global

Catalog Server Acting as an Exchange
Server 2003 Back-End Server
This topic explains how to set the Microsoft® Windows NT® Directory Services (NTDS) port
on a global catalog server that acts as a Microsoft Exchange Server 2003 back-end server.
You must modify the registry setting for NTDS on global catalog servers that also act as
Exchange back-end mailbox servers and are contacted by clients using RPC over HTTP.

Before You Begin

Before you perform the procedure in this topic:

 Confirm that you are running Exchange Server 2003 on your Exchange servers.

 Perform the steps in one of the following procedures:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server
120

 Note that this topic contains information about editing the registry.

Caution:
Incorrectly editing the registry can cause serious problems that may require you
to reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up
any valuable data.

Procedure
To set the NTDS port on a global catalog server that acts as an Exchange 2003
back-end server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

3. Click Edit, click New, and then select Multi String Value.

4. Create a multi-string value with the name NSPI interface protocol sequences.

5. Right-click the NSPI interface protocol sequences multi-string value, and then click
Modify.

6. In the Value data field, enter ncacn_http:6004.

7. In Registry Editor, click File, and then click Exit to save your settings.

8. You must now restart your server for the settings to be applied.

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

 RPC over HTTP Protocol Specifics

121

How to Configure the RPC Proxy Server to

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

122

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Create an Outlook Profile for Users

to Use with RPC over HTTP
This topic explains how to create a Microsoft® Office Outlook® profile for users to use with
RPC over HTTP.

Before you begin the procedure in this topic, confirm the following:

 You are running one of the following on the client computer:

123

 Microsoft Windows® XP with Service Pack 1 and 331320 hotfix or later

 Microsoft Windows Server 2003

 You are running Outlook 2003 on the client computer.

 You have completed all other steps for configuring RPC over HTTP on your Exchange
servers.

Procedure
To create an Outlook profile for users to use with RPC over HTTP
1. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

2. In Control Panel, perform one of the following tasks:

 If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

 If you are using Classic View, double-click Mail.

3. In Mail Setup, under Profiles, click Show Profiles.

4. In Mail, click Add.

5. In New Profile, in the Profile Name box, type a name for this profile, and then click
OK.

6. In the E-mail Accounts wizard, click Add a new e-mail account, and then click
Next.

7. On the Server Type page, click Microsoft Exchange Server, and then click Next.

8. On the E-mail Accounts page, do the following:

a. In the Microsoft Exchange Server box, type the fully qualified domain name
(FQDN) of your back-end Exchange server where your mailbox resides.

b. Click to clear the Use Cached Exchange Mode check box.

Important:
Temporarily turn off Cached Exchange mode to test your configuration.
We recommend that you enable Cached Exchange mode after you test
your RPC over HTTP configuration.

c. In the User Name box, type the name of the user account that you want to use.

d. Click More Settings.

Note:
124

9. In the Microsoft Exchange Server dialog box, do the following:

Note:
If the Exchange over the Internet area does not appear on the
Connection tab, see the How to Verify Client Computer Configuration.

c. Click Exchange Proxy Settings.

10. In the Exchange Proxy Settings dialog box, in the Connections Settings pane,
perform the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.
125

Exchange Proxy Settings

12. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

To modify an existing Outlook profile for users to use with RPC over HTTP
1. Use either Control Panel or Outlook to open the E-Mail Accounts wizard.

To open the E-Mail Accounts wizard using Control Panel, do the following:

a. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

b. In Control Panel, perform one of the following tasks:

• If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.
126

• If you are using Classic View, double-click Mail.

c. In Mail Setup, under Profiles, click Show Profiles.

d. In Mail, click the profile that you want to change, and then click Properties.

e. In Mail Setup, click E-mail Accounts.

To open the E-Mail Accounts wizard using Outlook, do the following:

a. In Outlook, on the Tools menu, click E-Mail Accounts.

2. In the E-mail Accounts wizard, click View or change existing e-mail accounts,
and then click Next.

3. On the E-mail Accounts page, select the Microsoft Exchange Server account, and
then click Change.

4. On the Exchange Server Settings page, click More Settings.

5. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

c. Click Exchange Proxy Settings.

6. In the Exchange Proxy Settings dialog box, in the Connections Settings pane, do
the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.
127

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

8. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

For More Information

For more information about configuring Outlook 2003 profiles for RPC over HTTP, see:
128

 Video that shows how to configure Outlook 2003 MAPI profile to connect to Exchange
Server 2003 using RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=64060)

Note:
The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Configuring Outlook 2003 for RPC over HTTP

 Customizing Outlook Profiles by Using PRF Files

 Configuring Outlook Profiles by Using a PRF File

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see the following topics in the Exchange Server 2003 RPC over HTTP Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Deploy RPC over HTTP for the First

Time on Exchange Server 2003, No Front-
End Server
This topic explains how to deploy RPC over HTTP in a Microsoft® Exchange Server 2003
organization that does not have a front-end server.

Before You Begin

Before you perform the procedures in this topic:

 It is important that you first read System Requirements for RPC over HTTP on Exchange
Server 2003.

 Confirm the following:

129

 You have one or more back-end servers.

 You have one or more global catalog servers.

 You do not have a front-end server.

 The back-end server and global catalog server roles are applied on separate servers.

 You are running Exchange Server 2003 without service packs on all of your
Exchange servers.

Procedure
To deploy RPC over HTTP for the first time on Exchange Server 2003 with no front-
end server
1. Configure an Exchange Server 2003 back-end server as an RPC proxy server. For
detailed information, see How to Configure a Server as an RPC Proxy Server.

2. Configure the RPC virtual directory. For detailed information, see How to Configure
the RPC Virtual Directory in IIS.

3. Configure the RPC proxy server to use specified ports for RPC over HTTP. For
detailed information, see How to Configure the RPC Proxy Server to Use Specified
Ports for RPC over HTTP.

4. (optional) Configure the RPC proxy server to allow for Secure Sockets Layer (SSL)
offloading on a separate server. For detailed information, see How to Configure the
RPC Proxy Server to Allow for SSL Offloading on a Separate Server.

5. Create a Microsoft Office Outlook® profile for your users to use with RPC over HTTP.
For detailed information, see How to Create an Outlook Profile for Users to Use with
RPC over HTTP.

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and you
do have a front-end server in your organization, see one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 If you have already deployed RPC over HTTP in an Exchange Server 2003 topology and
are upgrading that topology to Exchange Server 2003 SP1, see How to Upgrade an
Exchange Server 2003 RPC over HTTP Deployment to Exchange Server 2003 SP1.
130

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 SP1, see
one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.

How to Configure a Server as an RPC

Before You Begin

To perform the procedure in this topic, confirm that the Exchange server you are configuring
as an RPC proxy server is running Windows Server 2003 or a later version.

Procedure
To configure a server as an RPC proxy server
1. On the Exchange server that will be the RPC proxy server, click Start, click Control
Panel, and then click Add or Remove Programs.

In Add or Remove Programs, in the left pane, click Add/Remove Windows

Components.

2. In the Windows Components Wizard, on the Windows Components page, select

Networking Services, and then click Details.

3. In Networking Services, select the RPC over HTTP Proxy check box, and then
click OK.
131

4. On the Windows Components page, click Next to install the RPC over HTTP
Proxy Windows component.

For More Information

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

 For more information, see the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

How to Configure the RPC Virtual Directory

After you have configured a server in your organization as an RPC proxy server, you must
configure the RPC virtual directory in IIS if either of the following conditions is true:

 The RPC proxy server is running Microsoft® Exchange Server 2003 and does not have
Service Pack 1 (SP1) installed.

 You have SP1 installed in your organization, but you do not have a front-end server.

After completing these procedures, your RPC virtual directory will be ready to use Basic
authentication and NTLM authentication.
132

Before You Begin

Before you perform the procedures in this topic, confirm that you have configured a server as
an RPC proxy server by installing the Microsoft Windows® RPC networking component.

Procedure to Configure RPC Virtual Directory in

IIS
To configure the RPC virtual directory in IIS
1. Click Start, point to All Programs, point to Administrative Tools, and then click
Internet Information Services (IIS) Manager.

2. In Internet Information Services (IIS) Manager, in the console tree, expand the
server you want, then expand Web Sites.

3. Expand Default Web Site, right-click the RPCvirtual directory, and then click
Properties.

4. In the RPC Virtual Directory Properties page, on the Directory Security tab, in the
Authentication and access control pane, click Edit.

5. In the Authentication Methods window, verify that the check box next to Enable
anonymous access is cleared.

Note:
RPC over HTTP does not allow anonymous access by default, despite what
the user interface shows.

6. In the Authentication Methods window, under Authenticated access, select the

check box next to Basic authentication (password is sent in clear text) and click
OK. You receive the following message:

The authentication option you have selected results in passwords being

Are you sure you want to continue?

Note:
In this error message, the word "HTTPS(orSSL)" is a misspelling for the
words "HTTPS (or SSL)."

In the Authentication Methods window, under Authenticated access, you can also
133

select the check box next to Integrated Windows authentication (NTLM). However,
it is recommended that you use Basic authentication over NTLM because of two
reasons. First, RPC over HTTP currently supports only NTLM – it doesn’t support
Kerberos. Second, if there is an HTTP Proxy or a firewall between the RPC over
HTTP client and the RPC Proxy, which inserts via the pragma in the HTTP header,
NTLM authentication will not work. For more information see, RPC over HTTP
Deployment Recommendations.

7. To save your settings, click Apply, and then click OK.

8. Ensure that you have a valid SSL certificate installed on the virtual server.

Procedure to Configure RPC Virtual Directory to

To configure RPC virtual directory to use SSL

1. Click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.

2. Expand Web Sites, expand Default Web Site, right-click Rpc, and then click
Properties.

3. Click the Directory Security tab, and then click Edit under Secure
communications.

4. Click to select the Require secure channel (SSL) check box and the Require 128-
bit encryption check box.

Note:
We recommend that you click to select the Require 128-bit encryption
check box. However, RPC over HTTP functions correctly even if you do not
require 128-bit encryption.

5. Click OK, click Apply, and then click OK.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:
134

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server
 How to Verify RPC Virtual Directory Configuration

How to Configure the RPC Proxy Server to

Use Specified Ports for RPC over HTTP
This topic explains how to configure the RPC proxy server to use specified ports for RPC
over HTTP.

Note:
You can also use the Rpccfg tool to set and troubleshoot port assignments. The
Rpccfg tool is included in the Windows Server 2003 Resource Kit Tools.

Before You Begin

Verify the registry values automatically set for the Exchange ports mentioned below. When
you run Exchange Server 2003 Setup, Exchange is configured to use the ports in the
following table.
135

Server Port Service

Exchange Server (Global 6001 Store

Catalog)

6002 DSReferral

6004 DSProxy

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Paramet
ersSystem

Value name: Rpc/HTTP Port

Value type: REG_DWORD

Value data: 0x1771 (Decimal 6001)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: HTTP Port

Value type: REG_DWORD

Value data: 0x1772 (Decimal 6002)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: Rpc/HTTP NSPI Port

Value type: REG_DWORD

Value data: 0x1774 (Decimal 6004)

Note:
Do not modify these registry values. If you modify these registry values, RPC over
HTTP may not function correctly.

To configure the RPC proxy server to use specific ports, follow the steps below. The following
steps contain information about editing the registry.

Procedure
To configure the RPC proxy server to use specified ports for RPC over HTTP
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. In the details pane, right-click the ValidPorts subkey, and then click Modify.

4. In Edit String, in the Value data box, type the following information:

ExchangeServer:6001-6002;ExchangeServerFQDN:6001-
6002;ExchangeServer:6004;ExchangeServerFQDN:6004;

 ExchangeServer is the NetBIOS name of your Exchange server.

 ExchangeServerFQDN is the fully qualified domain name (FQDN) of your

Exchange server. If the FQDN that is used to access the server from the Internet
differs from the internal FQDN, you must use the internal FQDN.

Host Name .................: mycomputer Primary DNS Suffix ........:

contoso.com

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server
137

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

How to Configure the RPC Proxy Server to

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
138

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Create an Outlook Profile for Users

to Use with RPC over HTTP
This topic explains how to create a Microsoft® Office Outlook® profile for users to use with
RPC over HTTP.

For your users to use RPC over HTTP from their client computer, they must create an
Outlook profile that uses the required RPC over HTTP settings. These settings enable Secure
139

Sockets Layer (SSL) communication with Basic authentication or NTLM authentication. SSL
is required when you use RPC over HTTP.

Before you begin the procedure in this topic, confirm the following:

 You are running one of the following on the client computer:

 Microsoft Windows® XP with Service Pack 1 and 331320 hotfix or later

 Microsoft Windows Server 2003

 You are running Outlook 2003 on the client computer.

 You have completed all other steps for configuring RPC over HTTP on your Exchange
servers.

Procedure
To create an Outlook profile for users to use with RPC over HTTP
1. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

2. In Control Panel, perform one of the following tasks:

 If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

 If you are using Classic View, double-click Mail.

3. In Mail Setup, under Profiles, click Show Profiles.

4. In Mail, click Add.

5. In New Profile, in the Profile Name box, type a name for this profile, and then click
OK.

6. In the E-mail Accounts wizard, click Add a new e-mail account, and then click
Next.

7. On the Server Type page, click Microsoft Exchange Server, and then click Next.

8. On the E-mail Accounts page, do the following:

a. In the Microsoft Exchange Server box, type the fully qualified domain name
(FQDN) of your back-end Exchange server where your mailbox resides.

b. Click to clear the Use Cached Exchange Mode check box.

Important:
Temporarily turn off Cached Exchange mode to test your configuration.
We recommend that you enable Cached Exchange mode after you test
140

your RPC over HTTP configuration.

c. In the User Name box, type the name of the user account that you want to use.

d. Click More Settings.

9. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

Note:
If the Exchange over the Internet area does not appear on the
Connection tab, see the How to Verify Client Computer Configuration.

c. Click Exchange Proxy Settings.

10. In the Exchange Proxy Settings dialog box, in the Connections Settings pane,
perform the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.
141

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

12. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

To modify an existing Outlook profile for users to use with RPC over HTTP
1. Use either Control Panel or Outlook to open the E-Mail Accounts wizard.

To open the E-Mail Accounts wizard using Control Panel, do the following:
142

a. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

b. In Control Panel, perform one of the following tasks:

• If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

• If you are using Classic View, double-click Mail.

c. In Mail Setup, under Profiles, click Show Profiles.

d. In Mail, click the profile that you want to change, and then click Properties.

e. In Mail Setup, click E-mail Accounts.

To open the E-Mail Accounts wizard using Outlook, do the following:

a. In Outlook, on the Tools menu, click E-Mail Accounts.

2. In the E-mail Accounts wizard, click View or change existing e-mail accounts,
and then click Next.

3. On the E-mail Accounts page, select the Microsoft Exchange Server account, and
then click Change.

4. On the Exchange Server Settings page, click More Settings.

5. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

c. Click Exchange Proxy Settings.

6. In the Exchange Proxy Settings dialog box, in the Connections Settings pane, do
the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
143

the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.
The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

8. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
144

Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

For More Information

For more information about configuring Outlook 2003 profiles for RPC over HTTP, see:

 Video that shows how to configure Outlook 2003 MAPI profile to connect to Exchange
Server 2003 using RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=64060)

Note:
The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Configuring Outlook 2003 for RPC over HTTP

 Customizing Outlook Profiles by Using PRF Files

 Configuring Outlook Profiles by Using a PRF File

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see the following topics in the Exchange Server 2003 RPC over HTTP Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Deploy RPC over HTTP for the First

Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog
Server
This topic explains how to deploy RPC over HTTP in a Microsoft® Exchange Server 2003
organization that has the following characteristics:
145

 The Exchange organization does not have a front-end server.

 The Exchange organization has at least one back-end server that is also a global catalog
server.

Before You Begin

Before you perform the procedure in this topic:

 It is important that you first read System Requirements for RPC over HTTP on Exchange
Server 2003.

 Confirm the following:

 You have one or more back-end servers.

 You have one or more global catalog servers.

 You do not have a front-end server.

 At least one of your back-end servers is located on the same computer as a global
catalog server.

Note:
If your back-end server is also a domain controller, it is recommended that
you make this domain controller a global catalog server. If an RPC over
HTTP back-end server is a domain controller but is not a global catalog
server, you can experience problems with connectivity to this server.

 You are running Exchange Server 2003 without service packs on all of your
Exchange servers.

Procedure
To deploy RPC over HTTP for the first time on Exchange Server 2003, no front-end
server, back-end on a global catalog server
1. Configure an Exchange Server 2003 back-end server as an RPC proxy server. For
detailed steps, see How to Configure a Server as an RPC Proxy Server.

2. Configure the RPC virtual directory. For detailed steps, see How to Configure the
RPC Virtual Directory in IIS.

3. Configure the RPC proxy server to use specified ports for RPC over HTTP. For
detailed steps, see How to Configure the RPC Proxy Server to Use Specified Ports
for RPC over HTTP.

4. Set the NT Directory Services (NTDS) port on all global catalog servers that act as
Exchange Server 2003 back-end servers. For detailed steps, see How to Set the
146

NTDS Port on a Global Catalog Server Acting as an Exchange Server 2003 Back-
End Server.

6. Create a Microsoft Office Outlook® profile for your users to use with RPC over HTTP.
For detailed steps, see How to Create an Outlook Profile for Users to Use with RPC
over HTTP.

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and you
do have a front-end server in your organization, see one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and you
do not have a front-end server in your organization, and you do not have a server that is
both a back-end server and a global catalog server, see the following topic:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 SP1, see
one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.
147

How to Configure a Server as an RPC

Before You Begin

To perform the procedure in this topic, confirm that the Exchange server you are configuring
as an RPC proxy server is running Windows Server 2003 or a later version.

Procedure
To configure a server as an RPC proxy server
1. On the Exchange server that will be the RPC proxy server, click Start, click Control
Panel, and then click Add or Remove Programs.

In Add or Remove Programs, in the left pane, click Add/Remove Windows

Components.

2. In the Windows Components Wizard, on the Windows Components page, select

Networking Services, and then click Details.

3. In Networking Services, select the RPC over HTTP Proxy check box, and then
click OK.

4. On the Windows Components page, click Next to install the RPC over HTTP
Proxy Windows component.

For More Information

 Positioning Your RPC Proxy Server and Firewalls in a Corporate Environment

148

 For more information, see the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

How to Configure the RPC Virtual Directory

After you have configured a server in your organization as an RPC proxy server, you must
configure the RPC virtual directory in IIS if either of the following conditions is true:

 The RPC proxy server is running Microsoft® Exchange Server 2003 and does not have
Service Pack 1 (SP1) installed.

 You have SP1 installed in your organization, but you do not have a front-end server.

After completing these procedures, your RPC virtual directory will be ready to use Basic
authentication and NTLM authentication.

Before You Begin

Before you perform the procedures in this topic, confirm that you have configured a server as
an RPC proxy server by installing the Microsoft Windows® RPC networking component.
149

Procedure to Configure RPC Virtual Directory in

IIS
To configure the RPC virtual directory in IIS
1. Click Start, point to All Programs, point to Administrative Tools, and then click
Internet Information Services (IIS) Manager.

2. In Internet Information Services (IIS) Manager, in the console tree, expand the
server you want, then expand Web Sites.

3. Expand Default Web Site, right-click the RPCvirtual directory, and then click
Properties.
4. In the RPC Virtual Directory Properties page, on the Directory Security tab, in the
Authentication and access control pane, click Edit.

5. In the Authentication Methods window, verify that the check box next to Enable
anonymous access is cleared.

Note:
RPC over HTTP does not allow anonymous access by default, despite what
the user interface shows.

6. In the Authentication Methods window, under Authenticated access, select the

check box next to Basic authentication (password is sent in clear text) and click
OK. You receive the following message:

The authentication option you have selected results in passwords being

Are you sure you want to continue?

Note:
In this error message, the word "HTTPS(orSSL)" is a misspelling for the
words "HTTPS (or SSL)."

NTLM authentication will not work. For more information see, RPC over HTTP
Deployment Recommendations.

7. To save your settings, click Apply, and then click OK.

8. Ensure that you have a valid SSL certificate installed on the virtual server.

Procedure to Configure RPC Virtual Directory to

To configure RPC virtual directory to use SSL

1. Click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.

2. Expand Web Sites, expand Default Web Site, right-click Rpc, and then click
Properties.

3. Click the Directory Security tab, and then click Edit under Secure
communications.

4. Click to select the Require secure channel (SSL) check box and the Require 128-
bit encryption check box.

Note:
We recommend that you click to select the Require 128-bit encryption
check box. However, RPC over HTTP functions correctly even if you do not
require 128-bit encryption.

5. Click OK, click Apply, and then click OK.

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario
151

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

 How to Verify RPC Virtual Directory Configuration

How to Configure the RPC Proxy Server to

Use Specified Ports for RPC over HTTP
This topic explains how to configure the RPC proxy server to use specified ports for RPC
over HTTP.

Note:
You can also use the Rpccfg tool to set and troubleshoot port assignments. The
Rpccfg tool is included in the Windows Server 2003 Resource Kit Tools.

Before You Begin

Verify the registry values automatically set for the Exchange ports mentioned below. When
you run Exchange Server 2003 Setup, Exchange is configured to use the ports in the
following table.

Server Port Service

Exchange Server (Global 6001 Store

Catalog)

6002 DSReferral

6004 DSProxy
152

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Paramet
ersSystem

Value name: Rpc/HTTP Port

Value type: REG_DWORD

Value data: 0x1771 (Decimal 6001)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers
Value name: HTTP Port

Value type: REG_DWORD

Value data: 0x1772 (Decimal 6002)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Paramet
ers

Value name: Rpc/HTTP NSPI Port

Value type: REG_DWORD

Value data: 0x1774 (Decimal 6004)

Note:
Do not modify these registry values. If you modify these registry values, RPC over
HTTP may not function correctly.

To configure the RPC proxy server to use specific ports, follow the steps below. The following
steps contain information about editing the registry.

Procedure
To configure the RPC proxy server to use specified ports for RPC over HTTP
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

153

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. In the details pane, right-click the ValidPorts subkey, and then click Modify.

4. In Edit String, in the Value data box, type the following information:

ExchangeServer:6001-6002;ExchangeServerFQDN:6001-
6002;ExchangeServer:6004;ExchangeServerFQDN:6004;

 ExchangeServer is the NetBIOS name of your Exchange server.

 ExchangeServerFQDN is the fully qualified domain name (FQDN) of your

Exchange server. If the FQDN that is used to access the server from the Internet
differs from the internal FQDN, you must use the internal FQDN.
To determine the NetBIOS name and the fully qualified domain name of your server,
start a command prompt, type ipconfig /all, and then press ENTER. Under Windows
IP Configuration, information that is similar to the following appears:

Host Name .................: mycomputer Primary DNS Suffix ........:

contoso.com

For More Information

For more information, see the following topics in the Exchange Server 2003 RPC over HTTP
Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server
154

How to Set the NTDS Port on a Global

Before You Begin

Before you perform the procedure in this topic:

 Confirm that you are running Exchange Server 2003 on your Exchange servers.

 Perform the steps in one of the following procedures:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

 Note that this topic contains information about editing the registry.

Caution:
Incorrectly editing the registry can cause serious problems that may require you
to reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up
any valuable data.

Procedure
To set the NTDS port on a global catalog server that acts as an Exchange 2003
back-end server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

3. Click Edit, click New, and then select Multi String Value.

4. Create a multi-string value with the name NSPI interface protocol sequences.
155

5. Right-click the NSPI interface protocol sequences multi-string value, and then click
Modify.

6. In the Value data field, enter ncacn_http:6004.

7. In Registry Editor, click File, and then click Exit to save your settings.

8. You must now restart your server for the settings to be applied.

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server, Back-End on Global Catalog Server

 RPC over HTTP Protocol Specifics

How to Configure the RPC Proxy Server to

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your
authentication correctly.

Note:
In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy
server is configured automatically.

This topic contains information about editing the registry.

156

Procedure
To configure the RPC proxy server to allow for SSL offloading on a separate server
1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

Important:
On the RPC virtual directory security settings in Internet Information Services
(IIS), under Authentication methods, verify that the check box next to
Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to
Microsoft Management Console (MMC).

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario
157

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Create an Outlook Profile for Users

to Use with RPC over HTTP
This topic explains how to create a Microsoft® Office Outlook® profile for users to use with
RPC over HTTP.

Before you begin the procedure in this topic, confirm the following:

 You are running one of the following on the client computer:

 Microsoft Windows® XP with Service Pack 1 and 331320 hotfix or later

 Microsoft Windows Server 2003

 You are running Outlook 2003 on the client computer.

 You have completed all other steps for configuring RPC over HTTP on your Exchange
servers.

Procedure
To create an Outlook profile for users to use with RPC over HTTP
1. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

2. In Control Panel, perform one of the following tasks:

 If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

 If you are using Classic View, double-click Mail.

3. In Mail Setup, under Profiles, click Show Profiles.

4. In Mail, click Add.

158

5. In New Profile, in the Profile Name box, type a name for this profile, and then click
OK.

6. In the E-mail Accounts wizard, click Add a new e-mail account, and then click
Next.

7. On the Server Type page, click Microsoft Exchange Server, and then click Next.

8. On the E-mail Accounts page, do the following:

a. In the Microsoft Exchange Server box, type the fully qualified domain name
(FQDN) of your back-end Exchange server where your mailbox resides.

b. Click to clear the Use Cached Exchange Mode check box.

Important:
Temporarily turn off Cached Exchange mode to test your configuration.
We recommend that you enable Cached Exchange mode after you test
your RPC over HTTP configuration.

c. In the User Name box, type the name of the user account that you want to use.

d. Click More Settings.

9. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

Note:
If the Exchange over the Internet area does not appear on the
Connection tab, see the How to Verify Client Computer Configuration.

c. Click Exchange Proxy Settings.

10. In the Exchange Proxy Settings dialog box, in the Connections Settings pane,
perform the following steps:

a. Enter the FQDN of the RPC proxy server in the Use this URL to connect to my
159

proxy server for Exchange box. The RPC proxy server is the Exchange server
that users can connect to on the Internet. For example, type mail.contoso.com.

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
Outlook defines a fast connection as a connection that is faster than 128
kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

160

12. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

To modify an existing Outlook profile for users to use with RPC over HTTP
1. Use either Control Panel or Outlook to open the E-Mail Accounts wizard.

To open the E-Mail Accounts wizard using Control Panel, do the following:

a. On the client computer where Outlook 2003 is installed, click Start, and then click
Control Panel.

b. In Control Panel, perform one of the following tasks:

• If you are using Category View, in the left pane, under See Also, click Other
Control Panel Options, and then click Mail.

• If you are using Classic View, double-click Mail.

161

c. In Mail Setup, under Profiles, click Show Profiles.

d. In Mail, click the profile that you want to change, and then click Properties.

e. In Mail Setup, click E-mail Accounts.

To open the E-Mail Accounts wizard using Outlook, do the following:

a. In Outlook, on the Tools menu, click E-Mail Accounts.

2. In the E-mail Accounts wizard, click View or change existing e-mail accounts,
and then click Next.

3. On the E-mail Accounts page, select the Microsoft Exchange Server account, and
then click Change.
4. On the Exchange Server Settings page, click More Settings.

5. In the Microsoft Exchange Server dialog box, do the following:

b. On the Connection tab, in the Exchange over the Internet pane, select the
Connect to my Exchange mailbox using HTTP check box.

c. Click Exchange Proxy Settings.

6. In the Exchange Proxy Settings dialog box, in the Connections Settings pane, do
the following steps:

b. Select the Connect using SSL only check box.

c. If you want to enable mutual authentication, select the Mutually authenticate

the session when connecting with SSL check box.

d. If you enabled mutual authentication, enter the FQDN of the RPC proxy server in
the Principle name for proxy server box. Use the format: msstd:FQDN of RPC
Proxy Server.

e. As an optional step, you can configure Outlook 2003 to connect to your

Exchange server by default by using RPC over HTTP. To do this, select the
check box next to On fast networks, connect to Exchange using HTTP first,
then connect using TCP/IP.

Note:
162

Outlook defines a fast connection as a connection that is faster than 128

kilobits per second (Kbps). Outlook defines a slow connection as a
connection that is slower than or equal to 128 Kbps.

The following figure shows the Exchange Proxy Settings dialog box.

Exchange Proxy Settings

8. Click OK in the Exchange Proxy Settings box, click OK in the Microsoft Exchange
Server box, click Next on the E-mail Accounts page, click Finish to close the
wizard, and then click OK.

For More Information

For more information about configuring Outlook 2003 profiles for RPC over HTTP, see:
163

 Video that shows how to configure Outlook 2003 MAPI profile to connect to Exchange
Server 2003 using RPC over HTTP (http://go.microsoft.com/fwlink/?LinkId=64060)

Note:
The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Configuring Outlook 2003 for RPC over HTTP

 Customizing Outlook Profiles by Using PRF Files

 Configuring Outlook Profiles by Using a PRF File

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see the following topics in the Exchange Server 2003 RPC over HTTP Guide:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-
End Server

How to Upgrade an Exchange Server 2003

RPC over HTTP Deployment to Exchange
Server 2003 SP1
This topic explains how to upgrade a Microsoft® Exchange Server 2003 RPC over HTTP
deployment to Exchange Server 2003 Service Pack 1 (SP1). Follow these instructions when
upgrading to preserve your previous settings for RPC over HTTP.

Before You Begin

Before you perform the procedure in this topic, confirm the following:

 You have read System Requirements for RPC over HTTP on Exchange Server 2003.
164

 Your RPC proxy server has the RPC over HTTP Microsoft Windows® networking
component for Internet Information Services (IIS) installed. If you are upgrading an
existing RPC over HTTP deployment, this should already be completed.

 You have upgraded your front-end servers to Exchange Server 2003 SP1.

 You are running Exchange Server 2003 on your back-end servers. You can have SP1
installed on your back-end servers, but it is not necessary.

Procedure
To upgrade an Exchange Server 2003 RPC over HTTP deployment to Exchange
Server 2003 SP1
1. Configure each of your Exchange back-end servers to act as targets for the RPC proxy
servers. For detailed steps, see How to Configure the Back-End Server to Act as a Target
for the RPC Proxy Server.

Note:
By performing this task, you set an Active Directory® directory service property
that indicates to a front-end server that these back-end servers should be
published for RPC over HTTP access. If your topology has multiple global
catalog servers, you might want to wait for Active Directory replication to
propagate these properties before proceeding to the next step.

2. Configure each of your Exchange front-end servers to act as RPC proxy servers. For
detailed steps, see How to Configure the RPC Proxy Server Settings on a Front-End
Server in Exchange System Manager.

Note:
When you reconfigure your Exchange servers to use RPC over HTTP, you will
receive the following warning messages if you have already configured your
Exchange front-end servers to use RPC over HTTP.

Warning message—RPC over HTTP already configured

3. When you receive this message, click OK to allow Exchange to automatically manage the
165

RPC over HTTP registry keys. Your old configuration will be backed up to the file that is
referenced in the dialog box.

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and
have not installed SP1 on your Exchange servers, see one of the following articles:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003 SP1, see
one of the following topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1
(Front-End/Back-End Scenario)

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No
Front-End Server

 If you want to add another Exchange Server 2003 back-end server to your organization
after you have deployed RPC over HTTP, see Adding a Back-End Server to an RPC over
HTTP Deployment.

 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.

How to Configure the Back-End Server to

Act as a Target for the RPC Proxy Server
This topic explains how to configure a back-end server to act as a target for the RPC proxy
server.

Before You Begin

To successfully complete the procedure in this topic, confirm the following:
166

 You are running Exchange 2003 SP1 on at least one server in the organization.

 You configured the back-end server, using Exchange System Manager, on a server that
is running Exchange 2003 SP1.

Note:
The back-end server that you configure does not have to have SP1 installed.

Procedure
To configure the back-end server to act as a target for the RPC proxy server
1. Click Start, point to All Programs, point to Microsoft Exchange, and then click System
Manager.

2. In Exchange System Manager, expand Administrative Groups, and then expand the
administrative group that contains your Exchange back-end server.

3. Expand the Servers object, right-click the Exchange back-end server that you want to
configure, and then select Properties.

4. On the Exchange Server Properties page, click the RPC-HTTP tab, and then select the
option next to RPC-HTTP back-end server.

Warning message—no front-end server configured

6. Click OK on the Exchange Server Properties page.

Warning message—incorrect ports configured

167

8. Perform this procedure on all Exchange Server 2003 SP1 back-end servers that RPC
proxy servers need to be able to access.

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to Exchange
Server 2003 SP1

How to Configure the RPC Proxy Server

Settings on a Front-End Server in
Exchange System Manager
This topic explains how to configure the RPC proxy server settings on a front-end server in
Exchange System Manager.

Before You Begin

To successfully complete the procedure in this topic, confirm that you are running Microsoft®
Exchange Server 2003 SP1 on the RPC proxy server.

2. Expand the Servers object, right-click the Exchange server that you have configured
168

as the RPC proxy server, and then select Properties.

3. On the Exchange Server Properties page, click the RPC-HTTP tab, and then select
the option next to RPC-HTTP front-end server.

The RPC-HTTP tab in Exchange System Manager

4. Click OK.

For More Information

For more information, see:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-
End/Back-End Scenario)

 How to Upgrade an Exchange Server 2003 RPC over HTTP Deployment to Exchange
Server 2003 SP1

How to Deploy RPC over HTTP for the First

Time in Small Business Server 2003
(Standard or Premium)
This topic explains how to deploy RPC over HTTP for the first time in an Exchange Server
2003 Service Pack 1 (SP1) running on Microsoft® Windows Small Business Server 2003 that
is a standard or premium installation.

Before You Begin

Before performing the following procedure, confirm the following:

 You have read System Requirements for RPC over HTTP on Exchange Server 2003.

 Verify that your server is running Windows Small Business Server 2003 (Standard or
Premium).

Procedure
To deploy RPC over HTTP in a Small Business Server (Standard or Premium)
1. On the Windows Small Business Server 2003, run the Configure E-mail and Internet
Connection Wizard. Follow these steps to go through the wizard:

a. Click Start, and then click Server Management.

b. Click To Do List, and then click Connect to the Internet.

c. Continue through the wizard and enter the specific information about your
Internet connection type, your DNS server, and your router.

d. On the Web Services Configuration page, click to select the Outlook via the
Internet check box under the Allow access to only the following Web site
services from the Internet. Select any additional services, such as Outlook
170

Web Access, that you require.

e. Click Next.

f. On the Web Server Certificate page, select the Web server certificate type, and
then click Next. You can choose to either install a new Web server certificate or
locate a third-party certificate.

Note:
The wizard automatically configures Exchange, Internet Security and
Acceleration (ISA) Server, IIS, and the RPC proxy registry entries.

2. Configure an email profile for Outlook 2003 clients to use RPC over HTTP. For
detailed steps, see How to Create an Outlook Profile for Users to Use with RPC over
HTTP.

3. Test RPC virtual directory configuration from a Windows XP client. For detailed steps,
see How to Verify RPC Virtual Directory Configuration.

For More Information

 If you are deploying RPC over HTTP for the first time on Exchange Server 2003, and
have not installed Service Pack 1 on your Exchange servers, see one of the following
topics:

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-
End/Back-End Scenario, Back End on Global Catalog Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server

 How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No
Front-End Server, Back-End on Global Catalog Server

 If you want to add another Exchange Server 2003 back-end server to your topology after
you have deployed RPC over HTTP, see Adding a Back-End Server to an RPC over
HTTP Deployment.
171

 If you want help with troubleshooting RPC over HTTP communications, see
Troubleshooting RPC over HTTP Communications.

Adding a Back-End Server to an RPC over

HTTP Deployment
When your Microsoft® Exchange Server 2003 SP1 front-end servers are configured to act as
RPC over HTTP front-end servers, they will automatically detect and publish any additional
back-end servers that you later configure as RPC over HTTP back-end servers. For example,
if you upgrade a server running Exchange 2000 Server to an Exchange 2003 server and
need to allow RPC over HTTP access to that server, configure it as an RPC over HTTP back-
end server and it will be published automatically. You do not need to restart any services.
However, because you are working with Active Directory® directory service properties, you
may need to allow for replication latency before the front-end server detects the changes.
Additionally, the front-end server updates its RPC over HTTP target details every 15 to 20
minutes.

For more information about how to configure a back-end server to act as a target for the RPC
proxy server, see How to Configure the Back-End Server to Act as a Target for the RPC
Proxy Server.

Troubleshooting RPC over HTTP

Communications
This section describes the steps to help you troubleshoot connection problems when you
configure an RPC over HTTP connection. The main areas of troubleshooting include:

 Verifying the RPC proxy server certificate and authentication methods.

 Verifying a successful connection to the RPC proxy server by using a Secure Sockets
Layer (SSL) connection.

 Verifying the Office Outlook client configuration.

These steps walk you through all parts of your configuration to help troubleshoot an
unsuccessful RPC over HTTP connection. Additionally, other troubleshooting information is
provided to help you determine if an Office Outlook 2003 Client RPC over HTTP connection
is working.
172

Troubleshoot RPC over HTTP Communications

To troubleshoot RPC over HTTP communications, see the following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

For More Information

 For information about how to configure RPC over HTTP in different Exchange Server
2003 scenarios, see Deployment Scenarios for RPC over HTTP.

 For information about Remote Procedure Calls that use RPC over HTTP, see Remote
Procedure Calls Using RPC over HTTP.

 For information on configuring Outlook 2003 client for RPC over HTTP, see Configuring
Outlook 2003 for RPC over HTTP.

How to Verify That RPC over HTTP Support

Is Installed
This topic is among a series of steps to help you troubleshoot an unsuccessful RPC over
HTTP connection. This article explains how to verify that the RPC over HTTP components
are installed on your Exchange Server 2003 computer.

Procedure
To verify that RPC over HTTP support is installed
 Make sure that the ValidPorts registry entry is configured correctly and that the RPC
over HTTP component is installed on the Exchange 2003 computer.

Note:
173

For more information on the ValidPorts registry key, see RPC over HTTP
Interactions on the RPC Proxy Server.

 Additionally, view the application log in Event Viewer.

If the ValidPorts registry entry is configured incorrectly, the Rpcproxy.dll file will not
load when a client tries to access the RPC proxy server. In this scenario, the
following event is logged to indicate that the Rpcproxy.dll file did not load
successfully:

Event Source: RPC Proxy

Event Category: Startup

Event ID: 2
Date: date

Time: time

Type: Error

User: N/A

Computer: computername

Description: The following ValidPorts registry key could not be parsed.

computername: 100'5000. The RPC Proxy cannot load. The ValidPorts registry key
might have been configured incorrectly.

User Action: Verify that the ValidPorts registry value is set correctly. If the value is
not correct, edit the registry key to reflect the correct value.

Note:
This issue only occurs if the Data value for the ValidPorts registry entry is
incorrectly formatted. For example, this issue occurs if the value contains
incorrect characters or punctuation. This event is not logged in a scenario
where you have configured incorrect server names. Additionally, this event is
only logged the first time that you connect to the RPC HTTP server after you
restart the World Wide Web Publishing service.

For More Information

 For information about how to configure RPC over HTTP in different Exchange Server
2003 scenarios, see Deployment Scenarios for RPC over HTTP.

 For more information on troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC Proxy Server Extension Is Loading Properly

174

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Verify That World Wide Web

Publishing Service Is Running
This topic helps you troubleshoot an unsuccessful RPC over HTTP connection. This article
explains how to verify that the World Wide Web Publishing Service is running on your
Exchange Server 2003 computer.

Procedure
To verify that the World Wide Web Publishing Service is running on Exchange
Server 2003
1. Type the following command at a command prompt, and then press ENTER:

net start w3svc

2. Verify that you can resolve the name of the back-end Exchange Server 2003
computer from the RPC proxy server.

Note:
Do this to make sure that the RPC proxy server can communicate with the
back-end Exchange Server 2003 computers by using RPC communications.

For More Information

 For information on deploying RPC over HTTP in different Exchange Server 2003
scenarios, see Deployment Scenarios for RPC over HTTP.

 For more information about troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

175

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Verify That SSL Certificate Is

Installed on RPC Proxy Server
This topic helps you troubleshoot an unsuccessful RPC over HTTP connection. This article
explains how to verify that a Secure Sockets Layer (SSL) certificate is installed on the RPC
proxy server.

Procedure
To verify that an SSL certificate is installed on the RPC proxy server
1. On the RPC proxy server, start Internet Information Services (IIS) Manager.

2. Expand computername (local computer), where computername is the name of your

RPC proxy server.

3. Expand Web Sites, right-click the Web site where the RPC application is located,
and then click Properties.

4. Click the Directory Security tab, and then click View Certificate.

For More Information

 For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see Deployment Scenarios for RPC over HTTP.

 For more information about troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify RPC Virtual Directory Configuration

176

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Verify RPC Virtual Directory

Configuration
This topic helps you troubleshoot an unsuccessful RPC over HTTP connection. The topic
explains how to verify that the RPC virtual directory is properly configured in Internet
Information Services (IIS) so that IIS can connect to the RPC application on the RPC proxy
server by using Secure Sockets Layer (SSL) protocol.

In the task, a client computer running Windows XP Service Pack 1 (SP1) or later is used to
connect to the RPC virtual directory in IIS. The task uses Internet Explorer to test RPC and
Internet Information Services (IIS) connection to confirm that the RpcProxy.dll file on the RPC
proxy server is working correctly. To test that the RPC virtual directory is properly configured
in IIS, follow one of the following procedures that best suits your scenario.

 Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on Windows
Server 2003 or Windows Small Business Server 2003.

 Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on Windows
Server 2003 SP1.

Note:
You can also test RPC, IIS functionality by browsing directly to the DLL file in the
RPC Virtual Directory. Steps are included in the procedure below.

Procedure
Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on
Windows Server 2003 or Windows Small Business Server 2003
1. On the client computer, start Internet Explorer, type the fully qualified domain name
(FQDN) address in Internet Explorer, and then click Go.

For example, type: https://mail.contoso.com/rpc

Note:
Substitute the FQDN of your RPC proxy server for mail.contoso.com.
177

2. Do one of the following depending on the message you receive:

 If you receive the following message, click OK:

You are about to view pages over a secure connection.

Any information you exchange with this site cannot be viewed by anyone
else on the Web.

 If you receive a message that states that the certificate was issued by a company
that you have not chosen to trust, make sure that the client computer trusts the
root certification authority that issued the certificate.

Note:
Typically, you receive this message when you do not configure the server
to use a third-party certificate. For more information about how to trust a
root certification authority, view the article in the Microsoft Knowledge
Base: This security certificate was issued by a company that you have
not chosen to trust.

3. When you are prompted for your credentials, type your user name in the Universal
Naming Convention (UNC) format, type your password, and then click OK.

For example, type your user name in the domain\username format. You receive the
following error message:

The page cannot be displayed

HTTP Error 403.2 - Forbidden: Read access is denied.

Internet Information Services (IIS)

Note:
This error message is the expected behavior. This error message indicates that
the RPC virtual directory on the server is correctly configured. IIS returns this
error message because the client program does not have Read permissions to
the RPC application on the RPC proxy server, although you can successfully
access this application.

Procedure
Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on
Windows Server 2003 SP1
 Option 1: Test the RPC proxy server, IIS connection to the RPC application through
your Internet browser.

Note:
178

If you have applied Windows Server 2003 SP1, you will find a new Virtual
Directory in IIS. It is named RpcWithCertand is located under the Default Web
Site. This new Virtual Directory does not effect the current RPC over HTTP
configuration and you are not required to configure it.

1. On the client computer, start Internet Explorer, type the fully qualified domain name
(FQDN) address in Internet Explorer, and then click Go. For example, type

https://mail.contoso.com/rpc

Note:
Substitute the FQDN of your RPC proxy server for mail.contoso.com.

2. Enter your credentials at the first prompt, click OK on the second and third prompts.

Note:
You will receive a prompt to enter your credentials three times. After the first
prompt, you do not have to enter your credentials again.

After you click OK on the second and third prompts, you receive the following error
message:

You are not authorized to view this page. You do not have permission to view
this directory or page due to the access control list (ACL) that is configured for
this resource on the Web server.

HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the
requested resource.

Internet Information Services (IIS)

This error message is the expected behavior. This error message indicates that the
RPC Virtual Directory on the server is correctly configured.

 Option 2: You can test RPC, IIS functionality by browsing directly to the DLL file that
is being hosted in the RPC Virtual Directory through your browser.

a. On the client computer, start Internet Explorer, type the following FQDN address
in Internet Explorer, and then click Go:

https://mail.contoso.com/rpc/rpcproxy.dll

Note:
Substitute the FQDN of your RPC proxy server for mail.contoso.com.

b. When prompted for your credentials, type your user name by using the Universal
Naming Convention (UNC) format (domain\username), type your password, and
then click OK.

You will see a blank page in your browser and there will be a lock icon in the
Status Bar of your browser. This indicates that you have successfully established
179

a secured (SSL) connection with the server. Again, this is the expected behavior
and indicates that the RPC Virtual Directory is configured correctly on the server.

Note:
If you receive a message that states that the certificate was issued by a
company that you have not chosen to trust, your client computer is not
configured to trust the root certification authority that issued the
certificate. This behavior typically occurs when you do not configure the
RPC proxy server to use a third-party certificate. For more information
about how to trust a root certification authority, view the article in the
Microsoft Knowledge Base 297681, This security certificate was issued
by a company that you have not chosen to trust.

For More Information

 For information about configuring RPC virtual directory in IIS, see How to Configure the
RPC Virtual Directory in IIS.

 For information about verifying that the RPC Proxy Server Extension is loading properly,
see How to Verify Client Computer Configuration.

 For more information about troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Verify That RPC Proxy Server Has

Basic Authentication Configured
This topic helps you troubleshoot an unsuccessful RPC over HTTP connection. This article
explains how to verify that the RPC proxy server is configured to use basic authentication.

If your clients are repeatedly prompted for their credentials, verify that the RPC proxy server
is configured to use basic authentication. Follow steps below.
180

Note:
It is recommended that you use Basic authentication over Windows Integrated
Authentication (NTLM) because of two reasons. First, RPC over HTTP currently
supports only NTLM – it doesn’t support Kerberos. Second, if there is an HTTP Proxy
or a firewall between the RPC over HTTP client and the RPC Proxy, which inserts the
via pragma in the HTTP header, NTLM authentication will not work. For more
information see, RPC over HTTP Deployment Recommendations.

Procedure
To verify that RPC proxy virtual server is configured to use basic authentication
1. Start the Internet Information Services (IIS) Manager.

2. Expand computername (local computer), expand Web Sites, expand the Web site
where the Rpc application is configured, right-click Rpc, and then click Properties.

3. Click the Directory Security tab, and then click Edit under Authentication and
access control.

4. Click to clear the Enable anonymous access check box if it is selected.

5. Click to select the Basic authentication (password is sent in clear text) check
box. You receive the following message:

The authentication option you have selected results in passwords being

transmitted over the network without data encryption. Someone attempting to
compromise your system security could use a protocol analyzer to examine
user passwords during the authentication process. For more detail on user
authentication, consult the online help. This warning does not apply to HTTPS
(orSSL) connections.

Are you sure you want to continue?

Note:
In this message, the word "HTTPS (orSSL)" is a misspelling for the words
"HTTPS (or SSL)."

Click Yes.

6. Click OK two times.

For More Information

 For more information on Basic and Integrated Windows authentication, see RPC over
HTTP Authentication and Security.
181

 For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see Deployment Scenarios for RPC over HTTP.

 For more information on troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Verify That RPC Proxy Server

Extension Is Loading Properly
This topic is among a series of steps to help you troubleshoot an unsuccessful RPC over
HTTP connection. This article explains how to verify that the RPC Proxy Server Extension is
loading properly.

If Outlook clients experience connection problems after you configure all the required settings
for RPC over HTTP on the server side, it may be because the RPC Proxy Server Extension
is not loading correctly. When clients experience this kind of connection problem in Outlook,
they receive an error message that is similar to the following:

Exchange server is unavailable.

To verify that the RPC Proxy Server Extension is loading correctly, follow the steps below.

Procedure
To verify that the RPC Proxy Server Extension is Loading Properly
1. On the Exchange Server, click Start, point to Administrative Tools, and then click
Internet Information Services (IIS) Manager on your RPC proxy server.

2. Under the icon for your RPC proxy server, click Web Service Extensions.

3. In the right pane, click RPC Proxy Server Extension, and then click Properties.

4. Confirm that the path of the Rpcproxy.dll file is correct. The correct location is the
182

following:

%systemroot%\system32\rpcproxy\rpcproxy.dll

For example, the correct location could be the following:

c:\windows\system32\rpcproxy\rpcproxy.dll

Examine the path entry carefully because it could be incorrectly set to the following:

%systemroot%\system32\rpcproxy.dll

For example, the current location could be set to the following:

c:\windows\system32\rpcproxy.dll
This incorrect path can appear to be correct at a quick glance.

Note:
The Rpcproxy.dll file could be present in both locations; you do not have to
delete or modify that file in either of those locations. If you find that this path
entry is correctly set, then the Rpcproxy.dll file may be missing or corrupted.
If this is the case, the Rpcproxy.dll file may have to be replaced or re-
registered.

Additionally, if you experience this issue, the following 404 error is logged in the IIS
log on your RPC proxy server:

2004-01-01 13:13:31 192.100.100.1 RPC_IN_DATA /rpc/rpcproxy.dll

FQDN.company.com:6002 443 domain\username 192.100.100.2 MSRPC 404 2
1260

This 404 error may be caused by a disabled or non-functioning Web service

extension. For more information, see the following article in the Microsoft Knowledge
Base, 248033: Common reasons IIS Server returns "HTTP 404 - File not found"
error.

For More Information

 For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see Deployment Scenarios for RPC over HTTP

 For more information on troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

183

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Verify Client Computer

Configuration
This topic helps you troubleshoot an unsuccessful RPC over HTTP connection by giving a
checklist to verify RPC over HTTP configuration on a Windows XP client computer.

Procedure
Client Computer Configuration Checklist
 Make sure that the client computer is running Microsoft® Office Outlook 2003. To
verify your version of Outlook, start Outlook, and then click About Microsoft
Outlook on the Help menu. For detailed steps, see a video that shows you how to
verify that Outlook 2003 is running on a Windows XP client. The video is in Windows
Media Player format. If you have trouble viewing the video, see the Windows Media
Player support page.

 Make sure that the client computer is running Microsoft Windows® XP together with
the latest service pack. The latest service pack for Windows XP at the time of this
writing is Windows XP Service Pack 1 (SP1). For detailed steps, see a video that
shows you how to verify that the Windows XP client is running Service Pack 1 or
later. The video is in Windows Media Player format. If you have trouble viewing the
video, see the Windows Media Player support page.

 Make sure that the client computer has the update from Microsoft Knowledge Base
article 331320 installed if you are running Windows XP SP1. For more information,
see Microsoft Knowledge Base article 331320, Outlook 2003 performs slowly or
stops responding when connected to Exchange Server 2003 through HTTP.

This fix updates the Rpcrt4.dll file in Windows XP. You must be running Rpcrt4.dll
version 5.1.2600.1142 or later. For detailed steps, see a video that shows you how to
verify that Windows XP Service Pack 1 has hotfix 331320 installed. The video is in
Windows Media Player format. If you have trouble viewing the video, see the
Windows Media Player support page.

 Verify that the Outlook 2003 client profile is configured properly to use RPC over
HTTP. For detailed steps, see How to Create an Outlook Profile for Users to Use with
RPC over HTTP.
184

 Check the RPC over HTTP connection status on an Outlook 2003 client. For detailed
steps, see How to Check RPC over HTTP Connection Status on Outlook 2003 Client.

 Make sure that on the client computer, you are able to connect to Exchange Server
2003 by specifying login credentials in user principal name (UPN) format. If unable to
connect using the UPN format, the client computer should install the hotfix that is
described in the following Microsoft Knowledge Base article, 830355: You cannot use
Outlook 2003 over the Internet by using your user principal name (UPN).

 Verify that when configuring an Outlook 2003 client profile using the Email Accounts
wizard, the Exchange over the Internet area appears on the Connection tab of the
Microsoft Exchange Server dialog box. For detailed steps on enabling the
Exchange over the Internet area in Outlook 2003 Email Accounts wizard, see How
to Enable 'Exchange over the Internet' in Outlook 2003 E-mail Accounts Wizard.

 Verify that the RPC Proxy Server Extension is loading correctly. If Outlook clients
experience connection problems after you configure all the required settings for RPC
over HTTP on the server side, it may be because the RPC Proxy Server Extension is
not loading correctly. For information on verifying that RPC Proxy Server Extension is
loading correctly, see How to Verify That RPC Proxy Server Extension Is Loading
Properly.

For More Information

For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see Deployment Scenarios for RPC over HTTP

For more information about troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Exchange Server 2003 Port Configuration

 Microsoft Knowledge Base Article 826486, You cannot use RPC over HTTP with a proxy
automatic configuration script
185

How to Enable 'Exchange over the Internet'

in Outlook 2003 E-mail Accounts Wizard
This topic helps you troubleshoot an unsuccessful RPC over HTTP connection by explaining
how to enable the Exchange over the Internet area in the Outlook 2003 E-mail Accounts
wizard.

When configuring an Outlook 2003 client profile using the E-mail Accounts wizard, if the
Exchange over the Internet area does not appear on the Connection tab of the Microsoft
Exchange Server dialog box, make sure that your client computer meets the requirements to
configure RPC over HTTP. If you installed the service pack and the update package that are
required, and the Exchange over the Internet area still does not appear on the Connection
tab, edit the Windows registry. To edit the Windows registry, follow the steps below.

Before You Begin

Procedure
To Edit Windows Registry
1. Start Registry Editor.

2. Locate and then click the following registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\RPC

3. Create the following registry entry if it does not exist:

Value name: EnableRPCtunnelingUI

Value type: REG_DWORD

Value data: 1

4. Quit Registry Editor.

186

For More Information

For more information about troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Check RPC over HTTP Connection

Status on Outlook 2003 Client
This topic helps you troubleshoot RPC over HTTP communications on a Windows XP client
computer. The article explains how to do the following:

 View active server connections on an Outlook 2003 client

 Verify that an Outlook 2003 client connects to Exchange Server 2003

Before You Begin

Before proceeding, confirm that the Windows XP client computer has the configuration listed
in How to Verify Client Computer Configuration.

Procedure
To view active server connections on Outlook 2003 client
1. On the client computer, move the mouse pointer over the Microsoft Office Outlook
icon in the notification area that is located at the lower right of the desktop.

2. Press the CTRL key, and then right-click this icon.

3. Click Connection Status.

Note:
187

All active connections appear. You can use the Exchange Server
Connection Status window to determine if you are connected to the
Exchange Server 2003 computer by using an RPC over HTTP connection.

To verify that Outlook 2003 client connects to Exchange Server 2003

1. Click Start, click Run, type outlook /rpcdiag, and then click OK.

2. Type your credentials in the User name box and in the Password box, and then click
OK.

3. If HTTPS appears in the Conn column in the Exchange Server Connection Status
window, a service is connected by using RPC over HTTP.

Note:
The Exchange Server Connection Status window may appear directly
behind the Outlook program window.

For More Information

For more information about troubleshooting RPC over HTP communications see these topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify Client Computer Configuration

 How to Verify Exchange Server 2003 Port Configuration

How to Verify Exchange Server 2003 Port

Configuration
This topic helps you troubleshoot an unsuccessful RPC over HTTP connection. This article
explains how to do the following

 Verify that the ports are set correctly on the Exchange Server 2003 computer.

 Configure a Windows Server 2003 global catalog server to use specific ports for RPC
over HTTP when Exchange is deployed in a single-server environment.
188

Procedure
To verify that the ports are set correctly on the Exchange 2003 computer
1. On Exchange Server 2003, run the RPCDump tool (RPCDump.exe) to view the
Exchange 2003 port information.

Note:
The RPCDump tool.exe is included in the Windows Server 2003 Resource
Kit tools.

2. Use the RPCDump tool to verify all the following items for the ncacn_http protocol:

 Verify that the information store is listening on port 6001.

 Verify that the Directory service proxy server is listening on port 6004.

 Verify that the Directory Service Referral service is listening on port 6002.

3. If the Exchange back-end server is also a global catalog server, verify that the global
catalog port is set correctly. See procedure below for instructions.

Important:
This step is only required if you configure RPC over HTTP in a single-server
environment or if the Exchange back-end server is also a global catalog
server.

To configure a global catalog server to use specific ports for RPC over HTTP when
Exchange is deployed in a single-server environment
1. Start Registry Editor.

Caution:
Incorrectly editing the registry can cause serious problems that may require
you to reinstall your operating system. Problems resulting from editing the
registry incorrectly may not be able to be resolved. Before editing the registry,
back up any valuable data.

2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

3. On the Edit menu, point to New, and then click Multi-String Value.

4. Name the new registry value NSPI interface protocol sequences.

5. Right-click NSPI interface protocol sequences, and then click Modify.

6. In the Value data box, type ncacn_http:6004, and then click OK.

7. Quit Registry Editor, and then restart the computer.

189

For More Information

 For information about configuring the RPC Proxy server to use specified ports for RPC
over HTTP, see How to Configure the RPC Proxy Server to Use Specified Ports for RPC
over HTTP.

 For detailed information on RPC and HTTP protocols, see RPC over HTTP Protocol
Specifics.

 For information about deploying RPC over HTTP in different Exchange Server 2003
scenarios, see Deployment Scenarios for RPC over HTTP.

 For more information about troubleshooting RPC over HTTP communications, see the
following topics:

 How to Verify That RPC over HTTP Support Is Installed

 How to Verify That World Wide Web Publishing Service Is Running

 How to Verify That SSL Certificate Is Installed on RPC Proxy Server

 How to Verify RPC Virtual Directory Configuration

 How to Verify That RPC Proxy Server Has Basic Authentication Configured

 How to Verify That RPC Proxy Server Extension Is Loading Properly

 How to Verify Client Computer Configuration

Copyright
The information contained in this document represents the current view of Microsoft
Corporation on the issues discussed as of the date of publication. Because Microsoft must
respond to changing market conditions, it should not be interpreted to be a commitment on
the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information
presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO

WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting
the rights under copyright, no part of this document may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express
written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
190

written license agreement from Microsoft, the furnishing of this document does not give you
any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted in examples herein are fictitious. No
association with any real company, organization, product, domain name, e-mail address,
logo, person, place, or event is intended or should be inferred.

Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, Active Directory, ActiveSync,
ActiveX, Entourage, Excel, FrontPage, Hotmail, JScript, Microsoft Press, MSDN, MSN,
Outlook, SharePoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows Mobile,
Windows NT, and Windows Server System are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

Conf2015 DWaddle DefensePointSecurity Deploying SplunkSSLBestPractices
No ratings yet
Conf2015 DWaddle DefensePointSecurity Deploying SplunkSSLBestPractices
50 pages
Zero Trust Network Access: Hands On Lab
No ratings yet
Zero Trust Network Access: Hands On Lab
63 pages
CH-1 Internet Basics Notes
92% (12)
CH-1 Internet Basics Notes
5 pages
Scenario - Passo1 - Install Exchange Server 2013 in Windows Server 2012 PDF
No ratings yet
Scenario - Passo1 - Install Exchange Server 2013 in Windows Server 2012 PDF
5 pages
Administering Microsoft Exchange Server 2016: Course 20345 1A
No ratings yet
Administering Microsoft Exchange Server 2016: Course 20345 1A
10 pages
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)
Juniper - SRX1500 Services Gateways Firewall
No ratings yet
Juniper - SRX1500 Services Gateways Firewall
6 pages
Implementing RPC Over HTTPS
No ratings yet
Implementing RPC Over HTTPS
9 pages
Using RPC Over HTTP With Exchange Server 2003 SP1: Author: Bill Boswell
No ratings yet
Using RPC Over HTTP With Exchange Server 2003 SP1: Author: Bill Boswell
19 pages
Outlook 2003 Client Setup
No ratings yet
Outlook 2003 Client Setup
14 pages
NetScaler 10.5 SSL Offload and Acceleration
No ratings yet
NetScaler 10.5 SSL Offload and Acceleration
253 pages
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Exchange 2013 Outlook Anywhere
No ratings yet
Exchange 2013 Outlook Anywhere
6 pages
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
No ratings yet
Plain JavaScript: Learning the Front-End
From Everand
Plain JavaScript: Learning the Front-End
Roger Beans-Rivet
No ratings yet
Welcome To The Exchange, Office & Office 365 Workshop: Hans Demeyer
No ratings yet
Welcome To The Exchange, Office & Office 365 Workshop: Hans Demeyer
65 pages
Planning and Deploying Client Access
No ratings yet
Planning and Deploying Client Access
45 pages
Cloud Computing : Beginners And Intermediate User Guide
From Everand
Cloud Computing : Beginners And Intermediate User Guide
David comer
No ratings yet
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
WhatsNew Exchange2013
No ratings yet
WhatsNew Exchange2013
32 pages
Advanced Multiplayer Game Development with Ureal Engine 5: A Comprehensive Guide to C++ Scripting
From Everand
Advanced Multiplayer Game Development with Ureal Engine 5: A Comprehensive Guide to C++ Scripting
Vladimir Kiselev
No ratings yet
E2010 - Upgrade - Workshop Module - 4 - Upgrading - Roles - v1 - 5
No ratings yet
E2010 - Upgrade - Workshop Module - 4 - Upgrading - Roles - v1 - 5
159 pages
OSBizV2 MSExchange 2016
No ratings yet
OSBizV2 MSExchange 2016
22 pages
JetNEXUS ALB Howto Loadbalance Exchange
No ratings yet
JetNEXUS ALB Howto Loadbalance Exchange
26 pages
Exchange Server 2019 Protocols Overview
No ratings yet
Exchange Server 2019 Protocols Overview
46 pages
Installing Exchange 2010 Step
No ratings yet
Installing Exchange 2010 Step
4 pages
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
From Everand
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
Michael Basler
No ratings yet
Exchange Server 2010 - Introduction To Supporting Exchange Client Server
No ratings yet
Exchange Server 2010 - Introduction To Supporting Exchange Client Server
97 pages
Exchange 2013 Step by Step
100% (1)
Exchange 2013 Step by Step
26 pages
SSL_Introduction_2014
No ratings yet
SSL_Introduction_2014
17 pages
Exchange Server 2010 CAS
No ratings yet
Exchange Server 2010 CAS
1 page
vSphere High Performance Cookbook
From Everand
vSphere High Performance Cookbook
Prasenjit Sarkar
No ratings yet
NetScaler Exchange2010
No ratings yet
NetScaler Exchange2010
50 pages
Ex 2013 SP 1 Architecture
No ratings yet
Ex 2013 SP 1 Architecture
1 page
20345-1a 00
No ratings yet
20345-1a 00
20 pages
A To Z of Internet: Everything You Wanted to Know
From Everand
A To Z of Internet: Everything You Wanted to Know
Bittu Kumar
No ratings yet
Linux For Beginners : From Zero To System Admin
From Everand
Linux For Beginners : From Zero To System Admin
David William
No ratings yet
20345-1 Administering Microsoft Exchange Server 2016: Length Days: 5
No ratings yet
20345-1 Administering Microsoft Exchange Server 2016: Length Days: 5
4 pages
Microsoft Exchange 2010
No ratings yet
Microsoft Exchange 2010
18 pages
CAN Bus for Beginners: A Practical Guide to Automotive Networking
From Everand
CAN Bus for Beginners: A Practical Guide to Automotive Networking
Mohamad Charara
No ratings yet
Deploying and Managing Exchange Server 2013 HA
No ratings yet
Deploying and Managing Exchange Server 2013 HA
265 pages
Exchange 2013 Architecture
No ratings yet
Exchange 2013 Architecture
46 pages
How To Enable RPC Over HTTP Connectivity
No ratings yet
How To Enable RPC Over HTTP Connectivity
7 pages
20070389
No ratings yet
20070389
4 pages
ASSnIGNMENT 5
No ratings yet
ASSnIGNMENT 5
9 pages
Protech Professional Technical Services, Inc.: Course Summary
No ratings yet
Protech Professional Technical Services, Inc.: Course Summary
5 pages
Using ISA Server With Exchange 2003
100% (1)
Using ISA Server With Exchange 2003
49 pages
Postfix SSL Howto
No ratings yet
Postfix SSL Howto
6 pages
Skype For Business Hybrid Deployment Guide V1
No ratings yet
Skype For Business Hybrid Deployment Guide V1
35 pages
CBSA Certified Blockchain Solution Architect Exam Practice Test and Dumps CBSA Blockchain Exam Guidebook Updated Questions
From Everand
CBSA Certified Blockchain Solution Architect Exam Practice Test and Dumps CBSA Blockchain Exam Guidebook Updated Questions
Byte Books
No ratings yet
Microsoft Official Course: Designing and Deploying Microsoft Exchange Server 2016
No ratings yet
Microsoft Official Course: Designing and Deploying Microsoft Exchange Server 2016
18 pages
Step by Step Guide For Instalinng Exchange 2013
No ratings yet
Step by Step Guide For Instalinng Exchange 2013
8 pages
Exchange Bok
No ratings yet
Exchange Bok
90 pages
Microsoft Deploying Exchange Server 2016
No ratings yet
Microsoft Deploying Exchange Server 2016
47 pages
Configuring Microsoft Exchange Server 2007 and 2010 For Integration With Cisco Unified Presence (Over EWS)
No ratings yet
Configuring Microsoft Exchange Server 2007 and 2010 For Integration With Cisco Unified Presence (Over EWS)
12 pages
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
From Everand
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
Jay Nans
No ratings yet
203 Deploying Exchange Server 2016
No ratings yet
203 Deploying Exchange Server 2016
27 pages
RL - Microsoft Exchange 2010 Coexistence With 2007 Upgrading From 2007 To 2010 - Setup & Deployment
No ratings yet
RL - Microsoft Exchange 2010 Coexistence With 2007 Upgrading From 2007 To 2010 - Setup & Deployment
34 pages
Fast Lane MS 20345 1
No ratings yet
Fast Lane MS 20345 1
6 pages
Setup Guide For Exchange Server
No ratings yet
Setup Guide For Exchange Server
36 pages
E2010 - Upgrade - Workshop Module - 4 - Upgrading - Roles - v1 - 5
No ratings yet
E2010 - Upgrade - Workshop Module - 4 - Upgrading - Roles - v1 - 5
125 pages
Cybersecurity for Executives: A Guide to Protecting Your Business
From Everand
Cybersecurity for Executives: A Guide to Protecting Your Business
Matthew C. Smith
No ratings yet
Exchange Server 2010
No ratings yet
Exchange Server 2010
15 pages
Coen366 Module2
No ratings yet
Coen366 Module2
106 pages
Pa 3400 Series
No ratings yet
Pa 3400 Series
7 pages
Unit4 - CN - BCA 4th Sem
No ratings yet
Unit4 - CN - BCA 4th Sem
39 pages
Changelog
No ratings yet
Changelog
11 pages
TC_ME310G1_ME910G1_ML865G1_LWM2M_AT_Commands_Reference_Guide_r6
No ratings yet
TC_ME310G1_ME910G1_ML865G1_LWM2M_AT_Commands_Reference_Guide_r6
126 pages
amazon.web.services.passguide.dop-c02.brain.dumps.2024-may-29.by.abbott.119q.vce
No ratings yet
amazon.web.services.passguide.dop-c02.brain.dumps.2024-may-29.by.abbott.119q.vce
21 pages
DCCN lab Report
No ratings yet
DCCN lab Report
5 pages
La470-10250-2m - 0215 Skclappy - in
No ratings yet
La470-10250-2m - 0215 Skclappy - in
103 pages
DSS-Express Users-Manual V8.4.0 20240117
No ratings yet
DSS-Express Users-Manual V8.4.0 20240117
242 pages
MIS-205 AYN Chaldal Presentation
No ratings yet
MIS-205 AYN Chaldal Presentation
19 pages
Release Notes For The Cisco ASA 5500 Series Version 8.4 (X)
No ratings yet
Release Notes For The Cisco ASA 5500 Series Version 8.4 (X)
70 pages
M3660idn M3655idn M3145idn M3645idnENRMR16
No ratings yet
M3660idn M3655idn M3145idn M3645idnENRMR16
30 pages
KM Security White Paper
No ratings yet
KM Security White Paper
32 pages
Microsoft: 70-533 Practice Exam
No ratings yet
Microsoft: 70-533 Practice Exam
108 pages
Top 50 Cyber Security Interview Questions and Answers in 2022
No ratings yet
Top 50 Cyber Security Interview Questions and Answers in 2022
14 pages
B.Tech CSE 4th Year - Revised1
No ratings yet
B.Tech CSE 4th Year - Revised1
35 pages
Vulnerabilities of The SSL Tls Protocol
No ratings yet
Vulnerabilities of The SSL Tls Protocol
12 pages
Broker Admin Guide
100% (1)
Broker Admin Guide
248 pages
DVT Userguide
No ratings yet
DVT Userguide
115 pages
NGFW Outline
No ratings yet
NGFW Outline
6 pages
IBM How To Set Up SSL Using A Third-Party Certificate Authority (CA) - United States
No ratings yet
IBM How To Set Up SSL Using A Third-Party Certificate Authority (CA) - United States
4 pages
TGMC SRS E-Cops
100% (1)
TGMC SRS E-Cops
33 pages
Juniper - SRX4100 and SRX 4200 Services Gateways Firewalls
No ratings yet
Juniper - SRX4100 and SRX 4200 Services Gateways Firewalls
6 pages
Nokia Frequently Asked Questions (1)
No ratings yet
Nokia Frequently Asked Questions (1)
24 pages
Sonicwall Gen 7 Nsa Series: Highlights
No ratings yet
Sonicwall Gen 7 Nsa Series: Highlights
10 pages
The Best Cyber Security Interview Questions (UPDATED) 2019
No ratings yet
The Best Cyber Security Interview Questions (UPDATED) 2019
15 pages
Acronyms Network Management 2015 NGL 2016VII28
No ratings yet
Acronyms Network Management 2015 NGL 2016VII28
4 pages