This is a quick cribsheet for setting up the Exchange RPC-HTTPS connection for Exchange. You don't need this for SBS 2003 as the Internet Connection wizard does it automatically. These notes apply to Exchange 2k3 SP1 or above running on Windows 2003.
Remember that on the client end you need Windows XP SP1 or greater and Outlook 2003 or greater.
Finally, this is a crib sheet so I'm not giving full details of all the procedures. See the MS documentation or just Google.
Incidentally http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm is a useful link (assuming the web page stays where it is).
You need the full AD name of the Exchange server e.g. peach.mydomain.local, and the Internet name of the server you're going to be connecting to e.g. peach.mydomain.co.uk. Here I'm assuming these are the same server. The MS documentation at http://support.microsoft.com/?id=833401 has all the details for configuring more complicated setups.
Select a PC for testing and make sure you can open:
https://peach.mydomain.co.uk/exchange/
without IE reporting any certificate errors. If you're using a self generated certificate you'll have to add your server's root certificate to the trusted certification authorities in IE. You can get the root certificate from:
http://peach/certsrv
Select the Download a CA certificate, certificate chain, or CRL link then install this CA certificate chain
If IE reports any certificate errors or warnings when you try and open Outlook web access the Outlook RPC connection *will not work*, so fix this first.
I always set the test client PC up first. Obviously it won't work until you complete the server setup, but its useful for testing along the way.<.p>
Open up the Control Panel/Mail icon and create a new profile. Add a normal Exchange Server connection and set the server name to peach.mydomain.local i.e. the AD name of the Exchange server. At this point it's going to complain it can't find the server; ignore this.
Go back into the profile and edit it. You'll get more can't find server errors: ignore them. Click More Settings then go to the Connection tab. Tick the Connect to my Exchange mailbox using HTTP box then click the Exchange Proxy Settings button. In the Use this URL ... field type peach.mydomain.co.uk i.e. the Internet name of the server. At the bottom of the dialog set the authentication to Basic Authentication. Keep clicking OK until everything has closed, and that's the client setup done.
There are three stages to the setup:
If you haven't installed the RPC proxy on the server do so now. Open Control Panel/Add Remove Programs/Windows components/Networking Services and tick the RPC over HTTP proxy box.
Open the IIS Manager and under the default web site right click the virtual folder Rpc and select Properties. On the Directory Security tab click the Authentication and access control/Edit button. Untick Enable anonymous access and tick the Basic authentication box then click OK. Ignore the warning. Back at the Rpc Properties dialog click the Secure communications/Edit button and tick Require secure channel.
If you open the Outlook client you should now find you're prompted for a username and password. Enter your details and you should get a pause of a few seconds then a Server not available warning. So far so good.
The Exchange bit is really easy. Open the Exchange System Manager, find and right click the server and select properties. On the RPC-HTTP tab click the RPC-HTTP back-end server radio button and ignore the warning. Keep clicking OK, and I usually reboot the server at this point.
One last registry change to make. Remember that the server name is peach and the full AD name is peach.mydomain.local. You need to make the following .reg file then run it. Alternatively just make the change with regedit.exe if you want to.
----8<---- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy] "ValidPorts"="peach:6001-6002;peach.mydomain.local:6001-6002; peach:6004;peach.mydomain.local:6004;" ----8<----
NB the line starting "ValidPorts"= is all one line. Remove the line break when you create the .reg file. Obviously replace the example name I've used here with the name of your Exchange server.
I generally reboot again at this point.
Once your server is up again it should all be working. If you open the Outlook client you should be prompted for a password. Enter your domain account details and you'll get a pause of a few seconds, then an hourglass and Outlook should open up with your e-mail.
John Rennie
2nd August 2007