Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 1 of 9

Home
{ Articles & Tutorials
„ Exchange 2003 Articles
„ Migration & Deployment

Implementing RPC over HTTPS in a single

Exchange Server 2003 environment
z Published: Aug 29, 2006
z Updated: Oct 03, 2006
z Section: Migration & Deployment
z Author: Marc Grote
z Rating: 4.5/5 - 73 Votes

In this article I will show you how to deploy RPC over HTTPS to connect your Exchange Server with your Outlook Client over
HTTPS. This article specifically deals with a single Exchange / Domain Controller environment for small organizations.

Get your copy of the German language "Microsoft ISA Server 2004 - Das Handbuch"

Let’s begin
As I wrote above we will use a single Exchange / Domain Controller setup for this article. The configuration is as follow:

z 1 Exchange Server 2003 Standard with SP1 and Windows Server 2003 Standard SP1 as an Active Directory Domain
Controller
z 1 Windows XP Professional Computer with SP2 and Microsoft Office Outlook 2003 with SP2

Step by Step
The following steps are necessary to implement RPC over HTTPS in a single Exchange Server environment:

z Configure an Exchange Server 2003 back-end server as an RPC proxy server

z Configure the RPC virtual directory for Basic authentication and SSL
z Configure the RPC proxy server to use specified ports for RPC over HTTP
z Set the NT Directory Services (NTDS) port on all global catalog servers that act as Exchange Server 2003 back-end servers
z Create a Microsoft Office Outlook 2003 Profile for your users to use with RPC over HTTPS
z Test the Connection

Configure an Exchange Server 2003 back-end server as an RPC

proxy server

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 2 of 9

You must install the RPC over HTTP Proxy component on Windows Server 2003. The RPC over HTTP Proxy component is
responsible for the encapsulation of RPC packets over HTTP(S) and is a component of Windows Server 2003. Therefore you can
install this feature like any other Windows feature with the help of the Add/Remove components wizard.

Figure 1: Installing the RPC over HTTP Proxy

Configure the RPC virtual directory for Basic authentication and

SSL
The next step is to configure the newly created RPC virtual directory in IIS to use Basic Authentication and SSL.

Basic Authentication is required to work with RPC over HTTPS and if you use Basic Authentication you must use SSL because
Basic Authentication sends user credentials in clear text.

Start the Internet Information Service Manager, navigate to the Default Website and right click the RPC Virtual Directory. Navigate
to the Directory Security tab and disable the Checkbox for Enable Anonymous Access and enable the Basic Authentication checkbox.
You can leave the Integrated Windows Authentication checkbox unchanged.

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 3 of 9

Figure 2: Configuration of the RPC Virtual Directory

If you enable the Basic Authentication checkbox you will get the following warning:

Figure 3: Basic Authentication warning

If you use SSL for Virtual Directory you can safely ignore the Warning of the IIS Manager warning.

Next you must enable SSL for the RPC Virtual Directory. For the purposes of this article I assume that you already have an SSL
certificate implemented. Check the checkbox Require 128-bit encryption for additional security.

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 4 of 9

Figure 4: Enable SSL for the RPC Virtual Directory

Configure the RPC proxy server to use specified ports for RPC over
HTTP
Now we need to configure the RPC Proxy Server on Exchange Server 2003 to use a specific Port Range. The Registry Key already
exists but you must modify the Data.

The path to the Registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\RPC\RPCPROXY.

Change the data to what is shown in the following picture. You must use Port Range 6001-6002 for the NetBIOS and DNS FQDN
and Port 6004 also for the NetBIOS and DNS FQDN.

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 5 of 9

Figure 5: Configuring the RPC Proxy Directory (click for larger image)

Set the NT Directory Services (NTDS) port on all Global Catalog

Servers that act as Exchange Server 2003 back-end Servers
Again we must modify the Registry to specify a static port for the NSPI (Name Service Provider Interface) settings.

Start Regedit and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTDS\PARAMETERS.

Create a REG_MULTI_SZ Record named NSPI interface protocol sequences with the data NCACN_HTTP:6004 as you can see in
the following picture.

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 6 of 9

Figure 6: Configuring the NTDS –NSPI Protocol sequence

Create a Microsoft Office Outlook 2003 Profile for your users to use
with RPC over HTTPS
Next, we must configure the Microsoft Outlook 2003 Profile to use RPC over HTTPS.

Navigate to the Control Panel in your Windows XP Professional Workstation and click the Mail icon. Add a new Mail profile or
modify an existing Profile. Navigate to the Connection Tab and check the Checkbox Connect to my Exchange mailbox using HTTP
and then click the Exchange Proxy Settings Button.

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 7 of 9

Figure 7: Enable RPC Proxy Settings

Enter your Server Information, similar to Figure 8.

Figure 8: Exchange Proxy Settings

Test the Connection

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 8 of 9

After enabling the RPC Proxy settings, your Outlook connection to the Exchange Server should be established successfully. The
question is now: How to determine that it is an RPC over HTTPS connection?

The answer is simple. Right click the Outlook icon in the taskbar while you are holding the CTRL Key. The Context menu opens and
now you have the option to see the Exchange Server Connection Status.

Figure 9: Test the RPC over HTTPS connection

Congratulations! You have successfully enabled your Exchange Server 2003 / Microsoft Outlook 2003 environment to use the RPC
over HTTPS feature.

Conclusion
Implementing Exchange Server 2003 with RPC over HTTPS in a single Exchange / Domain Controller environment is really simple
if you follow the above instructions or the RPC over HTTP Deployment Scenarios Guide for Exchange Server 2003 (link below).
With this feature enabled, all your external users can use Outlook over the Internet as if they were locally connected to your LAN. If
you have an ISA Server 2004 at your Firewall you can benefit from the advanced features and publish the Exchange Server over
RPC/HTTPS.

Related Links

RPC over HTTP Deployment Scenarios Guide for Exchange Server 2003

Configuring the Outlook 2003 RPC over HTTP Client

Troubleshooting RPC over HTTPS (Part 1)

About Marc Grote

Marc Grote is an MCSA/MCSE Messaging & Security, an MCTS/MCITP and a Microsoft Certified Trainer and
MCLC. He is a freelance IT Trainer and Consultant in the east of Germany near Berlin. He works for Telta
Citynetz Eberswalde and with Invenate GmbH, based in Hanover, on special projects. You can find more
information about Invenate here. For information about Telta Citynetz Eberswalde visit here. He specializes in
ISA Server, Exchange, Security for Windows 2000/2003 and Windows Server 2008 designs, migrations and
implementations, and Citrix Metaframe implementations. His efforts have earned him recognition as a Microsoft
MVP for ISA Server since 2004. You can visit his homepage.

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008
Implementing RPC over HTTPS in a single Exchange Server 2003 environment Page 9 of 9

Click here for Marc Grote's section.

Share this article

Latest articles by Marc Grote

z Hardening Exchange Server 2007 - Part 1: Introductory Steps
z Hardening Exchange Server 2007 - Part 2: Secure by Default
z Hardening Exchange Server 2007 - Part 3: Securing Email Client Access
z Exchange Server 2007 Edge Server Backup and Cloning
z How Exchange Server 2007 Extends the Active Directory Schema

Related links
z Configuring the Outlook 2003 RPC over HTTP Client
z Troubleshooting RPC over HTTPS (Part 2)
z Doing an in-place upgrade from Exchange Server 2000 to 2003
z Configuring ISA Server 2000 to Support Outlook 2003 RPC over HTTP - Part 1: Preparing the Infrastructure and Configuring
the Front-End Exchange Server
z Outlook Anywhere 2007 with ISA Server 2006

Receive all the latest articles by email!

Receive Real-Time & Monthly MSExchange.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Enter Email

Become an MSExchange.org member!

Discuss your Exchange Server issues with thousands of other Exchange experts. Click here to join!

About Us : Email us : Product Submission Form : Advertising Information

MSExchange.org is in no way affiliated with Microsoft Corp. *Links are sponsored by advertisers.

Copyright © 2008 TechGenix Ltd. All rights reserved. Please read our Privacy Policy and Terms & Conditions.

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-S... 2/23/2008