Administrators can configure user accounts in Outlook 2003 to connect to Microsoft Exchange Server 2003 over the Internet without the need to use virtual private network connections. This featureconnecting to an Exchange account by using Remote Procedure Call (RPC) over HTTPallows Outlook users to securely access their Exchange Server accounts from the Internet when they are traveling or working outside their organization's firewall from a home office or remote office. Users do not need any special connections or hardware such as smart cards and security tokens to access their Exchange accounts. Eliminating the complexity of virtual private networks, RPC over HTTP simplifies secure access to Exchange 2003.
Configuring RPC over HTTP
RPC over HTTP requires several components for proper operation on both client and server systems. Client workstations need to have Microsoft Windows XP with Service Pack 1 and the Q331320 hot fix (or a later service pack) and Outlook 2003 installed on the workstation. Server requirements are Microsoft Windows Server 2003 on global catalog servers, and RPC proxy servers and Exchange 2003 on all front-end and back-end servers. After the prerequisites are met, the servers and clients can be configured for RPC over HTTP access.
Configuring Exchange Server for RPC over HTTP
RPC over HTTP requires the Exchange Server to support HTTP proxy. Two items must be configured on the Exchange Server to support the remote connection:
Installing the RPC over HTTP Proxy service is accomplished using the following steps:
Log on to the Exchange Server using an account with local administrative privileges.
From the Start menu, launch the Windows Control Panel applet and then select Add or Remove Programs. Click Add/Remove Windows Components.
Select the Network Services component and then click Details to display the Networking Services dialog box, as shown in Figure 11.3.
Figure 11.3. Selecting the RPC over HTTP Proxy Windows component.
Check the box for RPC over HTTP and then click OK.
Click Next to install the RPC over HTTP proxy component. The Windows 2003 server media may need to be inserted during this process.
After the RPC over HTTP component is installed, reboot the Exchange Server in preparation for configuring IIS authentication settings. After the server has restarted, use the following steps to configure the RPC virtual directory for Basic authentication:
Log on to the Exchange server using an account with local administrative privileges.
From the Start menu, select All Programs or Programs, Administrative Tools, and then launch Internet Information Services Manager.
In the left pane, expand the Server, expand Web Sites, and then expand the Default website. Right-click the RPC Virtual Directory container and select Properties.
In the RPC Properties dialog box, select the Directory Security tab. Under the Authentication and access control section, click Edit. Deselect the Enable Anonymous Authentication and select the Basic Authentication option by clicking the check box (Integrated Windows Authentication should also be selected by default). Then click OK.
On the RPC Properties page, click Edit under the Secure communications section. Select Require Secure Channel (SSL) and Require 128-Bit Encryption by clicking both check boxes. Click OK to save changes and then click OK once more to exit the RPC Properties dialog box.
Configuring Outlook 2003 for RPC over HTTP
After the server components are configured, Outlook must be configured for RPC over HTTP by setting options on the user's Outlook Profile. The Outlook client can be configured to use RPC over HTTP whether or not Outlook has access to Exchange. This allows remote users to configure their Outlook without first having a VPN connection established to their internal network.
When configured for RPC over HTTP in an offline mode, the Outlook client may appear to hang up. Don't be alarmed; after a 30 second or so timeout, configuration changes will be able to be completed.
Administrators can configure Outlook 2003 to use RPC over HTTP by performing the following steps on an existing Outlook Profile:
From the Start menu, launch the Windows Control Panel applet and then select the Mail icon by double-clicking it.
In the Mail Setup dialog box, click the Email Accounts button. Verify that the View or Change Existing Email Accounts option button is selected, and then click Next to continue.
The list of email accounts appears. Select the Exchange server account and then click the Change button.
On the Exchange Server settings dialog screen, click the More Settings button to display the Microsoft Exchange Server Properties page.
Select the Connections tab. In the Exchange over the Internet section, enable the check box next to Connect to My Exchange Mailbox Using HTTP. Click the Exchange Proxy Settings button. The Exchange Proxy Settings dialog box will appear as shown in Figure 11.4.
Figure 11.4. Configuring the Exchange Proxy Settings.
In the Use This URL to Connect to My Proxy Server for Exchange field, enter the FQDN for the RPC proxy server. Enable the check boxes for the Connect Using SSL Only and Mutually Authenticate the Session When Connecting with SSL options. Also enter the FQDN of the RPC proxy server in the Principal Name for Proxy Server box. Be sure to use a format of msstd:FQDN of RPC Proxy Server (for example, msstd:mail.pandornetworks.com).
Because the RPC Virtual server is configured for Basic Authentication, change the value for the Use This Authentication When Connecting to My Proxy Server for Exchange drop-down list option to Basic Authentication.
Click OK to save the changes and then click OK to exit the Microsoft Exchange Server dialog box.
On the Exchange Server Settings screen, click Next.
On the Email Accounts dialog box, click Finish to exit, and then click Close to exit the Mail Setup dialog box.
The Outlook client is now configured for RPC over HTTP.
Outlook 2003 can be configured to connect to an Exchange server by default using RPC over HTTP. To enable this option on the Exchange Proxy Settings dialog screen, select the check box next to On Fast Networks, Connect to Exchange Using HTTP First, Then Connect Using TCP/IP. A fast network has bandwidth greater than 128 kilobits per second (Kbps). A slow network has bandwidth that is less than or equal to 128Kbps.
Using Outlook 2003 via RPC over HTTP
Users will notice minimal functional difference when using RPC over HTTP with their Outlook email client. In most cases, except for easier access when offsite or in a remote office, users may not even know that Outlook is configured for this feature. To test whether Outlook is using HTTP, administrators and/or power users can use the following steps to verify that Outlook connects to the Exchange computer using RPC over HTTP:
On the Start menu, click Run, type outlook /rpcdiag, and then click OK.
Type the user credentials into the Username and Password boxes, and then click OK.
If HTTPS appears in the Conn column in the Exchange Server Connection Status dialog box, Outlook is connected by using RPC over HTTP. Otherwise, recheck the client setup and the server setup to make sure no configuration steps were missed.
Testing can also be accomplished while Outlook is running. In Outlook, press the Ctrl key while right-clicking the Outlook icon in the system tray. An additional option, Connection Status, will appear on the context menu. Click Connection Status to display the Exchange Server Connection Status dialog box.