Understanding RPC over HTTP

 < Day Day Up > 

RPC over HTTP allows remote users to connect to Exchange Server 2003 using the Outlook 2003 MAPI client via the Internet, but without the need for a VPN or other tunneling software, smart cards, or other security tokens. It gives these remote users secure communication access to Outlook features found only in the MAPI client.

Installing and Configuring RPC over HTTP on the Server End

RPC over HTTP requires configuration on the Exchange Server to support HTTP Proxy. Two items must be configured on the server operating as the front-end server for the remote connection:

  • Install RPC over HTTP Windows component

  • Configure IIS to support RPC over HTTP secured communications

Installing the RPC over HTTP Windows Component

To be able to run RPC over HTTP, the RPC over HTTP Windows component needs to be installed. To install the component, do the following:

  1. From the Windows 2003 front-end server that will host the RPC over HTTP client connections, run Start, Settings, Control Panel, Add or Remove Programs.

  2. Select Add/Remove Windows Components.

  3. Highlight the Network Services component and then click Details.

  4. Select the RPC over HTTP Proxy option, as shown in Figure 25.9. Then click OK.

    Figure 25.9. Selecting the RPC over HTTP Proxy Windows component.

    graphics/25fig09.jpg

  5. Click Next to begin installation, and then click Finished when done.

Configuring IIS to Support RPC over HTTP

After the RPC over HTTP Proxy Windows component has been installed, IIS needs to be configured to support RPC secured communications. To do so, do the following:

  1. Select Start, Programs, Administrative Tools, Internet Information Services (IIS) Manager.

  2. Traverse the IIS tree past the server, Web Sites, Rpc. Right-click on the Rpc container and select Properties.

  3. Select the Directory Services tab and click on Edit.

  4. Deselect the Enable Anonymous Access option.

  5. Select the Basic Authentication option (the Integrated Windows Authentication option should also be selected by default). Click OK.

  6. Click on Edit and select both Require Secure Channel (SSL) and Require 128-Bit Encryption. Click OK.

Installing and Configuring RPC over HTTP on the End user Workstation

After HTTP over RPC is configured on the server end, the end user's workstation systems need to be configured for security end-to-end communications.

The end user must be running Windows XP with SP1 or higher, as well as Outlook 2003. In addition, the end user needs to install a hotfix to enable RPC over HTTP.

The hotfix can be found at http://support.microsoft.com/default.aspx?scid=KB;EN-US;331320.

  1. Install the patch.

  2. Reboot the PC.

After the hotfix is installed, launch Outlook 2003:

  1. Go to Tools, Email Accounts.

  2. Choose View or Change Existing Email Accounts.

  3. Click Next.

  4. Select the Microsoft Exchange Server account and click Change.

  5. Click the More Settings button on the Exchange Server Settings page.

  6. Click the Connection tab.

  7. Click the Connect to My Exchange Mailbox Using HTTP check box, as shown in Figure 25.10.

    Figure 25.10. Selecting the connection to Exchange using HTTP.

    graphics/25fig10.jpg

  8. Click on the Exchange Proxy Settings button.

On the Exchange Proxy Settings screen, configure the following:

  1. For Connection Settings, enter the URL of the Exchange server that has been configured as the RPC proxy server.

  2. Click Connect Using SSL Only.

  3. Click Mutually Authenticate the Session When Connecting with SSL.

  4. Enter the URL for the proxy server.

  5. If the user is located on a fast network, leave the default of connecting via TCP/IP first and then HTTP. If the user is on a slow network, connect using HTTP first and then TCP/IP.

  6. For Proxy Authentication Settings, choose the method that works best for the enterprise:

    The default method is Password Authentication (NTLM).

    Basic Authentication will prompt a user for a username and password each time the user connects to the exchange server. If SSL is not being used, the password will be sent in clear text.

  7. Click OK twice.

  8. Click Next.

  9. Click Finish.

The most secure method of user connection uses the following settings, which are also the default settings when RPC over HTTP is first configured:

  • Connect with SSL Only

  • Mutually Authenticate the Session When Connecting with SSL

  • Password Authentication is NTLM

 < Day Day Up > 


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net