Trying to get RPC over HTTP for Outlook working

hmm... so much for the hunch of OL2007 and a wild card cert...........

When you configure OL2007 for RPC/HTTP, are you setting the principal name
for the proxy field (its the place where you put msstd:some.server.name)?

"Evans Leung" wrote in message
...
not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" wrote in message
...
Not quite what I'm asking. A wildcard certificate shows that the name
the certificate was issued to is *.some.domain. A subject alternatitive
name (SAN) is where the certificate is multiple fqdn server names. For
example, you can have a certificate that can be used for owa.some.domain,
autodiscovery.some.domain, smtp.some.domain, pop3.some.domain, .etc.

"Evans Leung" wrote in message
...
Verisign

"neo [mvp outlook]" wrote in message
...
Interesting. What kind of certificate are you using on the ISA box?
(wildcard, san, .etc)

"Evans Leung" wrote in message
...
thanks for your reply, it puzzeles me that the current setup has been
working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" wrote in message
...
ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might be
helpful to you.


"Evans Leung" wrote in message
...
Neo,

I have a similar situation, my domain is company.local, server name
is exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http only
works outside the network only if it VPN in (we use ISA2004 here)

thanks,
Evans

"neo [mvp outlook]" wrote in message
...
You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will need to
clarify your post a bit. Based on the below, I would assume that
you have a single Exchange server setup. If my understanding is
right, you high level checks would be...

1) Ensure that the RPC proxy component is installed on your Windows
2003 (SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server.
(Exchange System Manager Right click on server object
Properties RPC-HTTP tab) You may have to add the necessary
registry keys to get this working. Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of the
Exchange server is EXCH01 and the domain name I'm working with is
contoso.com. The ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before
testing from the internet.

Other than that, test with SSL enabled and if you are using a
private (internal) certificates to secure the web/rpc proxy
services, make sure that a copy of the signing certificate
authority is installed on the workstations. The client operating
system (assuming Windows XP SP2 or newer) will verify the SSL
certificate back to the issuing certificate authority.

"Daniel Mazur" wrote in message
...
having trouble seeing my exchange server via outlook 2007 over the
internet
connecting to my Exchange Enterprise Server 2003. Have followed
Microsoft
instructions, testing first without use of of SSL certificates. I
may be a
bit confused about front end and backend servers. I have one PC,
a domain
controller at our office, a seperate PC with Exchange Only on it,
connecting
to the Domain Controller, and another PC with Blackberry
Enterprise
installed. The purpose of this is to get away from use of the VPN
connection required to be part of the local network for Exchange
User access
off property. Sounds good configuring settings into the Outlook
only and
preventing other local access this way. Any ideas? Again, cannot
get the
Outlook to see the Exchange Server during the logon name and
password to
server process.

i use the same settings in all fields in OL2007 just like in OL2003...

msstdwa.company.com

"neo [mvp outlook]" wrote in message
...
hmm... so much for the hunch of OL2007 and a wild card cert...........

When you configure OL2007 for RPC/HTTP, are you setting the principal name
for the proxy field (its the place where you put msstd:some.server.name)?

"Evans Leung" wrote in message
...
not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" wrote in message
...
Not quite what I'm asking. A wildcard certificate shows that the name
the certificate was issued to is *.some.domain. A subject alternatitive
name (SAN) is where the certificate is multiple fqdn server names. For
example, you can have a certificate that can be used for
owa.some.domain, autodiscovery.some.domain, smtp.some.domain,
pop3.some.domain, .etc.

"Evans Leung" wrote in message
...
Verisign

"neo [mvp outlook]" wrote in message
...
Interesting. What kind of certificate are you using on the ISA box?
(wildcard, san, .etc)

"Evans Leung" wrote in message
...
thanks for your reply, it puzzeles me that the current setup has been
working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" wrote in message
...
ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might be
helpful to you.


"Evans Leung" wrote in message
...
Neo,

I have a similar situation, my domain is company.local, server name
is exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http only
works outside the network only if it VPN in (we use ISA2004 here)

thanks,
Evans

"neo [mvp outlook]" wrote in
message ...
You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will need to
clarify your post a bit. Based on the below, I would assume that
you have a single Exchange server setup. If my understanding is
right, you high level checks would be...

1) Ensure that the RPC proxy component is installed on your
Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server.
(Exchange System Manager Right click on server object
Properties RPC-HTTP tab) You may have to add the necessary
registry keys to get this working. Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of the
Exchange server is EXCH01 and the domain name I'm working with is
contoso.com. The ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before
testing from the internet.

Other than that, test with SSL enabled and if you are using a
private (internal) certificates to secure the web/rpc proxy
services, make sure that a copy of the signing certificate
authority is installed on the workstations. The client operating
system (assuming Windows XP SP2 or newer) will verify the SSL
certificate back to the issuing certificate authority.

"Daniel Mazur" wrote in message
...
having trouble seeing my exchange server via outlook 2007 over
the internet
connecting to my Exchange Enterprise Server 2003. Have followed
Microsoft
instructions, testing first without use of of SSL certificates.
I may be a
bit confused about front end and backend servers. I have one PC,
a domain
controller at our office, a seperate PC with Exchange Only on it,
connecting
to the Domain Controller, and another PC with Blackberry
Enterprise
installed. The purpose of this is to get away from use of the
VPN
connection required to be part of the local network for Exchange
User access
off property. Sounds good configuring settings into the Outlook
only and
preventing other local access this way. Any ideas? Again,
cannot get the
Outlook to see the Exchange Server during the logon name and
password to
server process.

safe to assume the result is the same if you remove the msstd setting?

"Evans Leung" wrote in message
...
i use the same settings in all fields in OL2007 just like in OL2003...

msstdwa.company.com

"neo [mvp outlook]" wrote in message
...
hmm... so much for the hunch of OL2007 and a wild card cert...........

When you configure OL2007 for RPC/HTTP, are you setting the principal
name for the proxy field (its the place where you put
msstd:some.server.name)?

"Evans Leung" wrote in message
...
not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" wrote in message
...
Not quite what I'm asking. A wildcard certificate shows that the name
the certificate was issued to is *.some.domain. A subject
alternatitive name (SAN) is where the certificate is multiple fqdn
server names. For example, you can have a certificate that can be used
for owa.some.domain, autodiscovery.some.domain, smtp.some.domain,
pop3.some.domain, .etc.

"Evans Leung" wrote in message
...
Verisign

"neo [mvp outlook]" wrote in message
...
Interesting. What kind of certificate are you using on the ISA box?
(wildcard, san, .etc)

"Evans Leung" wrote in message
...
thanks for your reply, it puzzeles me that the current setup has
been working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" wrote in message
...
ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might be
helpful to you.


"Evans Leung" wrote in message
...
Neo,

I have a similar situation, my domain is company.local, server
name is exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http only
works outside the network only if it VPN in (we use ISA2004 here)

thanks,
Evans

"neo [mvp outlook]" wrote in
message ...
You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will need to
clarify your post a bit. Based on the below, I would assume that
you have a single Exchange server setup. If my understanding is
right, you high level checks would be...

1) Ensure that the RPC proxy component is installed on your
Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server.
(Exchange System Manager Right click on server object
Properties RPC-HTTP tab) You may have to add the necessary
registry keys to get this working. Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of the
Exchange server is EXCH01 and the domain name I'm working with is
contoso.com. The ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before
testing from the internet.

Other than that, test with SSL enabled and if you are using a
private (internal) certificates to secure the web/rpc proxy
services, make sure that a copy of the signing certificate
authority is installed on the workstations. The client operating
system (assuming Windows XP SP2 or newer) will verify the SSL
certificate back to the issuing certificate authority.

"Daniel Mazur" wrote in message
...
having trouble seeing my exchange server via outlook 2007 over
the internet
connecting to my Exchange Enterprise Server 2003. Have followed
Microsoft
instructions, testing first without use of of SSL certificates.
I may be a
bit confused about front end and backend servers. I have one
PC, a domain
controller at our office, a seperate PC with Exchange Only on
it, connecting
to the Domain Controller, and another PC with Blackberry
Enterprise
installed. The purpose of this is to get away from use of the
VPN
connection required to be part of the local network for Exchange
User access
off property. Sounds good configuring settings into the Outlook
only and
preventing other local access this way. Any ideas? Again,
cannot get the
Outlook to see the Exchange Server during the logon name and
password to
server process.

same... is this a known issue?

"neo [mvp outlook]" wrote in message
...
safe to assume the result is the same if you remove the msstd setting?

"Evans Leung" wrote in message
...
i use the same settings in all fields in OL2007 just like in OL2003...

msstdwa.company.com

"neo [mvp outlook]" wrote in message
...
hmm... so much for the hunch of OL2007 and a wild card cert...........

When you configure OL2007 for RPC/HTTP, are you setting the principal
name for the proxy field (its the place where you put
msstd:some.server.name)?

"Evans Leung" wrote in message
...
not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" wrote in message
...
Not quite what I'm asking. A wildcard certificate shows that the name
the certificate was issued to is *.some.domain. A subject
alternatitive name (SAN) is where the certificate is multiple fqdn
server names. For example, you can have a certificate that can be
used for owa.some.domain, autodiscovery.some.domain, smtp.some.domain,
pop3.some.domain, .etc.

"Evans Leung" wrote in message
...
Verisign

"neo [mvp outlook]" wrote in message
...
Interesting. What kind of certificate are you using on the ISA box?
(wildcard, san, .etc)

"Evans Leung" wrote in message
...
thanks for your reply, it puzzeles me that the current setup has
been working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" wrote in
message ...
ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might be
helpful to you.


"Evans Leung" wrote in message
...
Neo,

I have a similar situation, my domain is company.local, server
name is exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http only
works outside the network only if it VPN in (we use ISA2004 here)

thanks,
Evans

"neo [mvp outlook]" wrote in
message ...
You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will need
to clarify your post a bit. Based on the below, I would assume
that you have a single Exchange server setup. If my
understanding is right, you high level checks would be...

1) Ensure that the RPC proxy component is installed on your
Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server.
(Exchange System Manager Right click on server object
Properties RPC-HTTP tab) You may have to add the necessary
registry keys to get this working. Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of
the Exchange server is EXCH01 and the domain name I'm working
with is contoso.com. The ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before
testing from the internet.

Other than that, test with SSL enabled and if you are using a
private (internal) certificates to secure the web/rpc proxy
services, make sure that a copy of the signing certificate
authority is installed on the workstations. The client
operating system (assuming Windows XP SP2 or newer) will verify
the SSL certificate back to the issuing certificate authority.

"Daniel Mazur" wrote in message
...
having trouble seeing my exchange server via outlook 2007 over
the internet
connecting to my Exchange Enterprise Server 2003. Have
followed Microsoft
instructions, testing first without use of of SSL certificates.
I may be a
bit confused about front end and backend servers. I have one
PC, a domain
controller at our office, a seperate PC with Exchange Only on
it, connecting
to the Domain Controller, and another PC with Blackberry
Enterprise
installed. The purpose of this is to get away from use of the
VPN
connection required to be part of the local network for
Exchange User access
off property. Sounds good configuring settings into the
Outlook only and
preventing other local access this way. Any ideas? Again,
cannot get the
Outlook to see the Exchange Server during the logon name and
password to
server process.

There is a known issue about Outlook 2007 and wildcard certificates.

Looking back over this... lets try changing the rpc proxy registry key a bit
based on your description of:

internal name: exchange.company.local
external name: owa.company.com

I would set the ValidPorts registry value to:

exchange:6001-6002;exchange:6004;exchange.company.local:6001-6002;exchange.company.local:6004;owa.company.com:6 001-6002;owa.company.com:6004

"evans leung" wrote in message
...
same... is this a known issue?

"neo [mvp outlook]" wrote in message
...
safe to assume the result is the same if you remove the msstd setting?

"Evans Leung" wrote in message
...
i use the same settings in all fields in OL2007 just like in OL2003...

msstdwa.company.com

"neo [mvp outlook]" wrote in message
...
hmm... so much for the hunch of OL2007 and a wild card cert...........

When you configure OL2007 for RPC/HTTP, are you setting the principal
name for the proxy field (its the place where you put
msstd:some.server.name)?

"Evans Leung" wrote in message
...
not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" wrote in message
...
Not quite what I'm asking. A wildcard certificate shows that the
name the certificate was issued to is *.some.domain. A subject
alternatitive name (SAN) is where the certificate is multiple fqdn
server names. For example, you can have a certificate that can be
used for owa.some.domain, autodiscovery.some.domain,
smtp.some.domain, pop3.some.domain, .etc.

"Evans Leung" wrote in message
...
Verisign

"neo [mvp outlook]" wrote in message
...
Interesting. What kind of certificate are you using on the ISA
box? (wildcard, san, .etc)

"Evans Leung" wrote in message
...
thanks for your reply, it puzzeles me that the current setup has
been working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" wrote in
message ...
ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might be
helpful to you.


"Evans Leung" wrote in message
...
Neo,

I have a similar situation, my domain is company.local, server
name is exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http
only works outside the network only if it VPN in (we use ISA2004
here)

thanks,
Evans

"neo [mvp outlook]" wrote in
message ...
You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will need
to clarify your post a bit. Based on the below, I would assume
that you have a single Exchange server setup. If my
understanding is right, you high level checks would be...

1) Ensure that the RPC proxy component is installed on your
Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server.
(Exchange System Manager Right click on server object
Properties RPC-HTTP tab) You may have to add the necessary
registry keys to get this working. Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of
the Exchange server is EXCH01 and the domain name I'm working
with is contoso.com. The ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before
testing from the internet.

Other than that, test with SSL enabled and if you are using a
private (internal) certificates to secure the web/rpc proxy
services, make sure that a copy of the signing certificate
authority is installed on the workstations. The client
operating system (assuming Windows XP SP2 or newer) will verify
the SSL certificate back to the issuing certificate authority.

"Daniel Mazur" wrote in message
...
having trouble seeing my exchange server via outlook 2007 over
the internet
connecting to my Exchange Enterprise Server 2003. Have
followed Microsoft
instructions, testing first without use of of SSL
certificates. I may be a
bit confused about front end and backend servers. I have one
PC, a domain
controller at our office, a seperate PC with Exchange Only on
it, connecting
to the Domain Controller, and another PC with Blackberry
Enterprise
installed. The purpose of this is to get away from use of the
VPN
connection required to be part of the local network for
Exchange User access
off property. Sounds good configuring settings into the
Outlook only and
preventing other local access this way. Any ideas? Again,
cannot get the
Outlook to see the Exchange Server during the logon name and
password to
server process.

have tried changing the registry but it didn't work, it also broke the
originally working configurations (BOTH Outlook 2003 in Windows XP and
Outlook 2007 in Vista)

Evans

"neo [mvp outlook]" wrote in message
...
There is a known issue about Outlook 2007 and wildcard certificates.

Looking back over this... lets try changing the rpc proxy registry key a
bit based on your description of:

internal name: exchange.company.local
external name: owa.company.com

I would set the ValidPorts registry value to:

exchange:6001-6002;exchange:6004;exchange.company.local:6001-6002;exchange.company.local:6004;owa.company.com:6 001-6002;owa.company.com:6004

"evans leung" wrote in message
...
same... is this a known issue?

"neo [mvp outlook]" wrote in message
...
safe to assume the result is the same if you remove the msstd setting?

"Evans Leung" wrote in message
...
i use the same settings in all fields in OL2007 just like in OL2003...

msstdwa.company.com

"neo [mvp outlook]" wrote in message
...
hmm... so much for the hunch of OL2007 and a wild card cert...........

When you configure OL2007 for RPC/HTTP, are you setting the principal
name for the proxy field (its the place where you put
msstd:some.server.name)?

"Evans Leung" wrote in message
...
not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" wrote in message
...
Not quite what I'm asking. A wildcard certificate shows that the
name the certificate was issued to is *.some.domain. A subject
alternatitive name (SAN) is where the certificate is multiple fqdn
server names. For example, you can have a certificate that can be
used for owa.some.domain, autodiscovery.some.domain,
smtp.some.domain, pop3.some.domain, .etc.

"Evans Leung" wrote in message
...
Verisign

"neo [mvp outlook]" wrote in
message ...
Interesting. What kind of certificate are you using on the ISA
box? (wildcard, san, .etc)

"Evans Leung" wrote in message
...
thanks for your reply, it puzzeles me that the current setup has
been working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" wrote in
message ...
ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might
be helpful to you.


"Evans Leung" wrote in message
...
Neo,

I have a similar situation, my domain is company.local, server
name is exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http
only works outside the network only if it VPN in (we use
ISA2004 here)

thanks,
Evans

"neo [mvp outlook]" wrote in
message ...
You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will need
to clarify your post a bit. Based on the below, I would
assume that you have a single Exchange server setup. If my
understanding is right, you high level checks would be...

1) Ensure that the RPC proxy component is installed on your
Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server.
(Exchange System Manager Right click on server object
Properties RPC-HTTP tab) You may have to add the necessary
registry keys to get this working. Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of
the Exchange server is EXCH01 and the domain name I'm working
with is contoso.com. The ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before
testing from the internet.

Other than that, test with SSL enabled and if you are using a
private (internal) certificates to secure the web/rpc proxy
services, make sure that a copy of the signing certificate
authority is installed on the workstations. The client
operating system (assuming Windows XP SP2 or newer) will
verify the SSL certificate back to the issuing certificate
authority.

"Daniel Mazur" wrote in message
...
having trouble seeing my exchange server via outlook 2007
over the internet
connecting to my Exchange Enterprise Server 2003. Have
followed Microsoft
instructions, testing first without use of of SSL
certificates. I may be a
bit confused about front end and backend servers. I have one
PC, a domain
controller at our office, a seperate PC with Exchange Only on
it, connecting
to the Domain Controller, and another PC with Blackberry
Enterprise
installed. The purpose of this is to get away from use of
the VPN
connection required to be part of the local network for
Exchange User access
off property. Sounds good configuring settings into the
Outlook only and
preventing other local access this way. Any ideas? Again,
cannot get the
Outlook to see the Exchange Server during the logon name and
password to
server process.

Sorry about that. At this point, I would suggest that you call Microsoft
Product Support Services or repost to one of the microsoft.public.exchange.*
groups to see if you get any different suggestions to try.

"Evans Leung" wrote in message
...
have tried changing the registry but it didn't work, it also broke the
originally working configurations (BOTH Outlook 2003 in Windows XP and
Outlook 2007 in Vista)

Evans

"neo [mvp outlook]" wrote in message
...
There is a known issue about Outlook 2007 and wildcard certificates.

Looking back over this... lets try changing the rpc proxy registry key a
bit based on your description of:

internal name: exchange.company.local
external name: owa.company.com

I would set the ValidPorts registry value to:

exchange:6001-6002;exchange:6004;exchange.company.local:6001-6002;exchange.company.local:6004;owa.company.com:6 001-6002;owa.company.com:6004

"evans leung" wrote in message
...
same... is this a known issue?

"neo [mvp outlook]" wrote in message
...
safe to assume the result is the same if you remove the msstd setting?

"Evans Leung" wrote in message
...
i use the same settings in all fields in OL2007 just like in OL2003...

msstdwa.company.com

"neo [mvp outlook]" wrote in message
...
hmm... so much for the hunch of OL2007 and a wild card
cert...........

When you configure OL2007 for RPC/HTTP, are you setting the principal
name for the proxy field (its the place where you put
msstd:some.server.name)?

"Evans Leung" wrote in message
...
not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" wrote in message
...
Not quite what I'm asking. A wildcard certificate shows that the
name the certificate was issued to is *.some.domain. A subject
alternatitive name (SAN) is where the certificate is multiple fqdn
server names. For example, you can have a certificate that can be
used for owa.some.domain, autodiscovery.some.domain,
smtp.some.domain, pop3.some.domain, .etc.

"Evans Leung" wrote in message
...
Verisign

"neo [mvp outlook]" wrote in
message ...
Interesting. What kind of certificate are you using on the ISA
box? (wildcard, san, .etc)

"Evans Leung" wrote in message
...
thanks for your reply, it puzzeles me that the current setup has
been working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" wrote in
message ...
ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might
be helpful to you.


"Evans Leung" wrote in message
...
Neo,

I have a similar situation, my domain is company.local, server
name is exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http
only works outside the network only if it VPN in (we use
ISA2004 here)

thanks,
Evans

"neo [mvp outlook]" wrote in
message ...
You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will
need to clarify your post a bit. Based on the below, I would
assume that you have a single Exchange server setup. If my
understanding is right, you high level checks would be...

1) Ensure that the RPC proxy component is installed on your
Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server.
(Exchange System Manager Right click on server object
Properties RPC-HTTP tab) You may have to add the necessary
registry keys to get this working. Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of
the Exchange server is EXCH01 and the domain name I'm working
with is contoso.com. The ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before
testing from the internet.

Other than that, test with SSL enabled and if you are using a
private (internal) certificates to secure the web/rpc proxy
services, make sure that a copy of the signing certificate
authority is installed on the workstations. The client
operating system (assuming Windows XP SP2 or newer) will
verify the SSL certificate back to the issuing certificate
authority.

"Daniel Mazur" wrote in message
...
having trouble seeing my exchange server via outlook 2007
over the internet
connecting to my Exchange Enterprise Server 2003. Have
followed Microsoft
instructions, testing first without use of of SSL
certificates. I may be a
bit confused about front end and backend servers. I have
one PC, a domain
controller at our office, a seperate PC with Exchange Only
on it, connecting
to the Domain Controller, and another PC with Blackberry
Enterprise
installed. The purpose of this is to get away from use of
the VPN
connection required to be part of the local network for
Exchange User access
off property. Sounds good configuring settings into the
Outlook only and
preventing other local access this way. Any ideas? Again,
cannot get the
Outlook to see the Exchange Server during the logon name and
password to
server process.