How to: setup RPC over HTTP on a single Exchange

[chicagotech]

How to configure RPC over HTTP on a single DC with Exchange Server 2003

To configure RPC over HTTPS on a single domain controller with Excahnge 2003 installed, please follow these steps:

1. Install the RPC over HTTP Proxy networking component on your Exchange server.
2. Create SelfSSL for the server.
3. Configure the RPC virtual directory in IIS.
4. Enable the RPC virtual directory to require SSL
5. Configure the RPC proxy server to use the default ports.
6. Configure the global catalog to use specific ports for RPC over HTTP for directory services.

1. Install the RPC over HTTP Proxy networking component on your Exchange server:

1) Open Control Panel, and then click Add or Remove Programs.
2) Click Add Remove Windows Components, click Networking Services, and then click Details.
3) Click to select the RPC over HTTP Proxy check box, click OK, and then click Next.
4) Windows Component Wizard will run and you may need Widows 2003 CD to install RPC over HTTP Proxy.
5) After completed, click Finish.

2. Create SelfSSL for the server:

1) Open SelfSSL from All Programs>IIS Resources.
2) Assuming you want a 10 year SSL, type “selfssl.exe /N:CN=EXCHANGESERVERNAME /V:3650. Note: A) /V:3650 = 10 year. B) By default, Site = 1, Key size = 1024, port = 443.
3) To test, SSL, open the IE with the hhtps, for example, https://chicagotech.net/excahnge. If you receive Certificate Error, click on Certificate Error, Select View certificates. Click Install Certificate and then follow the instruction and select OK/Yes to install it. Re-open the https, you should not see the Certificate Error any more.

3. Configure the RPC virtual directory in IIS:
1) Open IIS from Administrative Tools.
2) Expand servername >Web Sites> Default Web Site, right-click Rpc, and then click Properties.
3) Select Directory Security tab, and then click Edit under Authentication and access control.
4) Uncheck the Enable anonymous access check box.
5) Check the Basic authentication (password is sent in clear text) check box only. You wil receive the following message:
“ The authentication option you have selected results in passwords being transmitted over the network without data encryption. Someone attempting to compromise your system security could use a protocol analyzer to examine user passwords during the authentication process. For more detail on user authentication, consult the online help. This warning does not apply to HTTPS(orSSL) connections.

Are you sure you want to continue?”

6) Click Yes, and then click OK.
7) Click Apply, and then click OK.


4. Enable the RPC virtual directory to require SSL:

1) Open IIS from Administrative Tools.
2) Expand servername >Web Sites> Default Web Site, right-click Rpc, and then click Properties.
3) Select the Directory Security tab, and then click Edit under Secure communications.
4) Check the Require secure channel (SSL) check box and the Require 128-bit encryption check box.
5) Click OK, click Apply, and then click OK.

5. Configure the RPC proxy server to use the default ports:

1) On the Exchange server, run regedit.
2) Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy.
3) Remove all the information from the Value data box, and then type the following information:
ServerNETBIOSName:6001-6002;ServerFQDN:6001-6002;ServerNetBIOSName:6004;ServerFQDN:6004

Note: A) all in one line and you can type them using notepad and then copy/past. B) ServerFQDN should be the Internet FQDN since we want to access the Exchange over the Internet. C) You may add the internal FQDN too.

4) Click OK, and then quit Registry Editor.

6. Configure the global catalog to use specific ports for RPC over HTTP for directory services:
1) On the Exchange server, run regedit.
2) Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
3) On the Edit menu, point to New, and then click Multi-String Value.
4) Type the new registry value NSPI interface protocol sequences.
5) Double-click on NSPI interface protocol sequences to modify the Value.
6) In the Value data box, type ncacn_http:6004, and then click OK.
7) Quit Registry Editor, and then restart the computer.