Have to VPN to Send/Receive Emails
Hello,My company is running and hosting our own Exchange Server 2003 and we are having issues with our email server. In order for us to Send/Receive emails (on our laptops whether we are within the network or at home), we have to VPN into the server. I'm wondering if anyone else has ever had this problem before. The higher-ups are getting sick of this because the VPN seems to have issues when we travel overseas and, thus, we cannot check our emails using Outlook and are forced to use our Webmail instead. A solution we have found is to just switch to IMAP and re-download all of our emails to our Outlook (not a small task) but I'm terribly against this. As a result, I want to try and fix our Exchange Server so that if our accounts are properly set-up within Outlook, we do not have to VPN in. Does anyone have any advice for this? Thanks in advance.- Sammy
June 16th, 2008 6:26pm
VPNs can be a pain in the neck when it comes to establishing connections just to send and receive e-mails. have you considered using Outlook 2003/2007 in local cache mode and enable RPC over HTTP/HTTPS? This, of course, means that you would have to allow inbound HTTP/HTTPS to your RPC proxy (or directly to your Exchange server) or to a reverse proxy such as the ISA Server?
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2008 12:03pm
Yes, we tried to enable RPC over HTTP but it still didn't fix the problem. However, after some digging around, I think I found a potential error. Our domain name is not a dedicated IP (it's shared with a nameserver and another domain). When we set up Outlook Anywhere, it would keep trying to connect to the Exchange Server but it would give us an error saying the security certificate does not match up with the domain we are trying to point to (the error code is 30). This might be due to the domains having different SSL security certificates but I'm not sure. If we changed our domain to a dedicated IP, should that resolve the problem? I'm hesitant to do such a thing because that will cause our domain to go down for 24 hours while it propogates a new IP.
June 17th, 2008 5:26pm
Clarify: you want to get rid of VPN and use RPC Over HTTP, but ROH didnt work well
Collect info:
1. Your exchange topology: single exchange or FE/BE?
2. Version: windows client OS, Outlook
3. Which firewall is installed between internal and external network?
Troubleshooting:
1. Make sure that you have set up ROH properly [see the link beneath]
2. Try to configure OL to use ROH internally [see the link beneath], then confirm connection status
Notes: If HTTPS appears in the Conn column in the Exchange Server Connection Status window, it means that ROH settings should be correct
How to Check RPC over HTTP Connection Status:
http://technet.microsoft.com/en-us/library/aa996088(EXCHG.65).aspx
3. Check the Common Name of the certificate which you requested for your FE, make sure that it matches with external FQDN you used on the internet
4. Go to IIS->Default Web Site->Right-click RPC->choose properties->Directory Security tab->Authentication and access->only check Basic Auth (also check required SSL and 128bit encryption)
5. Check if the valid ports was incorrect HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
Notes: valid ports shall include {ServerNETBIOSName:6001-6002;ServerFQDN:6001-6002;ServerNetBIOSName:6004;ServerFQDN:6004;GCNETBIOSName:6004;GCFQDN:6004}
6. Check the NSPI interface protocol sequences on your GC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Data: ncacn_http:6004
7. Still go to IIS->Web Service Extensions->properties of RPC Proxy Server Extensions, make sure it points to C:\windows\system32\rpcproxy\rpcproxy.dll
Resources:
How to configure RPC over HTTP in Exchange Server 2003
http://support.microsoft.com/kb/833401
Configure RPC over HTTP/S on a Single Server
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
Configuring Outlook 2003 for RPC Over HTTP
http://office.microsoft.com/en-us/ork2003/HA011402731033.aspx
Troubleshooting RPC over HTTP
http://technet.microsoft.com/en-us/library/bb124649(EXCHG.65).aspx
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2008 10:16am
Thank you for the assistance. Let me get to work on all that and I will let you know how it is when I'm done.
June 19th, 2008 6:03pm