Setting up RPC over HTTPS is different than setting up Entourage over HTTP/S. First, an overview of what HTTPS is. HTTPS is the secure form of HTTP, it stands for HyperText Transfer Protocol Secure. This means that you will need an SSL certificate for connection between Outlook and Exchange. RPC is what Outlook uses to synchronize special information over from Exchange. RPC stands for Remote Procedure Call, and is the special programming routine that allows the application (Outlook) to connect with Exchange via OWA.
Now that we’ve established what RPC over HTTPS is, an outline will follow of how to connect Outlook to Exchange using RPC over HTTPS on Windows 2003 Small Business Server.
Introduction:
Small business server comes with many things already installed and ready for use right out of the box for a company. Two of these things are Exchange and Remote Web Workplace. Remote Web Workplace seems to be an idea made by Microsoft so that an Administrator could remote into their server via HTTP/S, and from there can use many tools in Remote Web Workplace to administer the entire network infrastructure via the Small Business server.
Check List:
1. Are you using Small Business Server 2003?
2. Is Exchange functioning and setup correctly?
3. Do you have an SSL certificate?
4. Are ports 80 and 443 open (and 3389 if you’re doing this remotely)?
5. Do you know the NetBios name of the server (right mouse click My Computer and check the computer name)?
6. Do you have Outlook (preferably 2003)?
7. Are the client workstations that need remote access updated with SP2 for XP?
If you have this, then you’re ready to rock.
Getting it All to Work Together
1. Make Them a Member of Remote Web Workplace
Log in as Administrator to the Small Business server and open up Active Directory Users and Computers. Locate the users you want to have access (or create a security group) and add the group or user to the following group called, “Remote Web Workplace”.
NOTE: You may not see this group as a security group in Active Directory, but if you type in the name and press the “Check” button, it should underline itself. You have now confirmed that this is a valid Security Group.
2. Get The Facts
With the new user you created, login to https://mail.domainname.com/remote. This is the Remote Web Workplace that you are logging into. You should be greeted with a login. Use the credentials for the user (or pick a user from the security group) that is now a member of “Remote Web Workplace”. You should be able to log in. If you cannot, log in to Remote Web Workplace, log in as Administrator and see if you can log in. If you can log in with the Administrator account, check your settings that you’ve applied to the security group, or user, and ensure that they are indeed members of “Remote Web Workplace”.
Once you have logged in, to the right, there should be a link called “Configure your computer to use Outlook via the Internet”, click on it, and it will outline steps that are pretty darn close to what you should setup in Outlook. It’s basically a help file, but it will give you almost exactly what you will need to use RPC over HTTPS. Just in case, I will also outline the steps here that the link will post.
NOTE: It is important that your users can log in to Remote Web Workplace with the users that need access to RPC over HTTPS. If they cannot log in to here, you will NOT be able to user RPC over HTTPS.
3. Configure or Reconfigure the SSL Certificate
When you log in to Remote Web Workplace via HTTPS, you should be greeted with a pop-up that asks if you want to accept the SSL cert. Check the SSL certificate and MAKE SURE THAT THE WEBSITE NAME OF THE CERT MATCHES THE WEBSITE.
If it does, then log in from each computer that needs RPC over HTTPS and install the certificate from Remote Web Workplace by clicking on View Certificate, and then Install Certificate. You can double-check that the certificate is installed by opening up MMC, go to Certificates, pull up the one for User Certificates, and look for one named with the server or domain name as a Trusted Root. Again, make sure that the cert’s name (not the CA issuer) is called by the MX record name (or predetermined Exchange website name) and NOT THE SERVER NAME. After you install the certificate, close Internet Explorer, and reopen it, and log in to Remote Web Workplace. If you are prompted to accept the certificate again, something is wrong with the certificate, and you will need to create a new one.
If the certificate doesn’t match the Exchange website name or the certificate saved keeps prompting you to accept it, you will need to create a new certificate. You can do this by the following:
1. Download IIS 6.0 Resource Kit Tools, available from:
http://www.microsoft.com/downloads/details.aspx?FamilyID=56FC92EE-A71A-4C73-B628-ADE629C89499&displaylang=en
2. Run the application, and install SelfSSL
3. Click on Start -> All Programs -> IIS 6.0 Resource Kit -> SelfSSl
4. In the Command Prompt type the following:
selfssl /T /N:CN=
NOTE:
5. Type “y” to replace the SSL settings for site 1.
6. Log in to Remote Web Workplace again, and display the certificate. Ensure it is now called what it is supposed to (HINT: Before you view the certificate there should be a green check mark for “Certificate matches website name”). Install the cert, close IE, and retest. You should not longer be prompted to accept the certificate.
NOTE: This is important because if the certificate does not match the Exchange website name the connection will FAIL. You will either get a “server not available error” or other unusual errors.
4. Configure Outlook (a.k.a, It’s all Downhill from Here)
NOTE: This is available in Remote Web Workplace under the link: “Configure your computer to use Outlook via the Internet”
1. Go to Control Panel -> Mail -> Profiles and create a new Profile
2. With the new profile create an e-mail account, make sure to choose Exchange.
a. For the server name put the NetBIOS name, NOT THE WEB NAME.
b. For the user name, put in the username of the user.
NOTE: Do not hit, “Check” it will not work.
c. Click on the “More Settings” button.
d. Click the Connection Tab.
i. Checkmark the box that says “Connect to my Exchange mailbox using HTTP”
ii. Press the Exchange Proxy Settings Button
1. For https:// put in the website name that we’ve been getting the certificate ready for.
2. Put a check mark for “Connect using SSL only”
3. Put a check mark for “Mutually authenticate the session when connecting with SSL”.
4. For “Principal name for proxy server:” put the following: msstd:mail.domainname.com
5. Put a check mark for “On fast networks…” and “On slow networks…”
6. For “Proxy authentication settings” change it to “Basic Authentication”
3. Press OK a bunch of times, Next, and then Finish.
4. Make sure that this profile is set to “Always use this Profile”
5. Save your settings
6. Test your settings, and if you’ve done everything right, you should be prompted for your credentials. After you have been authenticated, you should now start receiving e-mail, and be able to view the calendar and do all of the other Exchange type stuff that the users are used to.