Simon’s Backup Weblog

Getting Exchange RPC over HTTPS working

Posted in Uncategorized by Simon Bisson on February 22, 2006

…as today I have been mostly fighting Exchange. And VPNs.

We’ve got a new router – which unfortunately has a known bug which stops Microsoft PPTP VPNs working. I spent some time struggling to configure an IPSEC VPN on the router (and gave up when I couldn’t find a free VPN client), before trying to get Exchange’s RPC over HTTPS connections working.

The server was set up correctly, and all the diagnostics we’re reporting that I could make a connection – but Outlook just wasn’t connecting to the server. I went through all the documentation I could find, double-checking as I went. Everything was correct – on the laptop and on the server. But still no connections…

Finally I found the answer, hidden in a comment on a discussion forum somewhere in Germany.

As I was self-certifying my server, I needed to install the root certificate as a Trusted Root Certification Authority. I exported the certificate from the server, fired up Internet Properties on the laptop, and installed the file. Finally I fired up Outlook.

Everything worked.

(And I sorted out my remote file access issues by installing OpenSSH and WinSCP)


5 Responses to 'Getting Exchange RPC over HTTPS working'

Subscribe to comments with RSS or TrackBack to 'Getting Exchange RPC over HTTPS working'.

  1. etriganuk said,

    You could have asked me – I could have told you instantly šŸ™‚

    I really must write up some of the useful things like this I know …

  2. sbisson said,

    Yup – you should!

    It’s one of the reasons I blog this sort of thing, so that I can find it in future, and in case anyone else needs to know…

    (I really must write up the art of getting a personal certificate from one machine to another, and across OSes…)

  3. spride said,

    IPSec isn’t built into the OS? Boggle.

  4. sbisson said,

    It is. However, the router’s IPSec set up was somewhat obtruse.

    And no one was paying me to get them to talk to each other… Economics won out over my geekiness.

  5. sbisson said,

    Just to clarify why I was having to do it on the router – the bug in Linksys’s firware fragments IP50 and GRE47 packets, so opening the ports through to my server wouldn’t have made any difference…

    Annoyingly apparently their own QuickVPN software apprently works just fine…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: