August 28, 2003 08:28 PM

Inside RPC-over-HTTP

Rating: (0)
Paul Robichaux
Windows IT Pro
InstantDoc ID #40018

Whenever I see a new gadget or software product, I try to disengage my techno-lust momentarily and ask two questions: Which of the product's features are cool and which are actually useful? Often, the answers don't match up, although in the case of a few products (e.g., TiVo, iPod) they match really well. Exchange Server 2003 has a new feature that's both cool and useful: the ability to tunnel remote procedure calls (RPC) over standard HTTP connections. I've written briefly about this subject before, but I want to delve a little more into RPC-over-HTTP so that you can see how it can benefit your Exchange deployment.

Exchange and Outlook have always worked together using the Messaging API (MAPI) protocol. Over time, Microsoft has added support for IMAP and POP connections so that you can use Outlook in IMAP mode with an IMAP-enabled Exchange server. The problem with doing so is that you lose a lot of MAPI-based functionality, including follow-up flags, delegate access, voting buttons, and message recall. (Well, OK, maybe no one actually misses that last one.) MAPI traffic is covered over the Windows RPC ports (TCP port 135 is the RPC locator service; ports 137, 139, and 445 are used for other traffic). For security reasons, most sites have closed these ports on their firewalls, so Outlook, by itself, can't connect using MAPI.

Until Exchange 2003, the most prevalent solution was to provide a VPN service so that users can connect directly to the internal LAN. This solution, of course, requires you to set up and maintain a VPN, and it requires users to connect to the VPN every time they want to check email. Exchange 2003's RPC-over-HTTP feature does away with this requirement by letting RPC traffic nestle inside HTTP packets that are carried across port 80 or port 443. The latter port uses Secure Sockets Layer (SSL), which you should always use for external-to-internal Web traffic, particularly traffic that involves Outlook Web Access (OWA).

Another solution, of course, is to use RPC-over-HTTP to connect your Outlook 2003 clients to your Exchange 2003 server. This approach gives your clients full MAPI functionality without requiring them to use a VPN (thus improving client performance and network usage) and without requiring you to put RPC traffic directly on the Internet--advantages even when the client is behind a firewall. The best part is that Outlook supports automatic transition between plain RPC and RPC-over-HTTP. Laptop users can launch Outlook at work, pick up email, take the laptop home, plug it in, and get new email without tweaking any settings.

How does this magic work? Well, obviously you need Outlook 2003 and Exchange 2003. However, there's another requirement. Exchange's RPC support actually comes from Windows. In this case, that relationship means that you need to run Exchange 2003 on Windows Server 2003 to get RPC-over-HTTP support. In fact, you also need Windows 2003 on the Global Catalog (GC) servers that your Exchange servers use because the client will forward directory requests to those GC servers.

When an Outlook 2003 client attempts to connect to an Exchange server using RPC-over-HTTP, the client will first encounter a firewall, which should pass port 443 traffic. (Don't use RPC tunneling over port 80--doing so is a security nightmare.) The RPC packets will arrive at the target host, which must proxy them to the Exchange server. The proxying requires an additional software component; you can follow Microsoft's recommendation an use Internet Security and Acceleration (ISA) Server or you can send packets directly to a Microsoft IIS 6.0 or Exchange 2003 front-end server. In the latter case, you should use the RPC-over-HTTP Proxy service, which you install by using the Windows Components Wizard.

There are some other installation steps that I won't go into because the Exchange 2003 release notes and reference manuals document them. I will give you a handy tip, though. The Web release of the Exchange 2003 toolset includes an automatic setup script called RPCHTTP_Setup.vbs. By running this script on your Exchange 2003 servers and Windows 2003 GC servers, you can quickly set up RPC-over-HTTP on the server side. The client side doesn't need much special setup, although in my experience the easiest approach is to have clients make their initial connection (with the accompanying deep sync that creates local copies of the user's email data) on the LAN. Use RPC-over-HTTP with cached mode whenever possible.

RPC-over-HTTP has some interesting implications for site and server consolidation, too, which I briefly mentioned in the April 18 UPDATE. Even if you aren't interested in consolidating, you--and your users--will probably find plenty of advantages to RPC-over-HTTP.

ARTICLE TOOLS

Want to use this article? Click here for options!

Add a Comment

I have loaded rpc-http on an exchange-domain controller, worked fine. I have loaded rpc-http on many SBS servers, worked fine. But I cannot get it to work with separate exchange and domain controllers. I can rpcping ports 6001 and 6002, but not 6004. What can be wrong?

JEFF10/10/2007 7:52:12 AM

I've deployed RPC over HTTP on SBS and it works fine.

Anonymous User 7/8/2005 10:48:16 AM

How does it work on SBS 2003?

Anonymous User 5/26/2005 2:52:27 AM

How to configure my SuSe Linux Firewall for RCP-over-HTTP?

Anonymous User 12/15/2004 5:19:11 AM

What ports do you need open on the firewall. just 80 and 443?

Anonymous User 11/17/2004 4:06:45 PM

SP2 includes the patch....

Anonymous User 10/25/2004 1:17:47 PM

Oh Great! I installed Windows XP SP2 and now I cannot install the patch Q331320. It says it only works on SP1. DOes anyone have an idea how to get by this.

chaskiv8/14/2004 2:41:51 PM

Answers to some of the questions:

1. You do not need port 135 open on the firewall, rpc is encapsulated in the http header therefore it will go over the secure 443
2. You can only run rpc over http on Win XP SP1 with Outlook 2003 or Win 2003 Server. No other configurations are supported.
3. In order to get the “Proxy options” in the Outlook 2003 try to upgrade to Office 2003 XP1 and run the patch specified in the Q331320. Hopefully it will help

I'm trying to set up RPC over HTTP on my system right now. Learned quite a lot in the past week. Any questions e-mail me.


mymaleegoe8/6/2004 1:52:32 PM

Outlook 2003 on two of my PCs doesn't show 'Exchange over Internet' options in Connections tab either for some reason. However, the Outlook 2003 on my Exchange 2003 Server does have it, any idea why?

Kevin6/17/2004 9:10:53 AM

HI,
I have the same Problem. Is it possible to use RCP over HTTP on Windows 2000?

Thanks for any help
Martin

Martin Schmitz 6/7/2004 9:05:14 AM

You must log on before posting a comment.

Are you a new visitor? Register Here
Free Power Tools Brochure
Get Mark Minasi's 17-page guide today!



      

advertisement

GOOGLE LINKS
SPONSORED LINKS
FEATURED LINKS

White Papers

Your remote offices contain valuable electronic data – are they adequately protected? Learn how proven technologies can reliably and cost-effectively back up a branch office from a central location, in real time, to disk or tape, and even utilize existing backup solutions.

Downloads

PacketTrap IT is a comprehensive and affordable network management and application monitoring solution that solves problems associated with bandwidth, network and application performance, and connectivity. Gain insight into your network - try PacketTrapIT free for 21 days!

Web Seminars

IT administrators have to solve a myriad of problems. This web seminar outlines the ten most common systems management pains - including managing highly distributed systems and dealing with data theft/loss – and the best practices to address each.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

DevProConnections ITTV Left-Brain SharePointPro Connections SQL Server Magazine SuperSite for Windows Windows IT Pro

© Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.