having trouble seeing my exchange server via outlook 2007 over the internet
connecting to my Exchange Enterprise Server 2003. Have followed Microsoft
instructions, testing first without use of of SSL certificates. I may be a
bit confused about front end and backend servers. I have one PC, a domain
controller at our office, a seperate PC with Exchange Only on it, connecting
to the Domain Controller, and another PC with Blackberry Enterprise
installed. The purpose of this is to get away from use of the VPN
connection required to be part of the local network for Exchange User access
off property. Sounds good configuring settings into the Outlook only and
preventing other local access this way. Any ideas? Again, cannot get the
Outlook to see the Exchange Server during the logon name and password to
server process.

You should be asking this question over in one of the
microsoft.public.exchange support groups. Also, you will need to clarify
your post a bit. Based on the below, I would assume that you have a single
Exchange server setup. If my understanding is right, you high level checks
would be...

1) Ensure that the RPC proxy component is installed on your Windows 2003
(SP1/SP2)/Exchange 2003 SP2 server

2) Enable the Exchange server as an RPC/HTTPS backend server. (Exchange
System Manager > Right click on server object > Properties > RPC-HTTP tab)
You may have to add the necessary registry keys to get this working.
Location in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

The DWORD value Enabled should be set to 1
The REG_SZ value ValidPorts would be set to
ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004

To explain the ValidPort line better, assume that the name of the Exchange
server is EXCH01 and the domain name I'm working with is contoso.com. The
ValidPorts entry would be:

exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004


3) I would test the connection on the internal network before testing from
the internet.

Other than that, test with SSL enabled and if you are using a private
(internal) certificates to secure the web/rpc proxy services, make sure that
a copy of the signing certificate authority is installed on the
workstations. The client operating system (assuming Windows XP SP2 or
newer) will verify the SSL certificate back to the issuing certificate
authority.

"Daniel Mazur" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> having trouble seeing my exchange server via outlook 2007 over the
> internet
> connecting to my Exchange Enterprise Server 2003. Have followed Microsoft
> instructions, testing first without use of of SSL certificates. I may be
> a
> bit confused about front end and backend servers. I have one PC, a domain
> controller at our office, a seperate PC with Exchange Only on it,
> connecting
> to the Domain Controller, and another PC with Blackberry Enterprise
> installed. The purpose of this is to get away from use of the VPN
> connection required to be part of the local network for Exchange User
> access
> off property. Sounds good configuring settings into the Outlook only and
> preventing other local access this way. Any ideas? Again, cannot get the
> Outlook to see the Exchange Server during the logon name and password to
> server process.
>
>
>

Thanks,

Your reply was most thorough. Got it working!


"neo [mvp outlook]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> You should be asking this question over in one of the
> microsoft.public.exchange support groups. Also, you will need to clarify
> your post a bit. Based on the below, I would assume that you have a
> single Exchange server setup. If my understanding is right, you high
> level checks would be...
>
> 1) Ensure that the RPC proxy component is installed on your Windows 2003
> (SP1/SP2)/Exchange 2003 SP2 server
>
> 2) Enable the Exchange server as an RPC/HTTPS backend server. (Exchange
> System Manager > Right click on server object > Properties > RPC-HTTP tab)
> You may have to add the necessary registry keys to get this working.
> Location in registry is:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>
> The DWORD value Enabled should be set to 1
> The REG_SZ value ValidPorts would be set to
> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>
> To explain the ValidPort line better, assume that the name of the Exchange
> server is EXCH01 and the domain name I'm working with is contoso.com. The
> ValidPorts entry would be:
>
> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>
>
> 3) I would test the connection on the internal network before testing from
> the internet.
>
> Other than that, test with SSL enabled and if you are using a private
> (internal) certificates to secure the web/rpc proxy services, make sure
> that a copy of the signing certificate authority is installed on the
> workstations. The client operating system (assuming Windows XP SP2 or
> newer) will verify the SSL certificate back to the issuing certificate
> authority.
>
> "Daniel Mazur" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> having trouble seeing my exchange server via outlook 2007 over the
>> internet
>> connecting to my Exchange Enterprise Server 2003. Have followed
>> Microsoft
>> instructions, testing first without use of of SSL certificates. I may be
>> a
>> bit confused about front end and backend servers. I have one PC, a
>> domain
>> controller at our office, a seperate PC with Exchange Only on it,
>> connecting
>> to the Domain Controller, and another PC with Blackberry Enterprise
>> installed. The purpose of this is to get away from use of the VPN
>> connection required to be part of the local network for Exchange User
>> access
>> off property. Sounds good configuring settings into the Outlook only and
>> preventing other local access this way. Any ideas? Again, cannot get
>> the
>> Outlook to see the Exchange Server during the logon name and password to
>> server process.
>>
>>
>>
>
>

Neo,

I have a similar situation, my domain is company.local, server name is
exchange

with respect to your suggestion to change ValidPorts entry:

at the moment I have:

exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004

do I need to change the above entry?

the outlook 2007 (installed in Windows XP SP2) rpc-over-http only works
outside the network only if it VPN in (we use ISA2004 here)

thanks,
Evans

"neo [mvp outlook]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> You should be asking this question over in one of the
> microsoft.public.exchange support groups. Also, you will need to clarify
> your post a bit. Based on the below, I would assume that you have a
> single Exchange server setup. If my understanding is right, you high
> level checks would be...
>
> 1) Ensure that the RPC proxy component is installed on your Windows 2003
> (SP1/SP2)/Exchange 2003 SP2 server
>
> 2) Enable the Exchange server as an RPC/HTTPS backend server. (Exchange
> System Manager > Right click on server object > Properties > RPC-HTTP tab)
> You may have to add the necessary registry keys to get this working.
> Location in registry is:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>
> The DWORD value Enabled should be set to 1
> The REG_SZ value ValidPorts would be set to
> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>
> To explain the ValidPort line better, assume that the name of the Exchange
> server is EXCH01 and the domain name I'm working with is contoso.com. The
> ValidPorts entry would be:
>
> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>
>
> 3) I would test the connection on the internal network before testing from
> the internet.
>
> Other than that, test with SSL enabled and if you are using a private
> (internal) certificates to secure the web/rpc proxy services, make sure
> that a copy of the signing certificate authority is installed on the
> workstations. The client operating system (assuming Windows XP SP2 or
> newer) will verify the SSL certificate back to the issuing certificate
> authority.
>
> "Daniel Mazur" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> having trouble seeing my exchange server via outlook 2007 over the
>> internet
>> connecting to my Exchange Enterprise Server 2003. Have followed
>> Microsoft
>> instructions, testing first without use of of SSL certificates. I may be
>> a
>> bit confused about front end and backend servers. I have one PC, a
>> domain
>> controller at our office, a seperate PC with Exchange Only on it,
>> connecting
>> to the Domain Controller, and another PC with Blackberry Enterprise
>> installed. The purpose of this is to get away from use of the VPN
>> connection required to be part of the local network for Exchange User
>> access
>> off property. Sounds good configuring settings into the Outlook only and
>> preventing other local access this way. Any ideas? Again, cannot get
>> the
>> Outlook to see the Exchange Server during the logon name and password to
>> server process.
>>
>>
>>
>
>

ISA2004 adds a layer of complexity, but
http://www.isaserver.org/tutorials/2...owamobile.html might be helpful to
you.


"Evans Leung" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Neo,
>
> I have a similar situation, my domain is company.local, server name is
> exchange
>
> with respect to your suggestion to change ValidPorts entry:
>
> at the moment I have:
>
> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>
> do I need to change the above entry?
>
> the outlook 2007 (installed in Windows XP SP2) rpc-over-http only works
> outside the network only if it VPN in (we use ISA2004 here)
>
> thanks,
> Evans
>
> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> You should be asking this question over in one of the
>> microsoft.public.exchange support groups. Also, you will need to clarify
>> your post a bit. Based on the below, I would assume that you have a
>> single Exchange server setup. If my understanding is right, you high
>> level checks would be...
>>
>> 1) Ensure that the RPC proxy component is installed on your Windows 2003
>> (SP1/SP2)/Exchange 2003 SP2 server
>>
>> 2) Enable the Exchange server as an RPC/HTTPS backend server. (Exchange
>> System Manager > Right click on server object > Properties > RPC-HTTP
>> tab) You may have to add the necessary registry keys to get this working.
>> Location in registry is:
>>
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>
>> The DWORD value Enabled should be set to 1
>> The REG_SZ value ValidPorts would be set to
>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>
>> To explain the ValidPort line better, assume that the name of the
>> Exchange server is EXCH01 and the domain name I'm working with is
>> contoso.com. The ValidPorts entry would be:
>>
>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>
>>
>> 3) I would test the connection on the internal network before testing
>> from the internet.
>>
>> Other than that, test with SSL enabled and if you are using a private
>> (internal) certificates to secure the web/rpc proxy services, make sure
>> that a copy of the signing certificate authority is installed on the
>> workstations. The client operating system (assuming Windows XP SP2 or
>> newer) will verify the SSL certificate back to the issuing certificate
>> authority.
>>
>> "Daniel Mazur" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> having trouble seeing my exchange server via outlook 2007 over the
>>> internet
>>> connecting to my Exchange Enterprise Server 2003. Have followed
>>> Microsoft
>>> instructions, testing first without use of of SSL certificates. I may
>>> be a
>>> bit confused about front end and backend servers. I have one PC, a
>>> domain
>>> controller at our office, a seperate PC with Exchange Only on it,
>>> connecting
>>> to the Domain Controller, and another PC with Blackberry Enterprise
>>> installed. The purpose of this is to get away from use of the VPN
>>> connection required to be part of the local network for Exchange User
>>> access
>>> off property. Sounds good configuring settings into the Outlook only
>>> and
>>> preventing other local access this way. Any ideas? Again, cannot get
>>> the
>>> Outlook to see the Exchange Server during the logon name and password to
>>> server process.
>>>
>>>
>>>
>>
>>
>
>

thanks for your reply, it puzzeles me that the current setup has been
working well with Outlook 2003 but not Outlook 2007...

Evans

"neo [mvp outlook]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> ISA2004 adds a layer of complexity, but
> http://www.isaserver.org/tutorials/2...owamobile.html might be helpful
> to you.
>
>
> "Evans Leung" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Neo,
>>
>> I have a similar situation, my domain is company.local, server name is
>> exchange
>>
>> with respect to your suggestion to change ValidPorts entry:
>>
>> at the moment I have:
>>
>> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>>
>> do I need to change the above entry?
>>
>> the outlook 2007 (installed in Windows XP SP2) rpc-over-http only works
>> outside the network only if it VPN in (we use ISA2004 here)
>>
>> thanks,
>> Evans
>>
>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> You should be asking this question over in one of the
>>> microsoft.public.exchange support groups. Also, you will need to
>>> clarify your post a bit. Based on the below, I would assume that you
>>> have a single Exchange server setup. If my understanding is right, you
>>> high level checks would be...
>>>
>>> 1) Ensure that the RPC proxy component is installed on your Windows 2003
>>> (SP1/SP2)/Exchange 2003 SP2 server
>>>
>>> 2) Enable the Exchange server as an RPC/HTTPS backend server. (Exchange
>>> System Manager > Right click on server object > Properties > RPC-HTTP
>>> tab) You may have to add the necessary registry keys to get this
>>> working. Location in registry is:
>>>
>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>>
>>> The DWORD value Enabled should be set to 1
>>> The REG_SZ value ValidPorts would be set to
>>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>>
>>> To explain the ValidPort line better, assume that the name of the
>>> Exchange server is EXCH01 and the domain name I'm working with is
>>> contoso.com. The ValidPorts entry would be:
>>>
>>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>>
>>>
>>> 3) I would test the connection on the internal network before testing
>>> from the internet.
>>>
>>> Other than that, test with SSL enabled and if you are using a private
>>> (internal) certificates to secure the web/rpc proxy services, make sure
>>> that a copy of the signing certificate authority is installed on the
>>> workstations. The client operating system (assuming Windows XP SP2 or
>>> newer) will verify the SSL certificate back to the issuing certificate
>>> authority.
>>>
>>> "Daniel Mazur" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> having trouble seeing my exchange server via outlook 2007 over the
>>>> internet
>>>> connecting to my Exchange Enterprise Server 2003. Have followed
>>>> Microsoft
>>>> instructions, testing first without use of of SSL certificates. I may
>>>> be a
>>>> bit confused about front end and backend servers. I have one PC, a
>>>> domain
>>>> controller at our office, a seperate PC with Exchange Only on it,
>>>> connecting
>>>> to the Domain Controller, and another PC with Blackberry Enterprise
>>>> installed. The purpose of this is to get away from use of the VPN
>>>> connection required to be part of the local network for Exchange User
>>>> access
>>>> off property. Sounds good configuring settings into the Outlook only
>>>> and
>>>> preventing other local access this way. Any ideas? Again, cannot get
>>>> the
>>>> Outlook to see the Exchange Server during the logon name and password
>>>> to
>>>> server process.
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Interesting. What kind of certificate are you using on the ISA box?
(wildcard, san, .etc)

"Evans Leung" <(E-Mail Removed)> wrote in message
news:e7%23Eq$(E-Mail Removed)...
> thanks for your reply, it puzzeles me that the current setup has been
> working well with Outlook 2003 but not Outlook 2007...
>
> Evans
>
> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> ISA2004 adds a layer of complexity, but
>> http://www.isaserver.org/tutorials/2...owamobile.html might be helpful
>> to you.
>>
>>
>> "Evans Leung" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Neo,
>>>
>>> I have a similar situation, my domain is company.local, server name is
>>> exchange
>>>
>>> with respect to your suggestion to change ValidPorts entry:
>>>
>>> at the moment I have:
>>>
>>> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>>>
>>> do I need to change the above entry?
>>>
>>> the outlook 2007 (installed in Windows XP SP2) rpc-over-http only works
>>> outside the network only if it VPN in (we use ISA2004 here)
>>>
>>> thanks,
>>> Evans
>>>
>>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> You should be asking this question over in one of the
>>>> microsoft.public.exchange support groups. Also, you will need to
>>>> clarify your post a bit. Based on the below, I would assume that you
>>>> have a single Exchange server setup. If my understanding is right, you
>>>> high level checks would be...
>>>>
>>>> 1) Ensure that the RPC proxy component is installed on your Windows
>>>> 2003 (SP1/SP2)/Exchange 2003 SP2 server
>>>>
>>>> 2) Enable the Exchange server as an RPC/HTTPS backend server. (Exchange
>>>> System Manager > Right click on server object > Properties > RPC-HTTP
>>>> tab) You may have to add the necessary registry keys to get this
>>>> working. Location in registry is:
>>>>
>>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>>>
>>>> The DWORD value Enabled should be set to 1
>>>> The REG_SZ value ValidPorts would be set to
>>>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>>>
>>>> To explain the ValidPort line better, assume that the name of the
>>>> Exchange server is EXCH01 and the domain name I'm working with is
>>>> contoso.com. The ValidPorts entry would be:
>>>>
>>>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>>>
>>>>
>>>> 3) I would test the connection on the internal network before testing
>>>> from the internet.
>>>>
>>>> Other than that, test with SSL enabled and if you are using a private
>>>> (internal) certificates to secure the web/rpc proxy services, make sure
>>>> that a copy of the signing certificate authority is installed on the
>>>> workstations. The client operating system (assuming Windows XP SP2 or
>>>> newer) will verify the SSL certificate back to the issuing certificate
>>>> authority.
>>>>
>>>> "Daniel Mazur" <(E-Mail Removed)> wrote in message
>>>> news:%(E-Mail Removed)...
>>>>> having trouble seeing my exchange server via outlook 2007 over the
>>>>> internet
>>>>> connecting to my Exchange Enterprise Server 2003. Have followed
>>>>> Microsoft
>>>>> instructions, testing first without use of of SSL certificates. I may
>>>>> be a
>>>>> bit confused about front end and backend servers. I have one PC, a
>>>>> domain
>>>>> controller at our office, a seperate PC with Exchange Only on it,
>>>>> connecting
>>>>> to the Domain Controller, and another PC with Blackberry Enterprise
>>>>> installed. The purpose of this is to get away from use of the VPN
>>>>> connection required to be part of the local network for Exchange User
>>>>> access
>>>>> off property. Sounds good configuring settings into the Outlook only
>>>>> and
>>>>> preventing other local access this way. Any ideas? Again, cannot get
>>>>> the
>>>>> Outlook to see the Exchange Server during the logon name and password
>>>>> to
>>>>> server process.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Verisign

"neo [mvp outlook]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Interesting. What kind of certificate are you using on the ISA box?
> (wildcard, san, .etc)
>
> "Evans Leung" <(E-Mail Removed)> wrote in message
> news:e7%23Eq$(E-Mail Removed)...
>> thanks for your reply, it puzzeles me that the current setup has been
>> working well with Outlook 2003 but not Outlook 2007...
>>
>> Evans
>>
>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> ISA2004 adds a layer of complexity, but
>>> http://www.isaserver.org/tutorials/2...owamobile.html might be
>>> helpful to you.
>>>
>>>
>>> "Evans Leung" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Neo,
>>>>
>>>> I have a similar situation, my domain is company.local, server name is
>>>> exchange
>>>>
>>>> with respect to your suggestion to change ValidPorts entry:
>>>>
>>>> at the moment I have:
>>>>
>>>> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>>>>
>>>> do I need to change the above entry?
>>>>
>>>> the outlook 2007 (installed in Windows XP SP2) rpc-over-http only works
>>>> outside the network only if it VPN in (we use ISA2004 here)
>>>>
>>>> thanks,
>>>> Evans
>>>>
>>>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>>>> news:%(E-Mail Removed)...
>>>>> You should be asking this question over in one of the
>>>>> microsoft.public.exchange support groups. Also, you will need to
>>>>> clarify your post a bit. Based on the below, I would assume that you
>>>>> have a single Exchange server setup. If my understanding is right,
>>>>> you high level checks would be...
>>>>>
>>>>> 1) Ensure that the RPC proxy component is installed on your Windows
>>>>> 2003 (SP1/SP2)/Exchange 2003 SP2 server
>>>>>
>>>>> 2) Enable the Exchange server as an RPC/HTTPS backend server.
>>>>> (Exchange System Manager > Right click on server object > Properties >
>>>>> RPC-HTTP tab) You may have to add the necessary registry keys to get
>>>>> this working. Location in registry is:
>>>>>
>>>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>>>>
>>>>> The DWORD value Enabled should be set to 1
>>>>> The REG_SZ value ValidPorts would be set to
>>>>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>>>>
>>>>> To explain the ValidPort line better, assume that the name of the
>>>>> Exchange server is EXCH01 and the domain name I'm working with is
>>>>> contoso.com. The ValidPorts entry would be:
>>>>>
>>>>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>>>>
>>>>>
>>>>> 3) I would test the connection on the internal network before testing
>>>>> from the internet.
>>>>>
>>>>> Other than that, test with SSL enabled and if you are using a private
>>>>> (internal) certificates to secure the web/rpc proxy services, make
>>>>> sure that a copy of the signing certificate authority is installed on
>>>>> the workstations. The client operating system (assuming Windows XP
>>>>> SP2 or newer) will verify the SSL certificate back to the issuing
>>>>> certificate authority.
>>>>>
>>>>> "Daniel Mazur" <(E-Mail Removed)> wrote in message
>>>>> news:%(E-Mail Removed)...
>>>>>> having trouble seeing my exchange server via outlook 2007 over the
>>>>>> internet
>>>>>> connecting to my Exchange Enterprise Server 2003. Have followed
>>>>>> Microsoft
>>>>>> instructions, testing first without use of of SSL certificates. I
>>>>>> may be a
>>>>>> bit confused about front end and backend servers. I have one PC, a
>>>>>> domain
>>>>>> controller at our office, a seperate PC with Exchange Only on it,
>>>>>> connecting
>>>>>> to the Domain Controller, and another PC with Blackberry Enterprise
>>>>>> installed. The purpose of this is to get away from use of the VPN
>>>>>> connection required to be part of the local network for Exchange User
>>>>>> access
>>>>>> off property. Sounds good configuring settings into the Outlook only
>>>>>> and
>>>>>> preventing other local access this way. Any ideas? Again, cannot
>>>>>> get the
>>>>>> Outlook to see the Exchange Server during the logon name and password
>>>>>> to
>>>>>> server process.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Not quite what I'm asking. A wildcard certificate shows that the name the
certificate was issued to is *.some.domain. A subject alternatitive name
(SAN) is where the certificate is multiple fqdn server names. For example,
you can have a certificate that can be used for owa.some.domain,
autodiscovery.some.domain, smtp.some.domain, pop3.some.domain, .etc.

"Evans Leung" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Verisign
>
> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Interesting. What kind of certificate are you using on the ISA box?
>> (wildcard, san, .etc)
>>
>> "Evans Leung" <(E-Mail Removed)> wrote in message
>> news:e7%23Eq$(E-Mail Removed)...
>>> thanks for your reply, it puzzeles me that the current setup has been
>>> working well with Outlook 2003 but not Outlook 2007...
>>>
>>> Evans
>>>
>>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> ISA2004 adds a layer of complexity, but
>>>> http://www.isaserver.org/tutorials/2...owamobile.html might be
>>>> helpful to you.
>>>>
>>>>
>>>> "Evans Leung" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> Neo,
>>>>>
>>>>> I have a similar situation, my domain is company.local, server name is
>>>>> exchange
>>>>>
>>>>> with respect to your suggestion to change ValidPorts entry:
>>>>>
>>>>> at the moment I have:
>>>>>
>>>>> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>>>>>
>>>>> do I need to change the above entry?
>>>>>
>>>>> the outlook 2007 (installed in Windows XP SP2) rpc-over-http only
>>>>> works outside the network only if it VPN in (we use ISA2004 here)
>>>>>
>>>>> thanks,
>>>>> Evans
>>>>>
>>>>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>>>>> news:%(E-Mail Removed)...
>>>>>> You should be asking this question over in one of the
>>>>>> microsoft.public.exchange support groups. Also, you will need to
>>>>>> clarify your post a bit. Based on the below, I would assume that you
>>>>>> have a single Exchange server setup. If my understanding is right,
>>>>>> you high level checks would be...
>>>>>>
>>>>>> 1) Ensure that the RPC proxy component is installed on your Windows
>>>>>> 2003 (SP1/SP2)/Exchange 2003 SP2 server
>>>>>>
>>>>>> 2) Enable the Exchange server as an RPC/HTTPS backend server.
>>>>>> (Exchange System Manager > Right click on server object > Properties
>>>>>> > RPC-HTTP tab) You may have to add the necessary registry keys to
>>>>>> get this working. Location in registry is:
>>>>>>
>>>>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>>>>>
>>>>>> The DWORD value Enabled should be set to 1
>>>>>> The REG_SZ value ValidPorts would be set to
>>>>>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>>>>>
>>>>>> To explain the ValidPort line better, assume that the name of the
>>>>>> Exchange server is EXCH01 and the domain name I'm working with is
>>>>>> contoso.com. The ValidPorts entry would be:
>>>>>>
>>>>>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>>>>>
>>>>>>
>>>>>> 3) I would test the connection on the internal network before testing
>>>>>> from the internet.
>>>>>>
>>>>>> Other than that, test with SSL enabled and if you are using a private
>>>>>> (internal) certificates to secure the web/rpc proxy services, make
>>>>>> sure that a copy of the signing certificate authority is installed on
>>>>>> the workstations. The client operating system (assuming Windows XP
>>>>>> SP2 or newer) will verify the SSL certificate back to the issuing
>>>>>> certificate authority.
>>>>>>
>>>>>> "Daniel Mazur" <(E-Mail Removed)> wrote in message
>>>>>> news:%(E-Mail Removed)...
>>>>>>> having trouble seeing my exchange server via outlook 2007 over the
>>>>>>> internet
>>>>>>> connecting to my Exchange Enterprise Server 2003. Have followed
>>>>>>> Microsoft
>>>>>>> instructions, testing first without use of of SSL certificates. I
>>>>>>> may be a
>>>>>>> bit confused about front end and backend servers. I have one PC, a
>>>>>>> domain
>>>>>>> controller at our office, a seperate PC with Exchange Only on it,
>>>>>>> connecting
>>>>>>> to the Domain Controller, and another PC with Blackberry Enterprise
>>>>>>> installed. The purpose of this is to get away from use of the VPN
>>>>>>> connection required to be part of the local network for Exchange
>>>>>>> User access
>>>>>>> off property. Sounds good configuring settings into the Outlook
>>>>>>> only and
>>>>>>> preventing other local access this way. Any ideas? Again, cannot
>>>>>>> get the
>>>>>>> Outlook to see the Exchange Server during the logon name and
>>>>>>> password to
>>>>>>> server process.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

not a wild card one, just one, owa."company.com"

"neo [mvp outlook]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Not quite what I'm asking. A wildcard certificate shows that the name the
> certificate was issued to is *.some.domain. A subject alternatitive name
> (SAN) is where the certificate is multiple fqdn server names. For
> example, you can have a certificate that can be used for owa.some.domain,
> autodiscovery.some.domain, smtp.some.domain, pop3.some.domain, .etc.
>
> "Evans Leung" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Verisign
>>
>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Interesting. What kind of certificate are you using on the ISA box?
>>> (wildcard, san, .etc)
>>>
>>> "Evans Leung" <(E-Mail Removed)> wrote in message
>>> news:e7%23Eq$(E-Mail Removed)...
>>>> thanks for your reply, it puzzeles me that the current setup has been
>>>> working well with Outlook 2003 but not Outlook 2007...
>>>>
>>>> Evans
>>>>
>>>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> ISA2004 adds a layer of complexity, but
>>>>> http://www.isaserver.org/tutorials/2...owamobile.html might be
>>>>> helpful to you.
>>>>>
>>>>>
>>>>> "Evans Leung" <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>> Neo,
>>>>>>
>>>>>> I have a similar situation, my domain is company.local, server name
>>>>>> is exchange
>>>>>>
>>>>>> with respect to your suggestion to change ValidPorts entry:
>>>>>>
>>>>>> at the moment I have:
>>>>>>
>>>>>> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>>>>>>
>>>>>> do I need to change the above entry?
>>>>>>
>>>>>> the outlook 2007 (installed in Windows XP SP2) rpc-over-http only
>>>>>> works outside the network only if it VPN in (we use ISA2004 here)
>>>>>>
>>>>>> thanks,
>>>>>> Evans
>>>>>>
>>>>>> "neo [mvp outlook]" <(E-Mail Removed)> wrote in message
>>>>>> news:%(E-Mail Removed)...
>>>>>>> You should be asking this question over in one of the
>>>>>>> microsoft.public.exchange support groups. Also, you will need to
>>>>>>> clarify your post a bit. Based on the below, I would assume that
>>>>>>> you have a single Exchange server setup. If my understanding is
>>>>>>> right, you high level checks would be...
>>>>>>>
>>>>>>> 1) Ensure that the RPC proxy component is installed on your Windows
>>>>>>> 2003 (SP1/SP2)/Exchange 2003 SP2 server
>>>>>>>
>>>>>>> 2) Enable the Exchange server as an RPC/HTTPS backend server.
>>>>>>> (Exchange System Manager > Right click on server object > Properties
>>>>>>> > RPC-HTTP tab) You may have to add the necessary registry keys to
>>>>>>> get this working. Location in registry is:
>>>>>>>
>>>>>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>>>>>>
>>>>>>> The DWORD value Enabled should be set to 1
>>>>>>> The REG_SZ value ValidPorts would be set to
>>>>>>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>>>>>>
>>>>>>> To explain the ValidPort line better, assume that the name of the
>>>>>>> Exchange server is EXCH01 and the domain name I'm working with is
>>>>>>> contoso.com. The ValidPorts entry would be:
>>>>>>>
>>>>>>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>>>>>>
>>>>>>>
>>>>>>> 3) I would test the connection on the internal network before
>>>>>>> testing from the internet.
>>>>>>>
>>>>>>> Other than that, test with SSL enabled and if you are using a
>>>>>>> private (internal) certificates to secure the web/rpc proxy
>>>>>>> services, make sure that a copy of the signing certificate authority
>>>>>>> is installed on the workstations. The client operating system
>>>>>>> (assuming Windows XP SP2 or newer) will verify the SSL certificate
>>>>>>> back to the issuing certificate authority.
>>>>>>>
>>>>>>> "Daniel Mazur" <(E-Mail Removed)> wrote in message
>>>>>>> news:%(E-Mail Removed)...
>>>>>>>> having trouble seeing my exchange server via outlook 2007 over the
>>>>>>>> internet
>>>>>>>> connecting to my Exchange Enterprise Server 2003. Have followed
>>>>>>>> Microsoft
>>>>>>>> instructions, testing first without use of of SSL certificates. I
>>>>>>>> may be a
>>>>>>>> bit confused about front end and backend servers. I have one PC, a
>>>>>>>> domain
>>>>>>>> controller at our office, a seperate PC with Exchange Only on it,
>>>>>>>> connecting
>>>>>>>> to the Domain Controller, and another PC with Blackberry Enterprise
>>>>>>>> installed. The purpose of this is to get away from use of the VPN
>>>>>>>> connection required to be part of the local network for Exchange
>>>>>>>> User access
>>>>>>>> off property. Sounds good configuring settings into the Outlook
>>>>>>>> only and
>>>>>>>> preventing other local access this way. Any ideas? Again, cannot
>>>>>>>> get the
>>>>>>>> Outlook to see the Exchange Server during the logon name and
>>>>>>>> password to
>>>>>>>> server process.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>