Here is a
free tool
to monitor your Exchange Server.
Download and install the utility, then inspect your mail queues, monitor the
Exchange server's memory, confirm there is enough disk space and check the CPU
utilization.
Introduction to Exchange Server 2003 - RPC over HTTP
Replace those VPN internet connections with Microsoft's RPC over HTTP. The idea is for the full Outlook 2003 client to
collect their email from Exchange Server by using just port 443. RPC over HTTP was voted one of the top three reasons to migrate from Exchange Server 2000 to 2003.
Back to basics. RPC means remote procedure call and while this technology has been around a long
time, there is a new twist in Exchange 2003. Let me explain; in this context RPC means that Outlook 2003 can remotely connect to
Exchange and open its mailbox on the server. What's new is the ability to encapsulate these RPC commands in HTTP.
The killer advantage of RPC over HTTP is that you only have to open up port 443 (or 80) on the outer firewall. With earlier versions of Outlook and Exchange you would also need to open port 135 and possibly
port 53. These are two ports that hackers love to attack. To get the best out of this arrangement have an ISA server in the perimeter network, and configure it to connect to a front-end server
inside the second firewall.
What makes RPC over HTTP even more secure, is that by default, Outlook 2003 clients connect to the server using SSL.
Guy Recommends: SolarWinds Engineer's Toolset v10
The Engineer's Toolset v10 provides a comprehensive console of utilities
for troubleshooting computer problems. Guy says it helps me
monitor what's occurring on the network, and the tools teach me more about how the system
itself operates.
There are so many good gadgets, it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.
Download your copy of the Engineer's Toolset v 10
Remember that HTTP over RPC is new, so it's not available in Exchange Server 2000, or Outlook 2000.
Install the RPC over HTTP Proxy Service
I have to say that locating the server setting for RPC over HTTP had me in a spin. Then I remembered how Exchange 2003 relies on Windows 2003. Now it's easy, Add or Remove Programs, Windows
Components, Network Services and add RPC over HTTP Proxy.
Configure Basic Authentication in IIS
Your goal is to configure Basic Authentication. Launch the IIS snap-in. From there expand the ServerName, Default Web Site. The tricky part is right clicking and finding RPC.
Next, select properties make sure Basic Authentication is checked and Anonymous is disabled.
Optionally, you can configure the encryption level. On the Directory Service tab, click edit, secure communications and then require 128 Bit Encryption.
Deploy Front-end server inside the firewalls
Either position a front-end server in the perimeter network and then install the RPC Proxy service; or deploy an ISA server which then connects to the front-end server. (See Diagram above.)
Configuring for non-SSL connections
Your goal is edit the registry on the front-end server and add a DWORD called: AllowAnonymous
Getting Outlook 2003 to work with RPC over HTTP is not a trivial task. So for a large roll-out I suggest investigating the ORK (Office Resource Kit). Which ever method you employ, the steps
are similar, here is my checklist:
The XP clients, repeat XP, needs SP2 or hotfix Q331320
Head for the Control Panel, Mail icon. Create a new email account which uses Microsoft Exchange Server. So far so good.
Now for the first tricky part. Turn OFF Cached Exchange mode - just while you test and get it connected, later you can revert to the cached mode. Type in the username.
Here is the really difficult section. Our task is to find the 'Connect to my Exchange mailbox using HTTP'. Observe the Connection tab, note 4 options, but select the 'Connect to my
Exchange mailbox using HTTP' check box, and then click Exchange Proxy Settings.
This Outlook 2003 client needs the name of the Exchange 2003 server, so in the dialog box called: 'Use this URL to connect to my proxy server for Exchange', type in your server and domain name, for
example https://paris .cp.com (did you use HTTPS?). You should see another box called Connect Using SSL only, check this box and enable SSL.
Outlook 2003 is now ready to connect to Exchange 2003 using RPC over HTTP.
Guy Recommends:
The SolarWinds Exchange Monitor
Here is a
free tool to monitor your Exchange Server. Download and
install the utility, then inspect your mail queues, monitor the Exchange
server's memory, confirm there is enough disk space and check the CPU
utilization. This is the real deal - there is no catch. SolarWinds
provides this fully-functioning product for free, as part of their commitment to
supporting the network management community.
On the Exchange 2003 server, remember to install the RPC over HTTP network service.
Make sure that you have a Server certificate on the Exchange 2003 machine, not just on the domain controller.
If you navigate to the connections menu, but cannot see the 'Connect to my Exchange mailbox using HTTP'. tab, then apply SP2 to your Windows XP machine.
If you have problems connecting to Exchange 2003. From the Outlook 2003 client try: Run outlook rpcdiag.
Guy Recommends: A Free Trial of the Orion Network Configuration Monitor
(NCM) v6
Config management of routers, switches and firewalls is fun with
NCM (Network Configuration Manager.
Furthermore, it can help to
achieve your compliance policy, for example, pinpoint devices not backed
up and discover access infringements or even weak passwords. This Solarwinds NCM suite can not only detect violations, but also upload
scripts to correct the problem.
Most computer problems arise from configuration changes. Thus it makes
sense to get a proper monitoring system so that you can double-check that that
all the settings confirm to your security policy.
No wonder RPC over HTTP was voted a top feature of Microsoft Exchange 2003. With RPC over HTTP the clients get simpler connections and less configuration on their XP machines. Meanwhile, the network is
more secure because you have to open fewer ports on the firewall. However, I found configuring RPC over HTTP difficult, my salvation was attention to detail.
Learn how to find settings in the Exchange System Manager. Advice configuring your Exchange Server. Tips on how to get the most from your Exchange 2003 server.
Over 50 printer friendly pages Word and PDF format
