How to Configure the RPC Virtual Directory in IIS

This topic explains how to configure the RPC virtual directory in Internet Information Services (IIS) and how to configure the RPC virtual directory to use Secure Sockets Layer (SSL) for all client-side connections

After you have configured a server in your organization as an RPC proxy server, you must configure the RPC virtual directory in IIS if either of the following conditions is true:

• The RPC proxy server is running Microsoft® Exchange Server 2003 and does not have Service Pack 1 (SP1) installed.

• You have SP1 installed in your organization, but you do not have a front-end server.

After completing these procedures, your RPC virtual directory will be ready to use Basic authentication and NTLM authentication.

Before You Begin

Before you perform the procedures in this topic, confirm that you have configured a server as an RPC proxy server by installing the Microsoft Windows® RPC networking component.

Procedure to Configure RPC Virtual Directory in IIS

To configure the RPC virtual directory in IIS

1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

2. In Internet Information Services (IIS) Manager, in the console tree, expand the server you want, then expand Web Sites.

3. Expand Default Web Site, right-click the RPC virtual directory, and then click Properties.

4. In the RPC Virtual Directory Properties page, on the Directory Security tab, in the Authentication and access control pane, click Edit.

5. In the Authentication Methods window, verify that the check box next to Enable anonymous access is cleared.

   Note

   RPC over HTTP does not allow anonymous access by default, despite what the user interface shows.

6. In the Authentication Methods window, under Authenticated access, select the check box next to Basic authentication (password is sent in clear text) and click OK. You receive the following message:

   The authentication option you have selected results in passwords being transmitted over the network without data encryption. Someone attempting to compromise your system security could use a protocol analyzer to examine user passwords during the authentication process. For more detail on user authentication, consult the online help. This warning does not apply to HTTPS(orSSL) connections.

   Are you sure you want to continue?

   Note

   In this error message, the word "HTTPS(orSSL)" is a misspelling for the words "HTTPS (or SSL)."

   In the Authentication Methods window, under Authenticated access, you can also select the check box next to Integrated Windows authentication (NTLM). However, it is recommended that you use Basic authentication over NTLM because of two reasons. First, RPC over HTTP currently supports only NTLM – it doesn’t support Kerberos. Second, if there is an HTTP Proxy or a firewall between the RPC over HTTP client and the RPC Proxy, which inserts via the pragma in the HTTP header, NTLM authentication will not work. For more information see, RPC over HTTP Deployment Recommendations.

7. To save your settings, click Apply, and then click OK.

8. Ensure that you have a valid SSL certificate installed on the virtual server.

Procedure to Configure RPC Virtual Directory to Use SSL

The RPC virtual directory is configured to use basic authentication. We recommend that you use SSL together with basic authentication. To enable SSL on the RPC virtual directory, you must obtain and publish a certificate. This procedure assumes that you have obtained and published a certificate. To configure the RPC virtual directory to require SSL for all client-side connections, follow these steps:

To configure RPC virtual directory to use SSL

1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

2. Expand Web Sites, expand Default Web Site, right-click Rpc, and then click Properties.

3. Click the Directory Security tab, and then click Edit under Secure communications.

4. Click to select the Require secure channel (SSL) check box and the Require 128-bit encryption check box.

   Note

   We recommend that you click to select the Require 128-bit encryption check box. However, RPC over HTTP functions correctly even if you do not require 128-bit encryption.

5. Click OK, click Apply, and then click OK.

For More Information

For information about setting up SSL and obtaining a server certificate from a Certificate Authority, see How to Use SSL to Secure the Communications Between the Client Messaging Applications and the Exchange Front-End Server.

For more information, see the following topics in Exchange Server 2003 RPC over HTTP Deployment Scenarios:

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No Front-End Server

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-End/Back-End Scenario

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-End/Back-End Scenario, Back End on Global Catalog Server

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-End Server

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-End Server, Back-End on Global Catalog Server

• How to Verify RPC Virtual Directory Configuration