Export (0) Print
Expand All
Expand Minimize

How to Configure the RPC Virtual Directory in IIS

 

Topic Last Modified: 2007-03-26

This topic explains how to configure the RPC virtual directory in Internet Information Services (IIS) and how to configure the RPC virtual directory to use Secure Sockets Layer (SSL) for all client-side connections

After you have configured a server in your organization as an RPC proxy server, you must configure the RPC virtual directory in IIS if either of the following conditions is true:

  • The RPC proxy server is running Microsoft® Exchange Server 2003 and does not have Service Pack 1 (SP1) installed.
  • You have SP1 installed in your organization, but you do not have a front-end server.

After completing these procedures, your RPC virtual directory will be ready to use Basic authentication and NTLM authentication.

Before you perform the procedures in this topic, confirm that you have configured a server as an RPC proxy server by installing the Microsoft Windows® RPC networking component.

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In Internet Information Services (IIS) Manager, in the console tree, expand the server you want, then expand Web Sites.

  3. Expand Default Web Site, right-click the RPC virtual directory, and then click Properties.

  4. In the RPC Virtual Directory Properties page, on the Directory Security tab, in the Authentication and access control pane, click Edit.

  5. In the Authentication Methods window, verify that the check box next to Enable anonymous access is cleared.

    noteNote:
    RPC over HTTP does not allow anonymous access by default, despite what the user interface shows.
  6. In the Authentication Methods window, under Authenticated access, select the check box next to Basic authentication (password is sent in clear text) and click OK. You receive the following message:

    The authentication option you have selected results in passwords being transmitted over the network without data encryption. Someone attempting to compromise your system security could use a protocol analyzer to examine user passwords during the authentication process. For more detail on user authentication, consult the online help. This warning does not apply to HTTPS(orSSL) connections.

    Are you sure you want to continue?

    noteNote:
    In this error message, the word "HTTPS(orSSL)" is a misspelling for the words "HTTPS (or SSL)."

    In the Authentication Methods window, under Authenticated access, you can also select the check box next to Integrated Windows authentication (NTLM). However, it is recommended that you use Basic authentication over NTLM because of two reasons. First, RPC over HTTP currently supports only NTLM – it doesn’t support Kerberos. Second, if there is an HTTP Proxy or a firewall between the RPC over HTTP client and the RPC Proxy, which inserts via the pragma in the HTTP header, NTLM authentication will not work. For more information see, RPC over HTTP Deployment Recommendations.

  7. To save your settings, click Apply, and then click OK.

  8. Ensure that you have a valid SSL certificate installed on the virtual server.

The RPC virtual directory is configured to use basic authentication. We recommend that you use SSL together with basic authentication. To enable SSL on the RPC virtual directory, you must obtain and publish a certificate. This procedure assumes that you have obtained and published a certificate. To configure the RPC virtual directory to require SSL for all client-side connections, follow these steps:

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. Expand Web Sites, expand Default Web Site, right-click Rpc, and then click Properties.

  3. Click the Directory Security tab, and then click Edit under Secure communications.

  4. Click to select the Require secure channel (SSL) check box and the Require 128-bit encryption check box.

    noteNote:
    We recommend that you click to select the Require 128-bit encryption check box. However, RPC over HTTP functions correctly even if you do not require 128-bit encryption.
  5. Click OK, click Apply, and then click OK.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft