RPC over HTTP Interactions on the RPC Proxy Server

 

Microsoft® Office Outlook® establishes an HTTP session over Secure Sockets Layer (SSL) between the client and the RPC proxy server for each connection that Outlook makes to the server running Microsoft Exchange Server. Outlook sends MAPI RPC requests over this HTTP session to the Exchange server. The RPC over HTTP Proxy networking component on the RPC proxy server extracts the RPC requests from the HTTP session and forwards these requests to the server that is specified in the RPC request. It is recommended that your RPC proxy server is an Exchange front-end server.

RpcProxy.dll is the DLL that controls the extraction of RPC requests from the HTTP session. RpcProxy.dll is an Internet Server API (ISAPI) that runs in Internet Information Services (IIS). RpcProxy.dll listens for activity on the RPC virtual directory.

IIS authenticates the HTTP request using Basic authentication or NTLM authentication, depending on the Outlook profile setting. After IIS authenticates the request, it sends the request to RpcProxy.dll. RpcProxy.dll only accepts authenticated requests. Even if IIS is configured to allow anonymous users, RpcProxy.dll does not forward an anonymous request to the Exchange server. Additionally, RpcProxy.dll only accepts HTTP requests over SSL. If the HTTP session does not use SSL, RpcProxy.dll blocks the request.

Note

If you offload SSL, you must configure an additional registry key to tell the RPC over HTTP Proxy networking component to accept non-SSL connections. An example of SSL offloading is when the firewall in front of the RPC proxy server stops the SSL session. For information about how to configure the RPC proxy server for SSL offloading, see How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server.

RpcProxy.dll forwards RPC requests to specific services on Exchange servers. Each service is specified by a port number in the RPC request. The following services are the allowed services:

  • Microsoft Exchange Information Store service (port 6001)

  • The referral service of DSProxy within the Exchange system attendant service (port 6002)

  • DSProxy service within the Exchange system attendant service (port 6004)

The valid ports are contained in the following registry key on the RPC proxy server:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

In Exchange Server 2003 Service Pack 1 (SP1), the system attendant can maintain the ValidPorts registry entry automatically. The system attendant updates the ValidPorts registry entry when you add new RPC over HTTP back-end servers to the organization.

Note

For information about editing the registry to set the ValidPorts registry value, see How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP.

You can install the RPC over HTTP Proxy networking component on a back-end server. You should only install the RPC over HTTP Proxy networking component on a back-end server if you do not have an Exchange front-end server in your organization. If you install the RPC over HTTP Proxy networking component on a back-end server, you must manually configure the RPC over HTTP Proxy component settings and IIS settings.