Hi Paul and Hans,I tried to create a setup similar to the one Paul did (with https on the internet and http on the secure lan). I couldn't get this working even on the 2.0.53, ie. owa and active sync works fine RPC does some strange things. If you wait a very long time ( more then5 minutes) it eventually gets a sync.However using a port forwording this works immediatly. Do you guys have the same timing problem or did I do something wrong? Inspecting a tcpdump shows rpc errors, however it is not clear to me what they mean.
Is there a way to do some troubleshooting on the RPC connection? How can I check my ssl offloading settings? The certificates are imported correctly as they are the same ones for the owa. My setup works fine if I try to make anr RPC over http(s) connection on the lan itself (checked with rpcdiagnostics in outlook).
Since everything works from the lan and the reverse proxy works for owa, I suppose it has something to do with the ssl ofloading settings? Do you use basic or ntlm authentication in the outlook settings? I suppose basic ?
kind regards, Pieter Paul Freeman wrote:
Hans Maurer <hans <at> red.roses.de> writes:Hi,I'm trying to grant road warrior users access to our company Exchange server through RPC over HTTP. In my setup, an Apache 2.2.2 on a FreeBSD server in the DMZ should act as a proxy between the Internet and the IIS on on the Exchange server. The communication is SSL-encrypted in both directions (SSLEngine and SSLProxyEngine On).Unfortunately, the Outlook client just hangs when trying to access Exchange through the proxy. The Apache error log shows these messages:Hans Thanks for your email. I was beginning to think I had configured something incorrectly (still may have!) in trying to get rpc over http working to an exchange 2003 SP2 server:-) I have been able to get OWA access to work without problems and can connect via rpc over http over the local LAN to the exchange server also. However, I am experiencing exactly the same problem you describe when trying to use apache as the front end proxy. I have tried apache 2.0.54, 2.0.58 and 2.2.2 and they all behave the same way in relation to this problem. I had also noticed the very long content length in some ethereal packet dumps I did on the non-ssl connection between apache and the exchange server (my config is outlook client -> (ssl) -> apache -> (non-ssl) -> exchange) but I was not sure what it meant. I will be keen to see if anyone has worked out how to overcome this. For the moment, I will try apache 2.0.53, as you mentioned it does work in this configuration. Regards Paul --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- --------------------------------------------------- Able: 1996-2006: already 10 safe years in YOUR company! aXs GUARD has completed security and anti-virus checks on this e-mail (http://www.axsguard.com) --------------------------------------------------- Able NV: ond.nr 0457.938.087 RPR Mechelen --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|