RPC over HTTP with Basic Authentication and no SSL

[erezy]

hey,

my corp server has http access with no certificate.
my laptop is NOT part of the domain.
trying to set outlook 2007 to use RPC over HTTP i tried to use NTLM but i
keep getting prompted for my password, no matter what i do.
setting the security to Basic locks the checkbox for SSL as checked, which
means it wont work, because the server doesnt support https.

if i log on to the lan using the vpn, it works with NTLM. at least i am
assuming its that since i checked both checkboxes saying on slow and fast
networks use HTTP first...

any ideas? the point is not to have to connect to the lan using the VPN, but
still have outlook 2007 instead of OWA that i am forced to use....

thanks,
erez

 

[neo [mvp outlook]]

You will not be able to connect unless the folks that run Exchange downgrade
the security or get a SSL certificate installed on the website/server. Just
so you know why I'm saying this is that Microsoft designed Outlook 2003/7
and Exchange 2003/7 to be more secure out of the box, and ensuring that
traffic goes across via SSL falls under that default design when it comes to
RPC over HTTPS.

 

[erezy]

"he folks that run Exchange downgrade the security" -
does this mean the ppl at my company?
that would mean its possible, the question is how.

my logic says that if our OWA is only available using http anyways, why
wouldnt the RPC over HTTP accpet that?
what is the difference?

 

[neo [mvp outlook]]

Yes, the folks at your company that run Exchange. I doubt they would do it
since Microsoft does not recommend this type of configuration for an
internet facing system.

Most think RPC/HTTPS is nothing more than Outlook 2003/7 connecting to OWA
to retrieve data, but it isn't. The two solutions are very different with
different needs.

 

[Tish]

I have the same problem and you are correct that the 'folks who run exchange
back at my server' aren't enthusiastic about downgrading security. (By the
way, I'm also the person who runs exchange on our server so it's myself I'm
protesting to.) Getting a certificate seems an expensive business unless you
know of someplace we could get one for a low cost. We use our server for a
non profit foundation and budgets are very lean. Where do we even go to get
a certificate? Thanks. Appreciate all the good advice that comes from both
the person identifying an issue and the people answering in the Community.
Just reading through the items looking for one that suits my problem is
educational.

 

[neo [mvp outlook]]

Try XRamp
https://www.securetrust.com/sslcertificates/premium/

At the bottom a 3 year certificate is $225.

 

[Gregg Hill]

My GoDaddy Turbo SSL certificate cost me $16.99 per year when I bought a
10-yr cert. Exchange 2003 will even work with a free self-signed cert for
OMA, OWA, and RPC over HTTPS. A public cert is not required, but it sure is
more convenient.

The original post way back in 2006 (a good reason to start one's own post!)
claimed that "...locks the checkbox for SSL as checked, which
means it wont work, because the server doesnt support https." That server
must not have been Exchange 2003, or it was set up wrong, as Exchange 2003
most certainly does support SSL for OMA, OWA, and RPC over HTTPS. If his OWA
"is only available using http anyways..." then the server is set up wrong.
The ONLY port that a properly-configured Exchange 2003 server needs for RPC
over HTTPS is port 443. I **never** open port 80 to an Exchange server.

Just my two cents!

Gregg