Data Centers

Step-by-Step: Configure Exchange RPC Server to work through ISA Server

RPC Server setup will allow Outlook 2003 clients to connect to your Exchange Server securely over the Internet, but an ISA server will get in the way unless you follow these steps.


Exchange RPC Server is a feature within Exchange 2003 Server that allows Outlook 2003 users to connect to the server securely. Obviously, by now most network administrators have placed their Exchange 2003 servers behind a firewall to increase security. Thus, to facilitate a user's connection, you have two options for allowing the Exchange RPC Server feature to work through a proxy server/firewall product such as Microsoft's Internet Security and Acceleration (ISA) Server:
  • Publish your entire default Web site in IIS 6.0 through the ISA Server.
  • Only publish the Exchange RPC Server component through the ISA Server.

So, to help with either process, this article will demonstrate how to configure each option.

Publish the entire default Web site
Publishing your entire default Web site through an ISA server requires less setup than individually configuring each feature or virtual directory that you need access to externally. It works for the Exchange RPC Server feature because clients connect using only port 80 or 443 (SSL). Keep in mind, however, that this configuration is less secure because it opens your entire Web site to the Internet.

When you publish all or part of your Web site, you're creating a Web publishing rule. To create a Web publishing rule for an entire Web site, you'll need to perform the following steps:

1. Access the ISA Management tool through the Start menu | All Programs | Microsoft ISA Server. The ISA Management console appears, as shown in Figure A.

Figure A


Note
If the branches in the Servers and Arrays tree in the left pane are not fully expanded, click the plus sign preceding the Servers and Arrays tree and then click the plus sign preceding the name of the server.

2. Open the Web Publishing Rules folder under the Publishing branch in the left pane. The Publish Web Servers screen appears in the right pane, as shown in Figure B.

Figure B


3. Click the Create A Web Publishing Rule link on the Publish Web Servers screen. You'll then see the New Web Publishing Rule Wizard, as shown in Figure C.

Figure C


4. Type a name for the Web publishing rule in the Web Publishing Rule Name text box, and click Next. You'll see the Destination Sets screen, shown in Figure D, will be displayed.

Figure D


5. Choose All Destinations in the Apply This Rule To list box, and click Next to summon the Client Type screen, shown in Figure E.

Figure E


6. Choose the Any Request radio button and click Next. The Rule Action screen appears, as shown in Figure F.

Figure F


7. Choose the Redirect The Request To This Internal Web Server radio button, and type the name of the internal Web server to which traffic will be redirected.

8. Place a check in Send The Original Host Header To Publishing Server Instead Of The Actual One check box, and click Next. You'll see the final screen of the New Web Publishing Rule Wizard, as shown in Figure G.

Figure G


9. Click the Finish button. The Web publishing rule is created and appears on the Publish Web Servers screen.

Publish only the Exchange RPC Server
Publishing only the features external users will need to access, such as the Exchange RPC Server, is much more secure. To publish the Exchange RPC Server, you'll create a server publishing rule. To create such a rule for the Exchange RPC Server feature, follow these steps:

1. Access the ISA Management tool through the Start menu | All Programs | Microsoft ISA Server.

2. Open the Server Publishing Rules folder under the Publishing branch in the left pane. The Publish Servers screen appears in the right pane, as shown in Figure H.

Figure H


3. Click the Publish A Server link on the Publish Servers screen. The New Server Publishing Rule Wizard appears, as shown in Figure I.

Figure I


4. Type a name in the Server Publishing Rule Name, and then click Next. You'll see the Address Mapping screen shown in Figure J.

Figure J


5. Type the IP address for the Exchange RPC Server (an Exchange Server or Exchange Front-End Server) in the IP Address Of Internal Server field.

6. Type the external IP address for the ISA Server in the External IP Address On ISA Server field, and then click Next. The Protocol Settings screen, shown in Figure K, is displayed.

Figure K


7. Choose Exchange RPC Server from the Apply The Rule To This Protocol drop-down list, and click Next. You'll then see the Client Type screen shown in Figure L.

Figure L


8. Choose the Any Request radio button and click Next. The final screen of the New Server Publishing Rule Wizard will be displayed, as shown in Figure M.

Figure M


9. Click the Finish button. The server publishing rule is created and appears on the Publish Servers screen.

To test either configuration from an external client, use the same procedure outlined in my earlier article "Step-by-Step: Set up the Outlook 2003 Client for Exchange RPC Server."

Secure E-mail Server
On a final note, ISA Server 2000 has a feature called Secure E-mail Server. This feature allows you to tighten security for Exchange Server access. Unfortunately, this feature will also prohibit you from accessing the Exchange RPC Server feature, so don't use it in this scenario.

Editor's Picks