Outlook Anywhere with workgroup machine

[mellimik]

----- Post Nº 1 -----

Has anyone been able to setup Outlook to use RPC over HTTP in non-domain (workgroup) machine?

I'm rolling Outlook Anywhere with Exchange 2007 to our remote offices and some of those employees are using a machine that has not been joined into our domain. My own tests implicate that it is not possible for some reason.

----- Post Nº 2 -----

I actually got an Outlook client using Workgroup networking to work with RPC over HTTPS, but the Outlook client refuses to authenticate before the user has logged in at least once using Outlook Web Access.. It's weird and sounds stupid, but it's the truth. Outlook is able to connect using HTTPS as soon as the user opens OWA at least once.

I cannot explain that nor does it make any sense to me, but I have to include that in the documentation

Edited March 30, 2008 by Yzöwl
Posts merged, no need to reply to yourself

[cluberti]

Are you using the same certificate for OWA that you use for RPC over HTTPS?

[mellimik]

Are you using the same certificate for OWA that you use for RPC over HTTPS?

Hey, thanks for reply! Uum, no. I have different web listener for OWA and RPC over HTTP, so they have their own certificate as well. The certificate has been granted with the FQDN of the web listener, so the local host name is not mentioned in it.

Why do you ask, should they use the same certificate?

[cluberti]

Why do you ask, should they use the same certificate?

Actually, they shouldn't . I'm not sure about the OWA logon before RPC over HTTPS, but it could have something to do with creating the kerb token in the AD for the user before they can use the RPC proxy to use the mailbox. I'm not sure on it, but I think it's a valid educated guess.

[mellimik]

Actually, they shouldn't . I'm not sure about the OWA logon before RPC over HTTPS, but it could have something to do with creating the kerb token in the AD for the user before they can use the RPC proxy to use the mailbox. I'm not sure on it, but I think it's a valid educated guess.

Actually, you make a whole lot of sense when I think about it. I was reading this yesterday:

http://www.msexchange.org/tutorials/outlookrpchttp.html

t is important to note that you must create the Outlook 2003 profile while the Outlook 2003 computer is on the internal network, or while the Outlook 2003 computer is on the Internet and can access the Exchange Server using RPC (TCP 135 – typically through an ISA Server 2000 secure Exchange RPC Publishing rule). You will not be able to create a new profile or change an existing profile to use RPC over HTTP if is does not have access to the Exchange Server via RPC (TCP 135).

This bears repeating: you will not be able to create a new Outlook profile when the Outlook client is not on the internal network and can access the Exchange Server using RPC via TCP 135. In addition, a user with an existing profile will not be able to alter the existing profile so that it can use RPC over HTTP if that client is not located on the internal network and can access the Exchange Server using TCP 135. The Outlook 2003 profile must be configured to use RPC over HTTP while that machine is connected to the internal network and can access the Exchange Server via TCP port 135.

I think you can go around that by using that OWA login "trick".

Edited April 1, 2008 by mellimik