Protecting RPC over HTTPS with ISA 2004 – problems!


I was called today by a good friend and colleague who is an SBS MVP. He was having problems getting access to Exchange using RPC over HTTPS. This had been working until MS support got their hands on things whilst fixing a separate issue!

So what to do. Well firstly we scoured the web to find a simple step by step document on how to set this up. Whilst there are certainly many resources out there which all touch on the issue we frankly didn’t find anything which simply ran through from start to finish. (Note to self – I must write something along these lines!)

Anyway back to the issue. Whilst looking in the logging section we found that traffic was being blocked and was clearly not authenticating properly. OWA was working fine so the certificates and authentication in that area were fine. After a little bit of tinkering and setting the listener to force authentication things were no better. So at this point we decided to simply start from scratch and blow away the existing rule.

This done we went through the steps to create a Mail Publishing rule. Having completed the rule we tested OWA and found that still worked. So then we tested the RPC over HTTPS. Again. nothing!

At this point we were both a little confused as having set things up from scratch we both expected success. It was then that I had a thought and checked the Path tab of the rule seen below:

What I found was rather interesting. The /RPC/* entry (highlighted in the red box) was missing. Having added it as can be seen, everything worked fine!

What is strange about this is we literally wiped out all Mail Pulishing configuration and set it up from scratch. The fact that this entry didn’t get entered by default certainly surprised both of us.

Anyhow, hope this helps someone else in this situation, it certainly made me happy especially as I got it fixed in time to watch the second half of the Grand Prix qualifying!