We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How to Enable RPC over HTTP Connectivity

  • Last updated on

 

This article refers to Barracuda Message Archiver firmware 5.2 or higher, and Microsoft Exchange Server 2013 and higher.

The RPC over HTTP (RoH), also known as Outlook Anywhere, connection may be required with earlier versions of Exchange Server if the Barracuda Message Archiver cannot reach the Exchange Server directly, for example, if the Exchange Server and Barracuda Message Archiver are installed in different locations.

RoH must bind to your email service account; for details on setting up an email service account, refer to Creating an Email Service Account.

Certificate Verification

SSL (HTTPS) must be enabled on the RoH proxy server. When a self-signed SSL/TLS certificate is detected on the RPC proxy server used for Exchange integration, you are prompted to verify the certificate using the SHA-1 fingerprint. Use the following steps to access the SHA-1 fingerprint:

  1. In a browser, open the website of your Outlook Web Access (OWA) installation.
  2. Click the lock next to the address bar, and then click View certificate.
  3. The SHA-1 is listed; copy and paste the fingerprint into the verification dialog in the Barracuda Message Archiver web interface.

Note that the RoH proxy server must be using a trusted, third-party certificate. If you have questions, or have the need to use privately signed certificates, contact Barracuda Networks Technical Support.

If you are already using NTLM authentication in your environment, you may want to set your RPC virtual directory to use NTLM authentication to avoid Outlook users being prompted for login information at each Outlook session. For additional information, see the Microsoft TechNet article RPC over HTTP Authentication and Security.

Enable RoH Capability

Use the following steps to enable RoH capability for Exchange integration:

  1. Log in to the Barracuda Message Archiver web interface.
  2. On the Mail Sources > Exchange Integration page, click Start New Action.
  3. Select an action, for example, Email Stubbing, and then click Add New Server.
  4. Enter the Exchange Server Configuration Name, Email Address, and associated Password in the provided fields.

  5. Click Autodiscover; when the details display, click Save to add it to the Server table and automatically configure RoH for Exchange 2013. If Autodiscover cannot identify your settings, click Configure Manually, and complete the following steps:

    1. Enter a Configuration Name, the Exchange Hostname, and associated Email Address and Password in the provided fields.

      Exchange Server Details

      Enter either your mailbox server hostname or your Exchange RPC Endpoint. For Exchange Server 2013, you can also use the mailbox ID@domain format, for example:

      d66ba-e2g8-48fb-9300-f64d01c52f2b@company.com

      Important: This format is required for hosted Exchange 2013 providers.

      For more information, refer to the Microsoft TechNet article What's New in Exchange 2013.


    2. Click Advanced Options.

    3. Enter the hostname of the proxy server that provides RoH connectivity in the Proxy Server field, and click Save.

      Hosted Providers
      If you are connecting to a hosted Exchange provider, the configuration provided by your vendor may not include all details necessary for the Barracuda Message Archiver. To determine the correct mailbox and RoH proxy servers, you can confirm your details using Microsoft's Exchange Connectivity Test site. For more information, refer to the Troubleshooting section below.

      Exchange Configuration Testing

      For information on testing your Exchange configuration using tools available from Microsoft, refer to the Troubleshooting section below. These tools will help confirm that details such as the required SSL certificates and correct server name/Exchange instance name and RoH proxy are being used.

      Verify that SSL (HTTPS) is enabled on the RoH proxy server; both are enabled by default. The RoH proxy server must be using a trusted, third-party certificate. If you have questions, contact Barracuda Networks Technical Support.

  6. Follow the onscreen directions to set up the selected action.

Note that if you have a scheduled action in the table you can also enable RoH using the following steps:

  1. Click Edit in the Scheduled Actions table, and go to the Select Server page.
  2. Click Edit following the server name, and click Advanced Options in the Edit Server page.
  3. Enter the Proxy Server, Click Save, click Continue twice, and then click Submit.

Confirm RoH is Available

Use the following steps to confirm RoH is available to the Barracuda Message Archiver by testing through your web browser:

  1. Enter the Exchange CAS Server in a browser window in the form https://<CAS>/rpc, for example, https://RoH server address/rpc

    https://RoH server address/rpc/RpcProxy.dll may be necessary.

     

  2. Your browser should indicate that the RoH proxy's SSL certificate is trusted.
  3. You should be challenged for your credentials by the browser; enter the Barracuda Message Archiver service account credentials.

  4. Your credentials should be accepted, and you should see a blank page, be redirected to a different site, or receive an HTTP 503 error. This is expected. You should not encounter any other HTTP errors.

Troubleshooting

Use this section to test your Exchange configuration.

Test Remote Connectivity

Use Microsoft's Remote Connectivity Analyzer to test connectivity set up criteria, for example:

  • Test whether Exchange Server is providing RoH
  • Verify proper certificate chain is loaded

For example, from the Exchange Server tab you can test your Exchange Server RoH configuration, and from the Client tab you can download a standalone test client to your local workstation.

The remote connectivity tool is available from the Microsoft website: https://testconnectivity.microsoft.com/

Test RoH Connectivity using Outlook

Use the following steps to verify your RoH configuration:

  1. Go to the Mail applet in the Outlook Control Panel; the exact appearance of the Mail applet varies depending on your version of Windows and Outlook:
  2. Click Show Profiles:
    ROH01.png
  3. Click Add to create a temporary profile. Enter the Profile Name:
    ROH02.png
  4. Click OK. In the Add Account page, select Manual setup or additional server types:

    Do not attempt to automatically configure this profile.

  5. Click Next. Select Microsoft Exchange Server or compatible service:
    ROH03.png
  6. Click Next. Enter the Exchange Server hostname in the Server field, and enter the Barracuda Message Archiver service account name in the User Name field:
  7. Click More Settings. In the Microsoft Exchange dialog box, click the Connection tab, and turn on Connect to Microsoft Exchange using HTTP:

    Depending on the version of Outlook you are running, warning messages may display alerting you to Exchange Server connection issues; this is expected as RoH is not yet configured. You can ignore these error messages at this step in the process.

    ROH04.png

  8. Click Exchange Proxy Settings. In the Microsoft Exchange Proxy Settings dialog box, complete the following:
    • Enter the RoH proxy server hostname in the https:// field.
    • Turn on Connect using SSL only.
  9. Click OK to save your RoH configuration, and then click OK to close the Microsoft Exchange dialog box.
  10. In the Add Account dialog box, click Check Name. You should be challenged for your credentials. Enter the Barracuda message Archiver service account credentials. You should be able to authenticate, and the username that you entered in the Add Account dialog should resolve successfully.
  11. Click Cancel in the dialog box to remove the temporary Outlook profile. If a message displays asking if you want to create a profile without any email account, click Cancel.
Last updated on