How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server

 

This topic explains how to configure the RPC proxy server to allow for Secure Sockets Layer (SSL) offloading on a separate server. SSL offloading occurs when you use a server other than the RPC proxy server to handle your SSL encryption and decryption. For example, if the firewall in front of the RPC proxy server handles the SSL encryption and decryption, terminates the SSL session and then establishes a new non-SSL session to the RPC proxy server, you are using SSL offloading. If you use SSL offloading, you must set a special registry setting on the RPC proxy server.

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your authentication correctly.

Note

In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy server is configured automatically.

This topic contains information about editing the registry.

Warning

Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

Procedure

To configure the RPC proxy server to allow for SSL offloading on a separate server

1. On the RPC proxy server, start Registry Editor (Regedit).

2. In the console tree, locate the following registry key:

   HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

3. Create a DWORD value with the name AllowAnonymous.

4. Right-click the AllowAnonymous DWORD value, and select Modify.

5. In the Value data field, enter 1.

   Important

   On the RPC virtual directory security settings in Internet Information Services (IIS), under Authentication methods, verify that the check box next to Enable anonymous access is cleared.

6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to Microsoft Management Console (MMC).

For More Information

For more information, see:

• Microsoft Knowledge Base article 833003, "Description of the RPC over HTTP feature and the AllowAnonymous registry entry in Windows Server 2003" (https://go.microsoft.com/fwlink/?Linkid=3052&kbid=833003)

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-End/Back-End Scenario)

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1, No Front-End Server

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-End/Back-End Scenario

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, Front-End/Back-End Scenario, Back End on Global Catalog Server

• How to Deploy RPC over HTTP for the First Time on Exchange Server 2003, No Front-End Server