System Requirements for RPC over HTTP on Exchange Server 2003
To use RPC over HTTP, you must run Microsoft® Windows Server™ 2003 on the following computers:
All Exchange Server 2003 servers that Microsoft Office Outlook® 2003 clients will access using RPC over HTTP, such as mailbox servers and public folder servers.
All Exchange Server 2003 front-end servers that act as RPC proxy servers.
All global catalog servers that Outlook 2003 clients and Exchange Server 2003 servers (that are configured to use RPC over HTTP) use.
These servers must be able to use the updated RPC protocol that makes RPC over HTTP possible. Windows Server 2003 and later versions have a version of the DLL rpcrt4.dll that can understand the updated RPC protocol. Even though the client computer does not access the global catalog server directly, the RPC request from the client computer does not change as it passes from the client computer to the Exchange servers and then to the global catalog server. The global catalog server must be able to use the updated RPC protocol that the client computer uses.
You must install Exchange Server 2003 on all Exchange servers that the RPC proxy server uses.
All client computers that run Outlook 2003 must have either Windows Server 2003, or Microsoft Windows® XP Service Pack 1 (SP1) installed with the following update: "Windows XP Patch: RPC Updates Needed for Exchange Server 2003."
This update is included in the SP2 version of Windows XP, so you do not have to install the update if you are running on Windows XP SP2.
Also, it is recommended that you do the following when you use RPC over HTTP communication:
Use Secure Sockets Layer (SSL) encryption. SSL is required by the RPC proxy server for all client-to-server communication and the server's SSL certificate must be valid and trusted by the client. Outlook will not connect if the certificate is invalid or not trusted.
Choose the correct client authentication method. Basic authentication over SSL is firewall-independent and can be used regardless of firewall configuration. NTLM authentication can sometimes be used, depending on how the firewall handles SSL traffic. NTLM is more secure and NTLM can use the current Microsoft Windows operating system logon information.
If the firewall does not add a via: pragma to the HTTP header information, NTLM can be used. If the firewall does add a via: pragma (as many reverse proxies do), IIS will not allow NTLM authentication.
Use an advanced firewall server in front of the Exchange front-end server in the perimeter network. It is recommended that you use a dedicated firewall server such as Microsoft Internet Security and Acceleration (ISA) Server 2004 to help secure your messaging environment. For information about how to use ISA Server 2004 with Exchange, see the Exchange online book, Using ISA Server 2004 with Exchange Server 2003 (http://go.microsoft.com/fwlink/?LinkId=42243).