How to Configure the RPC Proxy Server to Allow for SSL Offloading on a Separate Server


This topic explains how to configure the RPC proxy server to allow for Secure Sockets Layer (SSL) offloading on a separate server. SSL offloading occurs when you use a server other than the RPC proxy server to handle your SSL encryption and decryption. For example, if the firewall in front of the RPC proxy server handles the SSL encryption and decryption, terminates the SSL session and then establishes a new non-SSL session to the RPC proxy server, you are using SSL offloading. If you use SSL offloading, you must set a special registry setting on the RPC proxy server.

Before You Begin

To successfully complete the procedure in this topic, confirm that you have configured your authentication correctly.


In Exchange Server 2003 SP1, authentication for RPC over HTTP on an RPC proxy server is configured automatically.

This topic contains information about editing the registry.


Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.


To configure the RPC proxy server to allow for SSL offloading on a separate server

  1. On the RPC proxy server, start Registry Editor (Regedit).

  2. In the console tree, locate the following registry key:


  3. Create a DWORD value with the name AllowAnonymous.

  4. Right-click the AllowAnonymous DWORD value, and select Modify.

  5. In the Value data field, enter 1.


    On the RPC virtual directory security settings in Internet Information Services (IIS), under Authentication methods, verify that the check box next to Enable anonymous access is cleared.

  6. Restart the World Wide Web Publishing Service (W3SVC) in the services snap-in to Microsoft Management Console (MMC).

For More Information

For more information, see: