| Home | Kaiming |
Client/server
Server: Exchange
Client: Outlook
Communication protocol: RPC (Remote Procedure Call)—Inter-process procedure call
The RPC Endpoint Mapper is listening on port 135. All RPC client programs access TCP 135 first. The RPC server allocates a dynamic port for subsequent communications.
Firewall at EXCHANGE server side
Port number/transport |
Protocol |
135/TCP |
RPC port endpoint mapper |
1024+/TCP |
Random service ports |
The firewall must have created a primary connection on TCP 135, and then secondary connections inbound and outbound to and from all ephemeral ports. These secondary connections are part of the same "connection bundle" and are part of the application layer session established by the primary connection.
Before outlook 2003, the remote users have to create VPN tunnels to corporate network and then access their mailboxes on Exchange sever by RPC. Even though a VPN is no longer required for an Outlook 2003 user (that means if your firewall opens the RPC ports, Outlook 2003 can connect to your exchange server remotely, as long as your Exchange server name can be fully resolved), opening the necessary RPC ports between the client and the server is considered a security risk.
You could set up VPN for your outlook 2003 clients. The VPN allows the clients access more resources than simply Exchange server.
The best solution is through RPC over HTTP for remote users.
In a local area network (LAN), Outlook communicates with Exchange servers using direct network (TCP/IP) access, also known as RPC over TCP/IP. This method provides quick, efficient access to a corporate network.
RPC over HTTP
Mail.nifcs.org maps to 24.244.48.219, which is nifcs router’s IP.
Main-nifcs.nifcs.org is the name of Exchange server 2007, which is behind the router/firewall.
The following combination makes sure the user name and its password will be remembered.
msstd:main-nifcs.nifcs.org
NTLM Authentication
You must configure Exchange 2007 outlook anywhere to use NTLM Authentication.
If basic authentication is selected, login prompt shows each time you open outlook.
With MAPI/RPC, from Outlook, you can control all aspects of your mailbox, which locates in server.