Junction configuration
To use WebSEAL as a reverse proxy for RPC over HTTP requests between Outlook and Exchange, we must use a transparent path junction or a virtual host junction. When issuing an RPC over HTTP request, the Outlook client tries to access the URI /rpc/rpcproxy.dll on the junctioned IIS server configured to communicate with the Exchange server.
To authenticate the user to WebSEAL and the Exchange server, use the -b ignore parameter when creating the junction. This parameter ensures the BA header used by WebSEAL for authentication is also used to authenticate to the IIS server that communicates with the Exchange server. For more details, see Authentication limitations.
Use an SSL junction for this configuration; Outlook does not support HTTP when using BA authentication.
Transparent path junctions
The following command illustrates how to create a transparent path junction:
server task instance_name-webseald-host_name create-t ssl -h exchange_host -p exchange_port -b ignore -x /rpc
where:
- instance-webseald-host
- Full server name of the installed WebSEAL instance. Specify in the exact format as displayed in the output of the server list command.
- exchange_host
- DNS host name or IP address of the Exchange server.
- exchange_port
- Specifies the TCP port of the Exchange server. The default value is 80 for TCP junctions and 443 for SSL junctions.
Virtual host junctions
The following command illustrates how to create a virtual host junction:
server task instance-webseald-host virtualhost create-t ssl -h exchange_host -p exchange_port -v virtual_host -b ignore exchange
where:
- instance-webseald-host
- Full server name of the installed WebSEAL instance. Specify in the exact format as displayed in the output of the server list command.
- exchange_host
- DNS host name or IP address of the Exchange server.
- exchange_port
- Specifies the TCP port of the Exchange server. The default value is 80 for TCP junctions and 443 for SSL junctions.
- virtual_host
- Value of the Host header of the request sent to the Exchange server.
Parent topic: Microsoft RPC over HTTP
Related concepts
- RPC over HTTP support in WebSEAL
- POP configuration
- Authentication limitations
- Timeout considerations
- WebSEAL server log errors
- Worker thread consideration