How to configure "RPC over HTTP" for DCOM communication in Windows 2003
Background
RPC-over-HTTP enables client programs to use the Internet to execute procedures provided by server programs on distant networks. RPC over HTTP tunnels its calls through an established HTTP port. Thus, its calls can cross network firewalls on both the client and server networks.
RPC over HTTP routes its calls to the RPC proxy located on the RPC server's network. The RPC Proxy establishes and maintains a connection to the RPC server. It serves as a proxy, dispatching remote procedure calls to the RPC server and sending the server's replies back across the Internet to the client application.
Environment
In this document, we only use two Windows 2003 servers. One is for DCOM client side, the other is for DCOM server side.
Part 1 - Configure COM Internet Services (CIS) on the Server Side
CIS Preconditions
· Do not install CIS on a computer that is running Microsoft Proxy Server.
· Do not enable TCP/IP filtering on TCP ports on the server computer.
· If the CIS server is behind a firewall, only open port 80 in the firewall for TCP protocol.
· Do not apply the DCOMCNFG settings to configure the dynamic port ranges to Tunneling TCP/IP.
Configure RPC proxy
1. Install IIS at first, please refer to Install IIS
2. In Control Panel, click Add or Remove Programs , and then click Add/Remove Windows Components .
3. In the Windows Components Wizard, select the Networking Services check box, and then click Details .
4. Select the RPC over HTTP Proxy check box, and then click OK to exit the Windows Components Wizard.
5. When finish, a Rpc virtual directory will be created automatically under "Default Web Site". Please try to browse https://localhost/Rpc/RpcProxy.dll to see if it works well. You should see a blank page if it works.
6. Open regedit, locate HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy, add a DWORD value of AllowAnonymous and set it to 1
Enable network COM+ access
1. In Control Panel, double-click Add or Remove Programs.
2. Click Add/Remove Windows Components.
3. In the Components list box, click Application Server, and then click Details.
4. In the Subcomponents of Application Server box, click Enable network COM+ access.
5. Click OK to finish.
Enable CIS
1. On the Start menu, click Run , and type DCOMCNFG .
2. Expand Component Services->Computers, right click My Computer and select Properties
3. On the Default Properties tab, select the Enable COM Internet Services on this computer check box.
4. On the Default Protocols tab, click Add .
1. In the resultant dialog box, click Tunneling TCP/IP , and then click OK . Remove any protocols that are not used. Move Tunneling TCP/IP to the top of the list to avoid any activation delays due to protocol negotiation. (If you have multiple protocols configured, DCOM tries to use them in the order in which they appear in this list.)
5. Click OK to close DCOMCNFG.
6. Restart the system so that the changes take effect.
Part 2 - Configure COM Internet Services (CIS) on the client side
Enable network COM+ access
1. In Control Panel, double-click Add or Remove Programs.
2. Click Add/Remove Windows Components.
3. In the Components list box, click Application Server, and then click Details.
4. In the Subcomponents of Application Server box, click Enable network COM+ access.
5. Click OK to finish.
Enable CIS
2. On the Start menu, click Run , and type DCOMCNFG .
3. Expand Component Services->Computers, right click My Computer and select Properties
4. On the Default Protocols tab, click Add .
5. In the resultant dialog box, click Tunneling TCP/IP , and then click OK . Remove any protocols that are not used. Move Tunneling TCP/IP to the top of the list to avoid any activation delays due to protocol negotiation. (If you have multiple protocols configured, DCOM tries to use them in the order in which they appear in this list.)
6. Click OK to close DCOMCNFG.
7. Restart the system so that the changes take effect.
8. Make sure there's no proxy configuration in IE, please refer to the picture
Then run RPCPing tool to confirm if Tunneling TCP/IP works well. The command line should be rpcping.exe -t ncacn_http -s <DCOMServer>
The below picture is successful result
Configure proxy for DCOM communication
1. Open IE, specify the proxy server in Internet Options. The address is the name of DCOM server(same as Rpc Proxy server in this case), port number is 80.
2. Export HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings registry keys
3. Import "ProxyEnabled" and "ProxyServer" to HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings, then the registry setting looks like below
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
"IE5_UA_Backup_Flag"="5.0"
"NoNetAutodial"=dword:00000000
"MigrateProxy"=dword:00000000
"EnableNegotiate"=dword:00000001
"ProxyEnable"=dword:00000001
"ProxyServer"="2k3-comtest1:80"
4. Import "Connections" to HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections, the registry setting looks like below
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,03,00,00,00,03,00,00,00,0f,00,00,\
00,32,6b,33,2d,63,6f,6d,74,65,73,74,31,3a,38,30,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00
"SavedLegacySettings"=hex:3c,00,00,00,07,00,00,00,03,00,00,00,0f,00,00,00,32,\
6b,33,2d,63,6f,6d,74,65,73,74,31,3a,38,30,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
5. Restart the system so that the changes take effect
Part 3 - Run DCOMTest tool to confirm if it works well
Please follow https://support.microsoft.com/kb/259011 to do the test
References
Using HTTP as an RPC Transport
https://msdn.microsoft.com/en-us/library/aa379169(VS.85).aspx
Description of the RPC over HTTP feature and the AllowAnonymous registry entry in Windows Server 2003
https://support.microsoft.com/kb/833003
How To Configure COM Internet Services (CIS) on the Server Side
https://support.microsoft.com/kb/282261
How to configure COM Internet Services (CIS) on the client side
https://support.microsoft.com/kb/265340
How to Remove COM Internet Services (CIS) and RPC over HTTP Proxy Support
https://support.microsoft.com/kb/825819
Regards,
Zhixing Lv