How to configure "RPC over HTTP" for DCOM communication in Windows 2003


Background

RPC-over-HTTP enables client programs to use the Internet to execute procedures provided by server programs on distant networks. RPC over HTTP tunnels its calls through an established HTTP port. Thus, its calls can cross network firewalls on both the client and server networks.

RPC over HTTP routes its calls to the RPC proxy located on the RPC server's network. The RPC Proxy establishes and maintains a connection to the RPC server. It serves as a proxy, dispatching remote procedure calls to the RPC server and sending the server's replies back across the Internet to the client application.

Environment

In this document, we only use two Windows 2003 servers. One is for DCOM client side, the other is for DCOM server side.

Part 1 - Configure COM Internet Services (CIS) on the Server Side

CIS Preconditions

·         Do not install CIS on a computer that is running Microsoft Proxy Server. 

·         Do not enable TCP/IP filtering on TCP ports on the server computer. 

·         If the CIS server is behind a firewall, only open port 80 in the firewall for TCP protocol. 

·         Do not apply the DCOMCNFG settings to configure the dynamic port ranges to Tunneling TCP/IP. 

Configure RPC proxy

1.       Install IIS at first, please refer to Install IIS

2.       In Control Panel, click Add or Remove Programs , and then click Add/Remove Windows Components . 

3.       In the Windows Components Wizard, select the Networking Services check box, and then click Details . 

4.       Select the RPC over HTTP Proxy check box, and then click OK to exit the Windows Components Wizard. 

 

5.       When finish, a Rpc virtual directory will be created automatically under "Default Web Site". Please try to browse http://localhost/Rpc/RpcProxy.dll to see if it works well. You should see a blank page if it works.

 

6.       Open regedit, locate HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy, add a DWORD value of AllowAnonymous and set it to 1

Enable network COM+ access

1.       In Control Panel, double-click Add or Remove Programs.

2.       Click Add/Remove Windows Components.

3.       In the Components list box, click Application Server, and then click Details.

4.       In the Subcomponents of Application Server box, click Enable network COM+ access.

5.       Click OK to finish.

Enable CIS

1.       On the Start menu, click Run , and type DCOMCNFG . 

2.       Expand Component Services->Computers, right click My Computer and select Properties

3.       On the Default Properties tab, select the Enable COM Internet Services on this computer check box. 

4.       On the Default Protocols tab, click Add . 

1.       In the resultant dialog box, click Tunneling TCP/IP , and then click OK .  Remove any protocols that are not used. Move Tunneling TCP/IP to the top of the list to avoid any activation delays due to protocol negotiation. (If you have multiple protocols configured, DCOM tries to use them in the order in which they appear in this list.)

5.       Click OK to close DCOMCNFG. 

6.       Restart the system so that the changes take effect. 

Part 2 - Configure COM Internet Services (CIS) on the client side

Enable network COM+ access

1.       In Control Panel, double-click Add or Remove Programs.

2.       Click Add/Remove Windows Components.

3.       In the Components list box, click Application Server, and then click Details.

4.       In the Subcomponents of Application Server box, click Enable network COM+ access.

5.       Click OK to finish.

Enable CIS

2.       On the Start menu, click Run , and type DCOMCNFG . 

3.       Expand Component Services->Computers, right click My Computer and select Properties 

4.       On the Default Protocols tab, click Add . 

5.       In the resultant dialog box, click Tunneling TCP/IP , and then click OK .  Remove any protocols that are not used. Move Tunneling TCP/IP to the top of the list to avoid any activation delays due to protocol negotiation. (If you have multiple protocols configured, DCOM tries to use them in the order in which they appear in this list.)

6.       Click OK to close DCOMCNFG. 

7.       Restart the system so that the changes take effect. 

8.       Make sure there's no proxy configuration in IE, please refer to the picture

 

 Then run RPCPing tool to confirm if Tunneling TCP/IP works well. The command line should be rpcping.exe -t ncacn_http -s <DCOMServer>

The below picture is successful result

Configure proxy for DCOM communication

1.       Open IE, specify the proxy server in Internet Options. The address is the name of DCOM server(same as Rpc Proxy server in this case), port number is 80.

2.       Export HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings registry keys

3.       Import "ProxyEnabled" and "ProxyServer" to HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings, then the registry setting looks like below

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)"

"IE5_UA_Backup_Flag"="5.0"

"NoNetAutodial"=dword:00000000

"MigrateProxy"=dword:00000000

"EnableNegotiate"=dword:00000001

"ProxyEnable"=dword:00000001

"ProxyServer"="2k3-comtest1:80"

4.       Import "Connections" to HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections, the registry setting looks like below

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

"DefaultConnectionSettings"=hex:3c,00,00,00,03,00,00,00,03,00,00,00,0f,00,00,\

  00,32,6b,33,2d,63,6f,6d,74,65,73,74,31,3a,38,30,00,00,00,00,00,00,00,00,00,\

  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

  00,00

"SavedLegacySettings"=hex:3c,00,00,00,07,00,00,00,03,00,00,00,0f,00,00,00,32,\

  6b,33,2d,63,6f,6d,74,65,73,74,31,3a,38,30,00,00,00,00,00,00,00,00,00,00,00,\

  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

5.       Restart the system so that the changes take effect

Part 3 - Run DCOMTest tool to confirm if it works well

Please follow http://support.microsoft.com/kb/259011 to do the test

References

Using HTTP as an RPC Transport

http://msdn.microsoft.com/en-us/library/aa379169(VS.85).aspx

Description of the RPC over HTTP feature and the AllowAnonymous registry entry in Windows Server 2003

http://support.microsoft.com/kb/833003

How To Configure COM Internet Services (CIS) on the Server Side

http://support.microsoft.com/kb/282261

How to configure COM Internet Services (CIS) on the client side

http://support.microsoft.com/kb/265340

How to Remove COM Internet Services (CIS) and RPC over HTTP Proxy Support

http://support.microsoft.com/kb/825819

 

Regards,

Zhixing Lv

 

Comments (1)

  1. Arun says:

    I am trying to run through these steps on Windows Server 2008, "RPC over HTTP proxy" installs fine but I am unable to browse it in IIS get error 500.19. Please suggest

Skip to main content