From: Everett, WA
Good afternoon all,
I finally have to turn to the boards once again, and hopefully this time I won't end up with an ID10t error. We recently installed a clustered Exchange 2003 solution, along with a front end server (WHICH IS ON A DIFFERENT TRUSTED SUBNET THAN BOTH THE CLUSTER AND CURRENT EXCHANGE SERVERS), which is up and running great. We have another server that our mailboxes are on, but before I can migrate the mailboxes, I need to ensure that RPC over HTTP is running. It would be nice if we could do this seamlessly as well, and here's what I've gotten done so far:
mail.domain.com used to point to my single Exchange box, and I had forms based auth and RPC/HTTP configured and running great. After putting in the cluster and FE server, I configure the FE server as the new point of entry (as well as bridgehead) for OWA with FBA and RPC/HTTP. So externally, and internally now too (DNS changes) mail.domain.com points to my new FE server. Great. We also have a spam filter (Barracuda) that now points to the FE server and mail is flowing fine. I logged into an outside system, my own at home, and sure enough, I didn't even have to re-import the certificate and I was able to connect to the Exchange server over RPC/HTTP, previously configured. All good up to this point.
So I moved a couple of resource and test mailboxes to the cluster. I tried to connect RPC/HTTP to those accounts, and no go. I deleted my RPC/HTTP profile in Outlook 2007 and tried re-creating it, no go.
What I did to configure RPC/HTTP:
1. Installed RPC/HTTP on the FE server and removed it from the BE server.
2. Configured the FE as a FE RPC server and the BE as a BE RPC server through the system manager (server/specific server/properties/rpc-http)
3. Set up the registry for a FE/BE config such as:
4. Changed ports 80 and 443 to forward to NAT (external IP address > internal IP address of FE server) on our hardware firewall
5. Copy or Move a certificate from a remote server site to this site using the Server Certificate wizard. Moved the cert from the original RPC server that was issued by our internal CA that has worked without any problem. I am able to log in to my OWA server on any machine with our CA cert chain installed without being prompted for a cert.
6. Enabled SSL on the RPC virtual directory. Also set up the VD for NTLM auth.
7. Verified that I get a 401 when I try to go to https://mail.domain.com/rpc
When I try and set up RPC, I get the error "The connection to MS Exchange is unavailable". What I've done to troubleshoot:
1. Everything listed in this article:
2. Used rpcping utility as described here:
Though there were not too many great examples, I was able to successfully rpcping the server, but was having trouble getting all the way through to the backend ports
3. Gone through troubleshooting steps here:
After running RPCDump, I'm pretty sure it's right, but I've only seen the results you're supposed to see on the backend? What about the communication between the FE and BE? This is where I think the break down is. When I run a netstat, I don't see any open connections between the FE and the BE server on any ports
There is nothing being blocked between the two subnets, but it would be difficult to move this server out of that subnet at this point, as it serves other purposes there. I've verified this server's existence in "AD Sites & Services" as it was necessary to even get Exchange installed in the first place. Anyone with any ideas? I think I covered everything...