Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RPC over HTTP frustration
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
RPC over HTTP frustration - 10.Dec.2004 8:35:00 PM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
I'm trying to set up some roving Outlook 2003 users and am having some problems.
When I set up outlook (inside the network) and then leave the network and try to start outlook I get the credentials popup and then outlook sits there and thinks for a hwile and then comes back and says that the exchange server is unavailable.
I run this command:
rpcping -t ncacn_http -s ExchangeServer -o RpcProxy=ProxyServer -P "username,domain,*" -I "username,domain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R HttpProxy
I get this error:
Response from server received: 401
Client is not authorized to ping RPC proxy
I'm running a single exchange server.
Any help would be greatly appreciated. Also, if more information is needed just let me know what you need.
GR
|
|
|
|
|
RE: RPC over HTTP frustration - 10.Dec.2004 9:43:00 PM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
More information:
I checked the box for mutually authenticate the session when connecting with SSL.
When I do this I still get the pop up asking for creditials but I enter username/password and the pop up just pops back up immediately.
If I run outlook /rpcdiag I get the pop up window asking for creditials that constatnly pops back up. In the Exchange Server Connection Status window I have the following 3 lines:
Server Name Type Interface Conn Status
--- Directory --- Connecting
FQDN Referral --- Connecting
FQDN Mail --- Connecting
I can enter my username/password for ever and it will just keep popping up.
I can go to https://mail.company.com/rpc and I get the expected error.
I'm at a loss, any help?
GR
|
|
|
|
RE: RPC over HTTP frustration - 11.Dec.2004 10:39:00 AM
|
|
|
Henrik Walther
Posts: 6835
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Do you authenticate with the format domain\username and password (or UPN)?
Also remember the client(s) needs to be trusting the SSL certificate before you can connect.
|
|
|
|
|
RE: RPC over HTTP frustration - 11.Dec.2004 6:44:00 PM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
quote:
Do you authenticate with the format domain\username and password (or UPN)?
Also remember the client(s) needs to be trusting the SSL certificate before you can connect.
I try both ways, both result in the same issue.
I can log into https://mail.company.com/owa with no issues, and just to be sure when I did log on to that I clicked the lock and imported the cert onto the machine.
This is a wildcard certificate that I am using. Not sure if that makes any difference.
Also, the --- on the directory is a big concern to me. I'm not even sure which machine it should be attempting to connect to.
Our network consists of a DomainController, a Fileserver and an Exchange server.
GR
|
|
|
|
|
RE: RPC over HTTP frustration - 19.Dec.2004 5:20:00 AM
|
|
|
aliahmed59
Posts: 11
Joined: 19.Dec.2004
From: Canada
Status: offline
|
Are you using a third party certificate of an internal MS certificate server. If you are configuring Outlook on RPC over HTTP externally that you need to download the root certificate server. If your certificate services are running on serverA then you can access that server by typing https://servera.domain.com/certsrv which will give you the option to download the CRL chain. Once you have downloaded the CRl chain certificate on that Outlook client machine you should be able to login without any problem if you have valid port keys entered correctly on the exchange server. You can check the registry entries are enterred correctly by doing a quick test. telnet exchangeservername 6001 , try with 6002 and 6004. If you get the reply means the port is listening.
|
|
|
|
|
RE: RPC over HTTP frustration - 19.Dec.2004 5:36:00 AM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
I'm using a 3rd party wildcard SSL certificate.
Is the address you provided, https://servera.company.com/certsrv only if it's a self generated certificate?
If not, is the certsrv part exactly what needs to be typed or does it need to be replaced?
GERob
|
|
|
|
|
RE: RPC over HTTP frustration - 19.Dec.2004 5:40:00 AM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
Also, I can't telnet into the exchange server with port 6001,2,4 because I don't have those ports open on my firewall.
It was my belief the only thing that needed to be open was 80 and 443.
GERob
|
|
|
|
RE: RPC over HTTP frustration - 21.Dec.2004 3:47:00 PM
|
|
|
BeTaCam
Posts: 420
Joined: 24.Feb.2003
From: India
Status: offline
|
Hi
1. Ensure you are using Exchange 2003 Sp#1
2. Mark the correct RPC Proxy FE and BE
3. Add the GC, Exchange for ports 6001,02,04
4. Please remove MSSTD as if you use a mutual auth, there is no mention that you have a valid trusted certificate for the user or in your registry hive.
5. Log off in the client and connect across
It will not prompt anymore.
HTH
BC
|
|
|
|
|
RE: RPC over HTTP frustration - 21.Dec.2004 6:25:00 PM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
quote:
Hi
1. Ensure you are using Exchange 2003 Sp#1
2. Mark the correct RPC Proxy FE and BE
3. Add the GC, Exchange for ports 6001,02,04
4. Please remove MSSTD as if you use a mutual auth, there is no mention that you have a valid trusted certificate for the user or in your registry hive.
5. Log off in the client and connect across
It will not prompt anymore.
HTH
BC
Thanks for your reply, questions below:
1. I am on SP#1 on Exchange and my Windows is also up to date.
2. I'm not sure what you mean by "marking". We have a single Exchange server so we don't have a FE and BE. On the single server we do have the rpc proxy up and running and I get the expected error when going to https://mail.company.com/rpc
3. I've added the 600# ports on the DomainController and the Exchange server. The fileserver (the only other server in my network) is not a domain controller, it's only a file share.
4. Okay, I've removed Mutual authentication.
5. Not sure what you mean by "log off in the client and then connect across" I think something got cut.
I've confirmed that in both my DC and EX server that we are set for 600# ports. I ran rpccfg /hr (or hd can't remember) and it shows the ports that are supposed to be used.
I can now with my current settings connect to the exchange server if I'm on my internal network but not if I'm outside of it.
When I run outlook with /rpcdiag I get the following connections:
I have 4 lines all servers are exchange.company.com (exchange server)
Two lines each for Directory and Mail
Directory is saying connection is TCP/IP and Mail is saying HTTPS.
GERob
|
|
|
|
|
RE: RPC over HTTP frustration - 28.Dec.2004 3:59:00 PM
|
|
|
Pantherfan
Posts: 75
Joined: 5.Jun.2003
From: Greensboro NC USA
Status: offline
|
You didnt say what OS version your GC/DC was for your exchange site. If your DC/GC residing in your exchange site are only windows 2000, you will have that exact problem. Upgrading to 2003 GC should resolve it.
I had the same problem, and all my GC's were upgraded except the one in the "site" my exchange server resided in (so my ad was 2003), and the problem was fixed once we upgraded that one. Apparently some calls that the exchange server makes for rpc over http require the gc to be 2003.
|
|
|
|
|
RE: RPC over HTTP frustration - 1.Jan.2005 2:29:00 AM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
Okay, I've done all that you've suggested Betacam and still no luck.
Here is a link to some screen shots that I took, perhaps that will help:
http://www.robuck.us/Exchange/Exchange.html
The connection status windows are in the order that they appear from the time I start to the time it comes up and says "Exchange Server not available".
Again, I can connect if I'm inside my lan and it says that it connects via TCP/IP when inside my lan.
All servers are up to date Win2k3, laptops are WinXP Pro.
Thanks for all the help.
Is there anything that I need to check on the EX or DC server?
GERob
|
|
|
|
|
RE: RPC over HTTP frustration - 12.Jan.2005 6:07:00 PM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
Okay I've got it working.
My network setup is a single DC(GC), single FS, single EX server.
One of my team had promoted the EX Server to a DC but did not promote it to a GC.
I knew the problem was in the communication between the outlook client and the GC because only the directory (in rpcdiag of outlook) was failing to connect via HTTPS.
So, I made the EX a GC and everything started working perfectly.
It's my belief that if the EX server is a DC it MUST be a GC as well. Or it has to be neither. I've not tested the 'neither' side though.
Thanks for all the help.
GERob
|
|
|
|
|
RE: RPC over HTTP frustration - 14.Jan.2005 7:53:00 AM
|
|
|
JonasBratt
Posts: 7
Joined: 30.Dec.2004
From: Sweden
Status: offline
|
Connecting through RPC over HTTP is only supported on Windows 2003 server, right?
Regards, Jonas
|
|
|
|
|
RE: RPC over HTTP frustration - 14.Jan.2005 8:10:00 AM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
Correct, only Win2003
GERob
|
|
|
|
|
RE: RPC over HTTP frustration - 17.Jan.2005 7:15:00 AM
|
|
|
loayo
Posts: 3
Joined: 17.Jan.2005
From: MD, USA
Status: offline
|
I believe I have the same problem posted here; however, I checked and found that GC is enabled.
Any insight ?
Again, I have 1 server that is a DC, GC, Exchange 2003 and RPC Proxy on a Windows 2003 Enterprise Server.
RPC Ping is successfull; however, the Outlook client is not. I have installed my certificated so OWA does not receive a prompt.
Any help is appreciated.
Regards,
Loayo
|
|
|
|
|
RE: RPC over HTTP frustration - 17.Jan.2005 7:20:00 AM
|
|
|
loayo
Posts: 3
Joined: 17.Jan.2005
From: MD, USA
Status: offline
|
More information:
I have installed the Exchange ActiveSync Notify Troubleshooter.
Upon attempting the test an account, I receive the following error:
***The remote server returned an error: (403) Forbidden. ***
Any help is appreciated.
Loayo
|
|
|
|
|
RE: RPC over HTTP frustration - 17.Jan.2005 7:34:00 AM
|
|
|
GERob
Posts: 12
Joined: 10.Dec.2004
From: Kansas
Status: offline
|
Is there a firewall inbetween your EX server and the net?
Did you do the registry editing to make sure the 6000 ports (1,2,4 I think) are configured correctly?
What does the outlook client say when you do the outlook /rpcdiag?
Can you screenshot the connection screens like I did above?
GERob
|
|
|
|
|
RE: RPC over HTTP frustration - 17.Jan.2005 4:58:00 PM
|
|
|
loayo
Posts: 3
Joined: 17.Jan.2005
From: MD, USA
Status: offline
|
I was able to get RPC working. It turned out that reinstalling RPC defaulted to different ports.
Right now the only issue is ActiveSync. It seems to give me a 403 error on the mobile terminal.
Regards,
Loayo
|
|
|
|
|
RE: RPC over HTTP frustration - 20.Jan.2005 3:57:00 PM
|
|
|
staylor
Posts: 8
Joined: 11.Jan.2005
From: On, Canada.
Status: offline
|
I'm getting this error too, I have windows 2003 server, with exchange server 2003. I have everything configured as per say. I can login use owa, but as soon as I try rpc http I get a prompt box then it comes up with "Server Unavailable", I
've followed all the steps to the T for setting up rpc http on a single server.
Any ideas?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: RPC over HTTP frustration - ![[Smile]](/image/smiles/smile.gif)
