Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RPC over HTTP works great internally, but not externally???
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
RPC over HTTP works great internally, but not externall... - 10.Mar.2004 3:36:00 AM
|
|
|
Demo Dick
Posts: 29
Joined: 15.Apr.2003
From: Atlanta
Status: offline
|
Ok so I have RPC over HTTP installed on a single server. It works flawlessly inside the firewall.
When I try to connect from outside I recieve the prompt for my UN/PW & the send recieve details go to processing then they fail & I get this error.
Task 'Microsoft Exchange Server' reported error (0x8004011D) : 'The server is not available. Contact your administrator if this condition persists.'
We have a watchgaurd Firebox 4500 & I have set up NAT to forward all incoming requests from the external IP of the ssl address to the internal Exchange server. This works flawlessly for OWA over https
I took a peek in the firewall logs & it seems that it is letting the connection on port 443 come in. Every time I hit send / recieve I can watch the firewall logs fill up with entries to the proper IP, but to no avail.
If I connect this same client to the vpn & then try it prompts for password & connects first try.
Any thoughts?
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 10.Mar.2004 2:49:00 PM
|
|
|
Henrik Walther
Posts: 6835
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Try holding down CTRL while you rightclick the Outlook icon in the systray, then choose Connection Status. What does the box tell you here ?
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 10.Mar.2004 3:43:00 PM
|
|
|
Demo Dick
Posts: 29
Joined: 15.Apr.2003
From: Atlanta
Status: offline
|
I get two messages
one has no server name , type = directory, interface = blank, conn blank, status = connecting.
The next is the FQDN of my mail server as on my certificate, type=referral,interface=HTTPS, Status=connecting
eventually I will see the same activity for my DC/GC
Not sure what is wrong, but, I am using the same certificate that I use for my OWA over https. could this be my problem?
my mail server is mail.domain.com, but my ssl certificate is owa.domain.com my ssl certificate points to an external ip that routes only 443 to the internal ip of the mail server
Does my certificate for RPC/https need to be the same as my fqdn for my mail server?
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 10.Mar.2004 6:37:00 PM
|
|
|
Demo Dick
Posts: 29
Joined: 15.Apr.2003
From: Atlanta
Status: offline
|
I am now getting this message in event viewer on the exchange box.
The following ValidPorts registry key could not be parsed: mail:593; mail.domain.com:593; mail:6001-6002; mail.domain.com:6001-6002; mail:6004; mail.domain.com:6004;dc:593; dc.domain.com:593; dc:6004; dc.domain.com:6004; fs:593; fs.domain.com:593; fs:6004; fs.domain.com:6004; rd:593; rd.domain.com:593; rd:6004; rd.domain.com:6004 . The RPC Proxy cannot load. The ValidPorts registry key might have been configured incorrectly. User Action Verify that the ValidPorts registry value is set correctly. If the value is not correct, edit the registry key to reflect the correct value.
mail = exchange server
rd,dc,fs = gc/dc servers
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 10.Mar.2004 9:15:00 PM
|
|
|
Demo Dick
Posts: 29
Joined: 15.Apr.2003
From: Atlanta
Status: offline
|
Ok I got it working on one client, so I will post my fix incase anyone else has this problem.
Firs I removed one of one GC/DC server from the registry entry on the exchange server. This server was in an offsite location, so I thought it may just have been slowing things down.
This did not fix my problem, but I have not added it back since the following did fix it.
Second I ran the rpccfg /hd command & saw that one entry for my mail server seemed wrong
This was the reslut from rpccfg /hd
Server Name..................Port Settings
-----------------------------------------------
...dc...............................593 6004
...dc.domain.com ............593 6004
.. mail............................6001-6002 6004
...mail.domain.com..........593 6001-6002 6004
mail...............................593
This did not seem right having the extra line for mail with the 593 setting & it was indented oddly.
The only thing I changed was in the HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
registry setting I changed the order of the settings for the mail server to
mail.domain.com:593; mail:593; mail:6001-6002; mail.domain.com:6001-6002; mail:6004; mail.domain.com:6004;
basically only changing the order in which the first two settings were entered from what was in Henrik's writeup. I am not saying his writeup is not correct, without it I would have been lost on this install. I think maybe there was just sothing small I was missing & changing things around caught it.
Things seem to be working now.
[ March 10, 2004, 10:12 PM: Message edited by: Ron Whitling ]
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 22.Apr.2004 2:52:00 PM
|
|
|
maunder
Posts: 20
Joined: 22.Nov.2001
Status: offline
|
Hi guys,
I am fighting this issue right now. I can get rpc over http to work IF I connect the client to the LAN & configure Outlook. Then, I can dial up & rpc over http works.
What doesnt work for me is the following; I have an employee located in the UK (I am in Australia). She can run Outlook 2003 fine if VPN'ed in. So, I got her to make the Outlook rpc over http changes while VPN'ed. (to simulate being connected to the LAN).
But then when she disconnects from the LAN & runs Outlook over the dialup &/or broadband, rpc over http doesnt work!
She gets the authentication box but after entering her a/c & p/w she keeps seeing the "cant connect to exchange server" message. She clicks Retry but it immediately reappears & no matter how many times she clicks Retry, it just reappears immediately (as if it has no affect at all).
Any thoughts/feedback would be welcome. Its pretty difficult to tell her to fly home so I can connect her to the LAN for 30 secs:)
John
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 23.Apr.2004 3:17:00 PM
|
|
|
bbuerstinghaus
Posts: 122
Joined: 30.Mar.2004
From: Germany
Status: offline
|
Hi,
I`ve the same problem like "maunder".
have you fix your problem yet ? Or any idea ?
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 23.Apr.2004 7:13:00 PM
|
|
|
Guest
|
Don't you need to open port 593 on the Watchguard Firewall?
K7
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 26.Apr.2004 10:41:00 AM
|
|
|
bbuerstinghaus
Posts: 122
Joined: 30.Mar.2004
From: Germany
Status: offline
|
For real ? but then.. whats the meaning of rpc over http when i must open another port than 80 ?
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 26.Apr.2004 12:59:00 PM
|
|
|
Henrik Walther
Posts: 6835
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Only SSL port 443/TCP is required open in the firewall.
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 26.Apr.2004 1:26:00 PM
|
|
|
Demo Dick
Posts: 29
Joined: 15.Apr.2003
From: Atlanta
Status: offline
|
quote:
Originally posted by Henrik Walther:
Only SSL port 443/TCP is required open in the firewall.
As usual Henrik is correct that is all that is open on my Watchgaurd & all that is needed for rpc/https
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 15.May2004 9:17:00 AM
|
|
|
Guest
|
Hello,
I cannot get RPC over HTTPS working AT ALL. The only thing I have to go on at this point is that when I run the rpcping tool I am getting the 12175 error about potential certificate conflicts. (http://support.microsoft.com/default.aspx?scid=kb;EN-US;831051)
This is a single server scenario and I have done everything as stated in http://support.microsoft.com/?id=833401
OWA works fine over https with a self-signed cert.
Server name is servername with the AD domain exchange. The certificate is using the external DNS name mail.exchange.com
I can connect to https://mail.exchange.com/rpc and get the expected result.
When configuring the Outlook profile I am using the servername for the exchange server and the DNS name mail.exchange.com in the connect over http settings. Won't connect.
Please help. I have noticed quite a few ppl get this working. I am starting to feel left out ![[Frown]](/image/smiles/frown.gif)
Thanks in advance,
Hook
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 14.Mar.2005 12:09:00 AM
|
|
|
aamer
Posts: 2
Joined: 14.Mar.2005
From: USA
Status: offline
|
It seems like there are a ton of poeple online who are having trouble with RPC over HTTPS. I was one of them, but I got a solution now and I wanted to share it with everyone.
I had followed all the RPC instructions on microsoft's web site. And still my Outlook client would hang when I was outside of my LAN. Why?? Well, it turns out that if you have a SSL certificate you created using SELFSSL, then you may have an issue!
First thing you need to do is to make sure that you created the right kind of certificate. Namely, make sure that you set a large enough window for the expiration date and then make sure that \N option says something like "*.mydomain.com" so that you cover all subdomains for that certificate (as most of you probably want to do).
Now try going to the RPC web page by pointing Internet Explorer to https://FQDN/rpc ... do you see a pop up screen giving you a warning about the certificate? If so, then click on "view certificate" and then click on "install certificate". Now you have installed that SSL certificate and you should not see this pop up screen agian. Try shutting down Internet Explorer, restarting it, and then going to that web page again. Now you should not see that pop up warning screen about the SSL certificate.
Hopefully this should fix your problem. It did for me!
|
|
|
|
|
RE: RPC over HTTP works great internally, but not exter... - 7.Apr.2006 3:56:53 PM
|
|
|
bschaffer
Posts: 1
Joined: 7.Apr.2006
Status: offline
|
I'm happily among thos that have RPC/HTTPs working.
First - my environment:
W2k3 - DC, DNS
W2k3 - Exch2003, IIS 6.0
W3k3 - ISA 2004
PIX Firewall
Test PC using XP SP2 and Outlook 2003
It took me a bit of reading to realize that all of the "How-To" articles fail to explain the different scenarios if you have a single Exchange server or a FE/BE config. Nor does the writer often specify what scenario he is using.
I started with an excellant MS article at http://support.microsoft.com/?id=833401
I had one part that confused me little titled "Step 2: Configure all your global catalogs to use specific ports for RPC over HTTP for directory services". I could not find the key described in my Exchange registry. I decided to skip the step and have since found no need to add.
The above article describes adding/confirming the default ports for RPC/HTTPs in the registry. There is a previous post from Demo Dick that mentions these same ports plus port 593. I added port 593 but was able to delete in the end as it was not needed and worked OK without.
My ISA server was already configured with a published server for OWA and that was working. I had the path /RPC/* to the allowed paths.
I am using a GoDaddy SSL certificate.
I started by testing RPC/HTTPs on the LAN and that worked. I deleted the profile and connected externaly and that worked.
There is a good article regarding client config on http://www.msexchange.org/tutorials/outlookrpchttp.html. It is for Outlook 2002 I think but the settings are much the same. His article is dated Jan05 and he claims you cannot configure a new client from the internet too. I've tested it several times with several mailboxes and it works fine.
I've monitored my ISA logs and there are no attempts to use/connect any ports but 443
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
