RPC over HTTP frustration (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Outlook Web Access



Message

GERob -> RPC over HTTP frustration (10.Dec.2004 8:35:00 PM)

I'm trying to set up some roving Outlook 2003 users and am having some problems.

When I set up outlook (inside the network) and then leave the network and try to start outlook I get the credentials popup and then outlook sits there and thinks for a hwile and then comes back and says that the exchange server is unavailable.

I run this command:

rpcping -t ncacn_http -s ExchangeServer -o RpcProxy=ProxyServer -P "username,domain,*" -I "username,domain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R HttpProxy

I get this error:

Response from server received: 401
Client is not authorized to ping RPC proxy

I'm running a single exchange server.

Any help would be greatly appreciated. Also, if more information is needed just let me know what you need.

GR



GERob -> RE: RPC over HTTP frustration (10.Dec.2004 9:43:00 PM)

More information:

I checked the box for mutually authenticate the session when connecting with SSL.

When I do this I still get the pop up asking for creditials but I enter username/password and the pop up just pops back up immediately.

If I run outlook /rpcdiag I get the pop up window asking for creditials that constatnly pops back up. In the Exchange Server Connection Status window I have the following 3 lines:
Server Name Type Interface Conn Status
--- Directory --- Connecting
FQDN Referral --- Connecting
FQDN Mail --- Connecting

I can enter my username/password for ever and it will just keep popping up.

I can go to https://mail.company.com/rpc and I get the expected error.

I'm at a loss, any help?

GR



Henrik Walther -> RE: RPC over HTTP frustration (11.Dec.2004 10:39:00 AM)

Do you authenticate with the format domain\username and password (or UPN)?

Also remember the client(s) needs to be trusting the SSL certificate before you can connect.



GERob -> RE: RPC over HTTP frustration (11.Dec.2004 6:44:00 PM)

quote:
Do you authenticate with the format domain\username and password (or UPN)?

Also remember the client(s) needs to be trusting the SSL certificate before you can connect.
I try both ways, both result in the same issue.

I can log into https://mail.company.com/owa with no issues, and just to be sure when I did log on to that I clicked the lock and imported the cert onto the machine.

This is a wildcard certificate that I am using. Not sure if that makes any difference.

Also, the --- on the directory is a big concern to me. I'm not even sure which machine it should be attempting to connect to.

Our network consists of a DomainController, a Fileserver and an Exchange server.

GR



aliahmed59 -> RE: RPC over HTTP frustration (19.Dec.2004 5:20:00 AM)

Are you using a third party certificate of an internal MS certificate server. If you are configuring Outlook on RPC over HTTP externally that you need to download the root certificate server. If your certificate services are running on serverA then you can access that server by typing https://servera.domain.com/certsrv which will give you the option to download the CRL chain. Once you have downloaded the CRl chain certificate on that Outlook client machine you should be able to login without any problem if you have valid port keys entered correctly on the exchange server. You can check the registry entries are enterred correctly by doing a quick test. telnet exchangeservername 6001 , try with 6002 and 6004. If you get the reply means the port is listening.



GERob -> RE: RPC over HTTP frustration (19.Dec.2004 5:36:00 AM)

I'm using a 3rd party wildcard SSL certificate.

Is the address you provided, https://servera.company.com/certsrv only if it's a self generated certificate?

If not, is the certsrv part exactly what needs to be typed or does it need to be replaced?

GERob



GERob -> RE: RPC over HTTP frustration (19.Dec.2004 5:40:00 AM)

Also, I can't telnet into the exchange server with port 6001,2,4 because I don't have those ports open on my firewall.

It was my belief the only thing that needed to be open was 80 and 443.

GERob



BeTaCam -> RE: RPC over HTTP frustration (21.Dec.2004 3:47:00 PM)

Hi

1. Ensure you are using Exchange 2003 Sp#1
2. Mark the correct RPC Proxy FE and BE
3. Add the GC, Exchange for ports 6001,02,04
4. Please remove MSSTD as if you use a mutual auth, there is no mention that you have a valid trusted certificate for the user or in your registry hive.

5. Log off in the client and connect across

It will not prompt anymore.

HTH

BC



GERob -> RE: RPC over HTTP frustration (21.Dec.2004 6:25:00 PM)

quote:
Hi

1. Ensure you are using Exchange 2003 Sp#1
2. Mark the correct RPC Proxy FE and BE
3. Add the GC, Exchange for ports 6001,02,04
4. Please remove MSSTD as if you use a mutual auth, there is no mention that you have a valid trusted certificate for the user or in your registry hive.

5. Log off in the client and connect across

It will not prompt anymore.

HTH

BC
Thanks for your reply, questions below:

1. I am on SP#1 on Exchange and my Windows is also up to date.

2. I'm not sure what you mean by "marking". We have a single Exchange server so we don't have a FE and BE. On the single server we do have the rpc proxy up and running and I get the expected error when going to https://mail.company.com/rpc

3. I've added the 600# ports on the DomainController and the Exchange server. The fileserver (the only other server in my network) is not a domain controller, it's only a file share.

4. Okay, I've removed Mutual authentication.

5. Not sure what you mean by "log off in the client and then connect across" I think something got cut.

I've confirmed that in both my DC and EX server that we are set for 600# ports. I ran rpccfg /hr (or hd can't remember) and it shows the ports that are supposed to be used.

I can now with my current settings connect to the exchange server if I'm on my internal network but not if I'm outside of it.

When I run outlook with /rpcdiag I get the following connections:

I have 4 lines all servers are exchange.company.com (exchange server)

Two lines each for Directory and Mail

Directory is saying connection is TCP/IP and Mail is saying HTTPS.

GERob



BeTaCam -> RE: RPC over HTTP frustration (22.Dec.2004 4:52:00 PM)

Hi GERob.

1.E2K3 Sp#1 allows you to RPC/Https without necessity of a front end so the config is correct.

I presume from your last point now it connects to the exchange server?

Easier way to check is as follows.

- Open your mail profile in outlook 2003.
- You will see the Outlook icon on the task bar.
- Hold control key
- Simaltaneously right click on the task bar icon and choose connections.
- It will throw up a screen where you can see whether the negotiation failed on Http and switched to tcp or what is the current status including the response time.

Further troubleshooting.

The FQDN of the Exchange Server and the Host header on the certificate should ideally match.

The Trusted Root CA for your third party SSL wildcard must exist on your desktop. ( if issued by verisign, say then you need to have the Verisign on the Trusted root in your Xp Desktop)

On the OL2003client config, please mark the following changes.

- Exchange Proxy server = https://fqdn
- Connect RPC/Http over both fast and slow networks.
- Basic Auth
- close config screen
- open outlook 2003 ( your profile)

Check now from the client for the connectivity (control/rightclick

let me know [Smile]

HTH

BC



Pantherfan -> RE: RPC over HTTP frustration (28.Dec.2004 3:59:00 PM)

You didnt say what OS version your GC/DC was for your exchange site. If your DC/GC residing in your exchange site are only windows 2000, you will have that exact problem. Upgrading to 2003 GC should resolve it.

I had the same problem, and all my GC's were upgraded except the one in the "site" my exchange server resided in (so my ad was 2003), and the problem was fixed once we upgraded that one. Apparently some calls that the exchange server makes for rpc over http require the gc to be 2003.



GERob -> RE: RPC over HTTP frustration (1.Jan.2005 2:29:00 AM)

Okay, I've done all that you've suggested Betacam and still no luck.

Here is a link to some screen shots that I took, perhaps that will help:

http://www.robuck.us/Exchange/Exchange.html

The connection status windows are in the order that they appear from the time I start to the time it comes up and says "Exchange Server not available".

Again, I can connect if I'm inside my lan and it says that it connects via TCP/IP when inside my lan.

All servers are up to date Win2k3, laptops are WinXP Pro.

Thanks for all the help.

Is there anything that I need to check on the EX or DC server?

GERob



GERob -> RE: RPC over HTTP frustration (12.Jan.2005 6:07:00 PM)

Okay I've got it working.

My network setup is a single DC(GC), single FS, single EX server.

One of my team had promoted the EX Server to a DC but did not promote it to a GC.

I knew the problem was in the communication between the outlook client and the GC because only the directory (in rpcdiag of outlook) was failing to connect via HTTPS.

So, I made the EX a GC and everything started working perfectly.

It's my belief that if the EX server is a DC it MUST be a GC as well. Or it has to be neither. I've not tested the 'neither' side though.

Thanks for all the help.

GERob



JonasBratt -> RE: RPC over HTTP frustration (14.Jan.2005 7:53:00 AM)

Connecting through RPC over HTTP is only supported on Windows 2003 server, right?
Regards, Jonas



GERob -> RE: RPC over HTTP frustration (14.Jan.2005 8:10:00 AM)

Correct, only Win2003

GERob



loayo -> RE: RPC over HTTP frustration (17.Jan.2005 7:15:00 AM)

I believe I have the same problem posted here; however, I checked and found that GC is enabled.

Any insight ?

Again, I have 1 server that is a DC, GC, Exchange 2003 and RPC Proxy on a Windows 2003 Enterprise Server.

RPC Ping is successfull; however, the Outlook client is not. I have installed my certificated so OWA does not receive a prompt.

Any help is appreciated.

Regards,
Loayo



loayo -> RE: RPC over HTTP frustration (17.Jan.2005 7:20:00 AM)

More information:

I have installed the Exchange ActiveSync Notify Troubleshooter.

Upon attempting the test an account, I receive the following error:

***The remote server returned an error: (403) Forbidden. ***

Any help is appreciated.

Loayo



GERob -> RE: RPC over HTTP frustration (17.Jan.2005 7:34:00 AM)

Is there a firewall inbetween your EX server and the net?

Did you do the registry editing to make sure the 6000 ports (1,2,4 I think) are configured correctly?

What does the outlook client say when you do the outlook /rpcdiag?

Can you screenshot the connection screens like I did above?

GERob



loayo -> RE: RPC over HTTP frustration (17.Jan.2005 4:58:00 PM)

I was able to get RPC working. It turned out that reinstalling RPC defaulted to different ports.

Right now the only issue is ActiveSync. It seems to give me a 403 error on the mobile terminal.

Regards,
Loayo



staylor -> RE: RPC over HTTP frustration (20.Jan.2005 3:57:00 PM)

I'm getting this error too, I have windows 2003 server, with exchange server 2003. I have everything configured as per say. I can login use owa, but as soon as I try rpc http I get a prompt box then it comes up with "Server Unavailable", I
've followed all the steps to the T for setting up rpc http on a single server.

Any ideas?



Page: [1] 2   next >   >>