Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RPC over HTTPS Troubles

477 views
Skip to first unread message

Ben

unread,
Mar 16, 2008, 6:14:57 PM3/16/08
to
Hi,

I'm trying to setup Outlook Anywhere/RPC over HTTPS, using a single Exchange
2003 Server, configured as a backend server, on Win 2003 SP2, ISA 2006 on
Win 2003 SP2, and Outlook 2003 on Win XP SP2 clients. I've followed all the
online documentation, including those below, but I just can't get it
working:

http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Address-Part1.html
(all 5 parts)
http://www.msexchange.org/tutorials/outlookrpchttp.html
http://www.msexchange.org/tutorials/Troubleshooting-RPC-over-HTTPS-Part1.html
(both parts)

So far the steps I've taken are:

1.. Added the RPC over HTTP Proxy component to the Exchange Server

2.. Selected RPC-HTTP back-end server in the Exchange System Manager
RPC-HTTP tab

3.. Checked the port settings under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA

4.. Added
ExchangeServer:6001-6002;ExchangeServerFQDN:6001-6002;ExchangeServer:6004;ExchangeServerFQDN:6004;
to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

5.. Rebooted the Exchange Server

6.. Made sure the Default Website\RPC virtual directory has basic auth
only set.

7.. Create a new firewall policy on the ISA 2006 server for OWA/RPC, with
the same settings/listener as those described in
http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Address-Part3.html

8.. Used the existing Web Certificate which is a wildcard cert,
*.domain.com.

9.. OWA works perfectly (we were using OWA previously anyway, which is why
we had the wildcard certificate), we can login, and send/receive emails

10.. I've created a new Profile in Outlook,and added a new Exchange
account with settings: exchange.domain.com, user.name, in 'more settings'
under the connection tab I've enabled 'connect using HTTP' and set the
exchange proxy settings to: https://owa.domain.com, connect using SSL,
Mutually authenticate: msstd:*.domain.com (same as the wildcard
certificate), tried checking & un-checking on fast networks use http
first... & on slow networks use http first..., set the proxy authentication
to basic.

But, when I click check name in the Outlook settings box, a pop up opens,
asking me to authenticate to exchange.domain.com, I enter my username
'domain\username' and password, however this just pops up again twice and
then I get an error message saying 'The action could not be completed. The
connection to Microsoft Exchange Server is unavailable. Outlook must be
online or connected to complete this action.'

The ISA logging shows the connection, there is an 'Initiated Connection',
then 'Allowed Connection', a 'Failed Connection Attempt' and finally a
'Closed Connection'. The Allowed Connection shows the following info:
Status: 404 Not Found
Request: RPC_OUT_DATA
http://owa.domain.com/rpc/rpcproxy.dll?exchange.domain.com:593
And the Failed Connection shows:
Status: 64 The specified network name is no longer available
Request: RPC_IN_DATA
http://owa.domain.com/rpc/rpcproxy.dll?exchange.domain.com:593
The ports alternate between 593 and 6004

I'm now at a loss as to how to get this working. I've used the Outlook.exe
/rpcdiag to try and test rpc, but that just tries to connect, asks for the
username & password then fails. I've tried rpcdump /v and all of the
ncacn_http ports are correctly set. I've checked rpcproxy.dll exists under
c:\windows\system32\rpcproxy\rpcproxy.dll, although I notice I get an error
if I try and register the dll again using regsvr32: 'DllRegisterServer in
c:\windows\system32\rpcproxy\rpcproxy.dll failed. Return code was
0x80070003', so I don't know if this points to a problem - corrupt file
maybe? Does the RPC over HTTP network component need to be installed on ever
Global Catalogue server in the domain? At the moment we just have it
installed on the Exchange Server which is a Global Catalogue server, but we
have another 2003 DC, which is also a Global Catalogue server, but does not
have Exchange installed.

I can't think of anything else that could be stopping this from working! Can
anyone else help/shed some light onto what the problem maybe?

Any help much appreciated!

Ben


Stuart

unread,
Apr 22, 2008, 9:18:00 AM4/22/08
to
Hi Ben

I too had the same problem. There is a patch from microsoft available for
this.

http://support.microsoft.com/kb/944764/en-us

But I am now having a different issue with my Outlook Anywhere. Getting
exception 1722 thrown from a rpcping externally and exeption 5 access denied
internally.

ISA is showing a failed connection with status 64 the specified network name
is no longer available.
That is for RPC_IN_DATA
http://owa.company.com.au/rpc/rpcproxy.dll?owa.company.com.au:6004

Any help with mine would be much appreciated as well.

Stuart

RMOLANO

unread,
Jul 16, 2008, 1:06:00 PM7/16/08
to
Hi.

I have a problem with Certificates.

My Exchange Server was working as a DC but i had many problems with this
configuration. For solving these problems i decided to demote the Exchange
Server to member server using dcpromo command.

When Exchange Server was DC secondary, RPC Over HTTP service was working
fine, but now not because i have problems with certificates of trust. I can’t
use RPC Over HTTP because i receive a certificate error.

I have created the certificates again but these certificates don’t work fine.

Thanks for your help.

0 new messages