Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RPC / HTTPS issue in 2007 and 2010

903 views
Skip to first unread message

Joe

unread,
Apr 28, 2009, 1:19:26 AM4/28/09
to
I have a single 2008 DC with a single member 2008 server in two scenarios,
one with E2k7 and one with E2k10. Both do not work with rpc/https, but the
same lab scenario with a Windows 2003 dc and single member 2003 server with
e2k3 works fine.

It's not an SSL issue, the remote client can browse the rpc dir w/o a
warning. testexchangeconnectivity shows an rpc error on port 6001? I have
tried basic and ntlm auth, configuring either or, both and allowing for
replication.The client is setup exactly the same way that allows it to work
with the 2003 setup.

Any ideas where to look?

Thanks!


Mike Shen (MSFT)

unread,
Apr 28, 2009, 5:13:14 AM4/28/09
to
Hi,

Thank you for posting.

From your post, I understand that the Outlook client cannot connects to
Exchange Server through RPC over http. When you test the connection by
using testexchangeconnectivity site, it indicated that it cannot connect to
6001 port. You have access the RPC dir and do not get a certificate related
warning. If I'm off base, please feel free to let me know.

I suggest we attempt the following method to troubleshoot the issue:

1. Please let me know whether the users are able to access their mailbox
through OWA
2. Run RPCDump tool on the mailbox server:

Rpcdump /s mailbxoserver

Under ncacn_http, you should get entries like below:

192.168.1.2[6001] [a4f1db00-ca47-1067-b31f-00dd010662da] Exchange Server
STORE EMSMDB Interface :NOT_PINGED
192.168.1.2[6002] [1544f5e0-613c-11d1-93df-00c04fd7bd09] MS Exchange
Directory RFR Interface :NOT_PINGED 192.168.1.2[6004]
[f5cc5a18-4264-101a-8c59-08002b2f8426] MS Exchange Directory NSPI Proxy
:NOT_PINGED

3. Run RPCcfg tool on the Client Access Server which enabled Outlook
Anywhere:

Rpccfg /hd

You should get entries like below:

Server Name Port Settings
----------------------------------------------------------------------------
---
MB 6001-6002 6004

mb.lab.com 6001-6002 6004

Note: You could export the results when running the tool and send to me at
v-mi...@microsoft.com.

4. Use RPCPing tool to check the connection

RPCPing.exe -t ncacn_http -o RpcProxy=< RPC Proxy Server> -u=10 -a connect
-v 3 -E -P "username,domain,password" -H 1 -F 3 -b

RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P
"user,domain,password" -I "user,domain,password" -H 1 -F 3 -a connect -u 10
-v 3 -e 6001

RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P
"user,domain,password" -I "user,domain,password" -H 1 -F 3 -a connect -u 10
-v 3 -e 6002

RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P
"user,domain,password" -I "user,domain,password" -H 1 -F 3 -a connect -u 10
-v 3 -e 6004

How to use the RPC Ping utility to troubleshoot connectivity issues with
the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003
http://support.microsoft.com/kb/831051

Some further information:

Outlook Anywhere Client Connectivity Issue Because of TCP/IPv6
http://technet.microsoft.com/en-us/library/cc671176.aspx

White Paper: Outlook Anywhere Scalability with Outlook 2007, Outlook 2003,
and Exchange 2007
http://technet.microsoft.com/en-us/library/cc540453.aspx

Sincerely,
Mike Shen
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

With newsgroups, MSDN subscribers enjoy unlimited, free support as opposed
to the limited number of phone-based technical support incidents. Complex
issues or server-down situations are not recommended for the newsgroups.
Issues of this nature are best handled working with a Microsoft Support
Engineer using one of your phone-based incidents.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Joe

unread,
Apr 28, 2009, 8:57:20 AM4/28/09
to
Hi,
Users can access OA just fine.

Rpcdump /s <mbxserver>
ncacn_http(Connection-oriented TCP/IP using Microsoft Internet Information
Server as HTTP proxy.)
10.0.0.3[6002] [1544f5e0-613c-11d1-93df-00c04fd7bd09] :NOT_PINGED
10.0.0.3[6004] [f5cc5a18-4264-101a-8c59-08002b2f8426] MS Exchange
Directory NSPI Proxy :NOT_PINGED
10.0.0.3[6004] [f5cc5a18-4264-101a-8c59-08002b2f8426] MS Exchange
Directory NSPI Proxy :NOT_PINGED
10.0.0.3[6001] [938fe036-ede6-4f6c-966e-a3d7300279c8] Exchange Server
STORE EMSMDBPOOL Interface :NOT_PINGED
10.0.0.3[6001] [31e68719-d4fc-401a-8788-bc56169a336b] Exchange Server
STORE Async EMSMDBMT Interface :NOT_PINGED
10.0.0.3[6001] [df831451-edad-415d-905f-9d3793f92db3] Exchange Server
STORE EMSMDBMT Interface :NOT_PINGED
10.0.0.3[6001] [5261574a-4572-206e-b268-6b199213b4e4] Exchange Server
STORE Async EMSMDB Interface :NOT_PINGED
10.0.0.3[6001] [a4f1db00-ca47-1067-b31f-00dd010662da] Exchange Server
STORE EMSMDB Interface :NOT_PINGED
10.0.0.3[6001] [da107c01-2b50-44d7-9d5f-bfd4fd8e95ed] Exchange Server
STORE ADMIN Interface :NOT_PINGED
10.0.0.3[6001] [99e64010-b032-11d0-97a4-00c04fd6551d] Exchange Server
STORE ADMIN Interface :NOT_PINGED
10.0.0.3[6001] [89742ace-a9ed-11cf-9c0c-08002be7ae86] Exchange Server
STORE ADMIN Interface :NOT_PINGED

Rpccfg /hd
Error: RpcProxy is not installed on this system.
The command did not complete successfully.

It most certainly is installed as a Feature on the single exchange server.


rpcping -t ncacn_http -s <FQDN> -o RpcProxy=<FQDN> -P "user,domain,pass" -I
"user,domain,pass" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 3

RPCPinging proxy server FQDN with Echo Request Packet
Sending ping to server
Response from server received: 401
Client is not authorized to ping RPC proxy
Ping failed.

rpcping -t ncacn_http -s <FQDN> -o RpcProxy=<FQDN> -P "user,domain,pass" -I
"user,domain,pass" -H 1 -F 3 -a connect -u 10 -v 3 -e 6001
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 3
Completed 1 calls in 594 ms
1 T/S or 594.000 ms/T

rpcping -t ncacn_http -s <FQDN> -o RpcProxy=<FQDN> -P "user,domain,pass" -I
"user,domain,pass" -H 1 -F 3 -a connect -u 10 -v 3 -e 6002
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 3
Completed 1 calls in 203 ms
4 T/S or 203.000 ms/T

rpcping -t ncacn_http -s =<FQDN> -o RpcProxy==<FQDN> -P
"user,domain,pass" -I "user,domain,pass" -H 1 -F 3 -a connect -u 10 -v 3 -e
6004
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 3

Exception 1722 (0x000006BA)

This is caused by incorrect VALID_PORTS registry keys, but in Exchange
2007/10 they get overridden? On the 2008 Server running Exchange, I have the
follwoing:
ValidPorts:
MBXsrv:593;MBXsrv:49152-65535
ValidPorts_AutoConfig_Exchange
MBXsrv:6001-6002;MBXsrv:6004;MBXsrv.domain.local:6001-6002;MBXsrv.domain.local:6004

And no mention of the DC? Is that normal?

TCP/IPv6 is disabled on both the single DC and single Exchnage server (Its
unchecked in the nic parameters).

Thanks so much for the detailed post!

""Mike Shen (MSFT)"" <v-mi...@online.microsoft.com> wrote in message
news:9vAVWG%23xJH...@TK2MSFTNGHUB02.phx.gbl...

Mike Shen (MSFT)

unread,
Apr 29, 2009, 2:06:59 AM4/29/09
to
Hi Joseph,

Thanks for your response.

After reviewing the RPCDump file, I think that the configuration on the
Exchange mailbox server is correct. In addition, I notice that you cannot
rpcping the Proxy Server and Mailbox Server (6001, 6004)

Regarding the RPCPing problem to RPC Proxy Server, I notice that you use -H
2 switch while you ping Mailbox Server by using -H 1. I would like to
explain that -H 2 means that you use NTLM method to authenticate to RPC
Proxy Server. If the NTLM is not enabled on the RPC Proxy Server, you may
encounter the problem. Therefore, I suggest you run following command again
to ping your RPC Proxy Server:

RPCPing.exe -t ncacn_http -o RpcProxy=< RPC Proxy Server> -u 10 -a connect

-v 3 -E -P "username,domain,password" -H 1 -F 3 -b

Please check whether you can ping the RPCProxy server successfully this
time.

Note: I suggest you run all the RPCPing commands on RPCProxy Server
directly in order to bypass the firewall between the RPCProxy Server and
the external client.

Regarding the Exception 1722 (0x000006BA) error when ping 6001 port and
6004 port, please let me know:

1. Whether the Client Access Server and Mailbox Server are installed on
same server or different servers. If the Client Access server role and
Mailbox server role are installed on different server, please ensure the
6004 and 6001 ports are allowed by the firewall

2. Whether the Mailbox Server is installed on GC? If yes, please add
registry key by referring to following article:

http://technet.microsoft.com/en-us/library/bb124159(EXCHG.65).aspx

3. I think that the ValidPorts registry key is incorrect. You should see
see something like:
mbx1:6001-6002;mbx1:6004;mbx1.contoso.com:6001-6002;mbx1.contoso.com:6004
as the value for the key.

Further information:

How does Outlook Anywhere work (and not work)?
http://msexchangeteam.com/archive/2008/06/20/449053.aspx

Thanks,
Mike

0 new messages