Announcement

Collapse
No announcement yet.

RPC over HTTPS Timeout

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC over HTTPS Timeout

    I've seen a few threads like this topic, but none have solved my problem.

    I'm running Exchange server 2003 on Windows Server 2003 in a single server configuration behind an [inexpensive, non-microsoft] firewall. The firewall has port 443 open (and actually also has port 80 open because I have a redirect to send users to https automatically in case the forget to type it in).

    The server seems to work well. OWA works properly via https. I have a self signed certificate that is manually installed by the users on the [few] machines that have remote access. OMA also is working properly.

    However, when any of the remote users (including my own two remote machines) attempt to connect to the server using Outlook 2003 using RPC over HTTPS, the client hangs for about 3 to 5 minutes before a connection is established, then works fine. Using "outlook /rpcdiag" I can see that the connection attempts start immediately, but they do not succeed until Outlook tries RPC over HTTPS, then they succeed immediately.

    The problem is clearly that outlook is not, initially, trying to use RPC over HTTPS, but RPC over TCP/IP instead. I've verified this by temporarily putting the Exchange server in a DMZ and forwarding all traffic to it. In this case the TCP connections come up immediately. When the firewall is in its normal configuration, I do see the RPC traffic on port 135 trying to connect to the exchange server (and failing) until the HTTPS tunnel get started.

    I do have both fast and slow networks checked on the proxy page to use HTTP first. I'm using NTLM Authentication (Basic Authentication does not work.) I'm using "Connect via SSL only" but "mutual authentication is not checked" since it fails to connect when I do check it.

    In watching the progress in the exchange server connection status window, I see it attempting to connect to the external DNS address (using TCP/IP). This eventually times out and then the connections are successfully established to the internal NETBIOS name using HTTPS.

    So, my basic question is:

    What do I need to do to force Outlook 2003 to stop trying to use RPC over TCP/IP initially (or at least only try for a very short time, like seconds) and to use RPC over HTTPS immediately?

  • #2
    Re: RPC over HTTPS Timeout

    Poke. Can anyone help with this? I've read the configuration tips, but cannot seem to figure this out.

    Comment


    • #3
      Re: RPC over HTTPS Timeout

      Here is my document from an SBS network (Note: FQDN = Fully Qualified Domain Name)

      Using Outlook via the Internet
      If you are using Microsoft® Office Outlook® 2003, you can connect to the computer running Windows® Small Business Server through the Internet using the feature called RPC over HTTP. This means you can remotely access your server e-mail account from the Internet when you are working outside your organization's firewall. You do not need security-related hardware or software (such as smart cards or security tokens), and you do not have to establish a virtual private network (VPN) connection to the server.
      Comparing RPC over HTTP and Outlook Web Access
      When using RPC over HTTP to access your mailbox, you get the full functionality of Outlook 2003. For example, you can work offline, use Microsoft Office Word 2003 as your e-mail editor, and easily organize your mailbox.
      To use Outlook via the Internet
      Ensure that the following requirements have been met on the client computer:
      Verify that the computer is running Microsoft Windows XP Service Pack 1 or later
      • Click Start, right-click My Computer, and then click Properties.
      The version of the operating system and service pack is displayed under System. If you do not see a service pack version, there is no service pack installed.
      Verify that Windows update Q331320 is installed on the computer (not required if you are running Windows XP Service Pack 2 or later)
      1. Click Start, click Control Panel, and then open Add or Remove Programs.
      2. Under Currently installed programs, search for the item Windows XP Hotfix (SP2) Q331320.
      3. If the item is not present, go to the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=18651) and follow the instructions to download and install it.
      Verify that the computer is running Outlook 2003 or later
      1. Open Outlook.
      2. Click the Help menu, and then click About Microsoft Office Outlook. The version number appears at the top of the box.
      Verify that the computer trusts the certificate used by the server
      1. Open Internet Explorer, and then in the address bar type:
      https://<FQDN>/remote
      • If the certificate is trusted, a certificate warning does not appear. In this case, continue with step 1 under Ensure that you have an Outlook profile configured for the server.
      • If the certificate is not trusted, a warning appears. Click View Certificate, click Install Certificate, and then follow the instructions.
      Ensure that you have an Outlook profile configured for the server
      1. Click Start, and then click Control Panel.
      • If you are viewing Control Panel in the default Category view, switch to Classic view, and then double-click Mail.
      • If you are viewing Control Panel in Classic view, double-click Mail.
      2. In the Mail Setup dialog box, click Show Profiles. If your profile appears in the list, select your profile, click Properties, click E-mail Accounts, select View or change existing e-mail accounts, and then click Next. If your profile does not appear, open Outlook and follow the instructions to create a profile before proceeding.
      • If Microsoft Exchange Server does not appear in the list, the existing profile is not associated with a Microsoft Exchange Server e-mail account. Click Cancel, and then click Close. Continue with step 3 to add a profile.
      • If there is an existing Microsoft Exchange Server profile, continue with step 3 under Configure the computer for RPC over HTTP.
      3. Click Add. The New Profile dialog box appears.
      4. In the Profile Name box, type a name for the new profile, and then click OK. The E-mail Accounts dialog box appears.
      5. Under E-mail, select Add a new e-mail account, and then click Next. The Server Type dialog box appears.
      6. Click Microsoft Exchange Server, and then click Next.
      7. Continue with step 4 under Configure the computer for RPC over HTTP.
      Configure the computer for RPC over HTTP
      1. Click Start, and then click Control Panel.
      • If you are viewing Control Panel in the default Category view, switch to Classic view, and then double-click Mail.
      • If you are viewing Control Panel in Classic view, double-click Mail.
      2. In the Mail Setup dialog box, click E-mail accounts, click View or change existing e-mail accounts, and then click Next.
      3. In the E-mail accounts dialog box, click Microsoft Exchange Server, and then click Change.
      4. In the Microsoft Exchange Server box, type the local name of the Exchange server:
      <netbiosname>.<local (AD) domain>
      5. In the User Name box, type the user name that you use to log on to the Remote Web Workplace. Do not click Check Name.
      6. In the Exchange Server settings page, click More Settings.
      7. On the Connection tab, under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP, and then click Exchange Proxy Settings. The Exchange Proxy Settings dialog box appears.
      8. Under Use this URL to connect to my proxy server for Exchange, type the following URL:
      <FQDN>
      9. Select Connect using SSL only, and then select Mutually authenticate the session when connecting with SSL.
      10. In the Principal name for proxy server box, type the following text:
      msstd:<FQDN>
      11. Select On slow networks, connect using HTTP first, then connect using TCP/IP.
      12. Under Proxy authentication settings, select Basic Authentication.
      13. Click OK, and then click OK again. Click Next, and then click Finish. Click Close.
      14. In the Mail dialog box, if Always use this profile is selected, choose the newly configured profile.
      15. Open Outlook and type your Windows Small Business Server user name (in the format <DOMAIN>\user name) and password. You can now work with your Outlook mailbox.
      TIA

      Steven Teiger [SBS-MVP(2003-2009)]
      http://www.wintra.co.il/
      sigpic
      I’m honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

      We don’t stop playing because we grow old, we grow old because we stop playing.

      Comment

      Working...
      X