Announcement

Collapse
No announcement yet.

Problems with Outlook and RPC over HTTPS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems with Outlook and RPC over HTTPS

    Looking for some help with this one. Its more of an annoyance then a problem.
    Im Using Microsoft Outlook 2003 SP2 Client to connect to my Microsoft Exchange Server 2003 SP2 over the internet with RPC over HTTPS. It works, but its takes about 2 minutes to establish the connection. I know why, but I cant seem to fix it.

    Watching the RPCDIAG (start, run, outlook /rpcdiag) brings up the connection status, where I can see Outlook try to connect first via TCP/IP as if it was on a LAN. After a minute, it times out then tries HTTPS, which connects after another minute or so.

    I specifically set the Outlook profile to be CHECKED in these two boxes:
    On fast networks, connect using HTTP...
    On slow networks, connect using HTTP...
    Authentication is set as Basic, not NTLM. SSL is forced and uses my own certificate authority.

    Outlook doesnt seem to care that these are checked and tried TCP/IP first.

    Other info:
    Server - Sitting in the Time Warner CO on a Tier1 dedicated T1, new IBM server 226 dual proc, 2.5 gig ram, running Windows 2003 Server std. edition with SP1, running Exchange 2003 server std. sp2.

    My connection - Time Warner Road Runner, 10 megabit down, 1 megabit up using latest P4 Laptop running XP SP2.

    Its not a slow network issue.

    Any help is appreciated...

  • #2
    Re: Problems with Outlook and RPC over HTTPS

    I expect it is trying to contact your certificate authority which needs to time out.
    The number one recommendation I make for RPC over HTTPS is to use a commercial SSL certificate rather than a home grown one.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Problems with Outlook and RPC over HTTPS

      Maybe. I dont belong to the AD domain that the server does. I use Windows pass through authentication and have manually imported the certificate into my trusted root CA store.

      Do you have any info on what the rpcdiag screen should look like when it works correctly? For example, does it jump right to trying https and skip TCP/IP?
      What are the referral lines for in the rpcdiag?

      Thanks again.

      Comment


      • #4
        Re: Problems with Outlook and RPC over HTTPS

        If set correctly, then Outlook will not even try to use TCP/IP - it will go straight to HTTPS. In rpcdiag, a correctly working screen will show ALL as https. If some are TCP/IP then something isn't set correctly. Often the server name will give yo a clue where you have gone wrong.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Problems with Outlook and RPC over HTTPS

          Thanks Simon. That is exactly what Im trying to say. Its attempting TCP before HTTP(s) when I watch it in RPCDiag.

          It sits at this for about 2 min:
          It tries the FQDN first in the left col, Interface is ---, and Connecting is ---

          After some sort of timeout, it tries the netbios name (which I have a hosts. local lookup for - Nebios name resolves to a public IP) then finally connects HTTPS over my Wireless NIC adapter.

          The FQDN and Netbios names both resolve to same public ip.

          Comment


          • #6
            Re: Problems with Outlook and RPC over HTTPS

            You shouldn't be using a hosts file.

            I would remove that totally as it will simply confuse matters. In a correctly functioning network hosts files are not required - if you find name resolution doesn't work without them then you need to find the source of that problem - not use the band aid of a hosts file.

            It would therefore appear that your name resolution isn't set correctly.
            Are you trying this inside the firewall? If not, then you should. Always test the feature inside first so that you can be sure it works without firewall complications.

            I would also repeat my strong recommendation to use a commercial SSL certificate. I have had no end of problems using home grown certificates, but switch to a commercial solution and all is well.
            This does not mean a $500 certificate from the likes of Verisign or Entrust. A $60 certificate from Rapid SSL (who have a 30 day trial certificate if you want to prove what I said) will be fine, or even one of GoDaddy's $20 certificates will be fine as well (http://www.certificatesforexchange.com/ ). You get the added bonus of the GoDaddy certificate being trusted by Windows Mobile 5.0 which makes deployment of those easier as well.

            Simon.
            Last edited by biggles77; 21st February 2007, 13:43. Reason: Fixed link.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment

            Working...
            X