Announcement

Collapse
No announcement yet.

Trouble with Exchange 2003 RPC over HTTP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trouble with Exchange 2003 RPC over HTTP

    I have used this article to configure RPC over http:
    http://www.petri.com/configure_rpc_o...gle_server.htm

    I have a single Exchange 2003 SP2 server.

    I have two test clients running; a WinXP SP2/Outlook 2003 SP2 machine, and a Vista/Outlook 2007 machine.

    Everything seems to be configured correctly, however when I try to log into outlook from either computer, it prompts for username and password over and over again without ever logging in. I know that my private SSL cert is working and is properly trusted because I can log into OWA using https without getting a certificate error.

    rpccfg /hd returns the following:

    ---------------------------------------------------
    eserver 6001-6002 6004
    eserver.scc.local 6001-6002 6004
    mail.XXXXXXXX.com 6001-6002 6004

    All the ports look good, I just don't know what I'm missing. Any help would be very appreciated!

    Jess

  • #2
    Re: Trouble with Exchange 2003 RPC over HTTP

    Have you tested this from inside?
    What are the authentication settings on the /rpc virtual directory in IIS manager?
    What are the authentication settings in Outlook for the RPC over HTTPS settings?

    I tend to suggest both Integrated and Basic on the /rpc virtual directory, and then use NTLM in Outlook if the machine is a member of the domain and basic if the machine is not.

    I also suggest using a commercial certificate rather than a home grown certificate, even if you have got your certificate to be accepted.
    I have spent many hours trying to get the feature to work with a home grown certificate and failed, purchased a certificate and had it working within minutes. Now I feel I am having a bad day if I cannot get RPC over HTTPS to work in less than 30 minutes.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Trouble with Exchange 2003 RPC over HTTP

      Sembee, I appreciate your reply.

      I'm using basic authentication on the virtual directory and on the Outlook client because I plan on having several laptops using this RPC over HTTP without being joined to the domain.

      I think I have found the root of the problem. When I issue this command:

      rpcping -t ncacn_http -s mail.xxxxxx.com -o RpcProxy=mail.xxxxxxxx.com -P user,domain,* -H 1 -u 10 -a connect -F 3 -R none -v 3 -E

      then enter the password, I get the following result:

      RPCPinging proxy server mail.xxxxxxxx.com with Echo Request Packet
      Sending ping to server
      Response from server received: 401
      Client is not authorized to ping RPC proxy
      Ping failed.

      401 errors seem quite difficult to troubleshoot in IIS, but I really don't think this is a permissions issue. I've tried new accounts, old accounts, green accounts, blue accounts, and all of them give this result. I've tried using Microsoft's authdiag against IIS and everything looks good.

      Prior to this attempt, I've set up 2 other exchange 2003 servers with rpc over http and private certs. They work fine to this day.

      I've tried creating 2 different, new "home grown" SSL certs to no avail. Always being sure that the CN is mail.xxxxxxx.com. Do you really think a GoDaddy cert would do the trick? Please let me know.

      Jess

      Comment


      • #4
        Re: Trouble with Exchange 2003 RPC over HTTP

        As I wrote above, I spent many hours trying to get this to work with a home grown certificate and failed. I then got a commercial certificate and it worked.

        If you want to try a commercial certificate then RapidSSL (Geotrust) do 30 day trail certificates. Get one of those, doesn't cost anything and takes about 15 minutes to get. They are trusted so will be accepted by Outlook and Internet Explorer.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Trouble with Exchange 2003 RPC over HTTP

          Huh I tried and worked on cert about one hour, now works without a problem...

          make SURE that you IMPORT same certificate on all client nodes (notebooks).

          Add cert to ROOT and then import it AGAIN with default path...

          That worked for me on notebook and as well on my PDA...

          And one more thingie... Check your DNS server...


          Hope it helps you...

          Comment


          • #6
            Re: Trouble with Exchange 2003 RPC over HTTP

            As if by magic, the GoDaddy cert makes it work. Hooray!

            One last thing...

            In order to log in using Outlook, I must use domainname\username and the password. Any tips or tricks on how to be able to just enter the username without the domainname?


            Thanks Again,

            Jess

            Comment


            • #7
              Re: Trouble with Exchange 2003 RPC over HTTP

              For Outlook - no.
              You must always use domain\username otherwise the server doesn't know that you are trying to authenticate to the domain.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment

              Working...
              X