Announcement

Collapse
No announcement yet.

More trouble with RPC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • More trouble with RPC

    Hi All

    I'm new here. I hope I'm supposed to start a new thread about this...I am also having trouble with RPC - I have tried every test that I have found information on..OWA works great with our Exchange server, but I need our clients to connect using an Outlook client. When I run rpcdump /P ncacn_http I keep getting an access denied - is this a problem? I've used Harry's program and double-checked the registry entries for the ports..does anyone know if that's a problem?

    If this question should be somewhere else would a Mod please advise me??

    Thanks all.
    Last edited by mo_rocks; 26th July 2007, 20:25.

  • #2
    Re: More trouble with RPC

    RPC over HTTPS problems usually come down to three things.

    - virtual directory settings wrong for authentication. Having anonymous authentication enabled for example. Integrated and sometimes basic authentication should be enabled on the /rpc virtual directory.

    - SSL certificates issues. If you browse to https://host.domain.com/rpc and get a certificate prompt then RPC over HTTPS will not work.

    - registry settings. A single semi-colon in the wrong place can stop it from working. If you have separate domain controllers then you need to remember to make a registry change there as well.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: More trouble with RPC

      Thanks for the reply!

      If I open up IIS Manager, and drill down to the Default Website, I have a folder named RPC and another with RPCwithCert. I don't have one called RPC virtual directory..am I understanding you wrong? I'm no IT pro, unfortunately. In the RPC folder's properties I have both Basic and Integrated Authentication enabled, and Anonymous is disabled.

      When I browse to the https://machine.domain.ca/rpc (where machine is the name of our server, and domain.ca is our registered domain) I get the Certificate Error: Navigation canceled window, telling me that the security certificate for this website was issued for a different website's address. If I click continue, it brings up the NT logon window, and if I enter my username in domain\username format, along with my password, it does the usual 3 prompts, then gives me the expected 401.3: Access denied due to ACL message. However, the top address bar is pink and the certificate window still says "Certificate Error". I'm assuming that is a problem. What should I do - I already tried manually installing the certificate to the Trusted Root CA folder...do I need to re-create the certificate? WHen I view the certificate, it's issued to domain.ca by machine.domain.ca - should it be issued to machine.domain.ca?

      I rechecked the registry - in the localmachine\software\microsoft\rpc\rpcproxy folder the ValidPorts key lists 6001-6002 and 6004 listed for both domain.ca and machine.domain.ca. I have also added the NSPI interface protocol sequences key to the localmachine\system\currentcontrolset\services\NTD S\Paramters folder.

      Any tips?

      Comment


      • #4
        Re: More trouble with RPC

        The folders that you see in IIS manager are actually virtual directories. They don't exist in the same place as everything else.

        If you are getting a certificate prompt that will stop RPC over HTTPS from working. Outlook cannot cope with certificate prompts. You will need to deal with that prompt. That either means getting a certificate in the correct name or using the name that the certificate was issued in.

        If you need to get a new certificate I would strongly suggest that it is NOT in the real name of the machine, but an alias. This gives you the freedom to move the certificate and services elsewhere.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X