Announcement

Collapse
No announcement yet.

RPC Issue (Yup, another one)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC Issue (Yup, another one)

    Hello!

    I have just managed to our exchange server off the ground and up and running this week. Following lots of tutorials, running into lots of problems along the way, I finally managed to get it delivering mail, receiving mail, OWA working, AD setup, multiple domains on one exchange box, some additional tricks installed.

    First, I wanted to show everyone a pretty good paper on this process that I came across in my ventures. This one goes along pretty well with the Petri tutorial. It has some neat tricks for password changing, etc.
    http://www.c2ict.nl/files/configuring_rpc_over_http.pdf

    Here is my current setup.
    -Windows Server 2003, updated
    -Exchange Server 2003 (32bit limitations), updated
    -One box hosting IIS,DNS,Exchange at winbox.myhost.net (FQDN)
    -Netios name winbox
    -No front-end
    -One client running Outlook 2007 with Vista

    Outlook Setup
    -MS Exchange Server: winbox.myhost.net (NOT CACHED)
    -Username: zcferres
    -Logon network security: NTLM
    -Encryption: ticked
    -Connect to MSEx using HTTP: ticked
    -Connection: Using LAN
    -URL for proxy: winbox.myhost.net
    -Only connect to proxy servers that have principal name in certificate: NOT ticked
    -fast networks,slow networks: ticked
    -Proxy Auth: Basic Authentication

    Exchange/IIS Setup
    -Not part of an exchange managed RPC-HTTP topology
    -IIS shows all websites are running
    -ValidPorts Entry: winbox:6001-6002;winbox.myhost.net:6001-6002;winbox:6004;winbox.myhost.net:6004

    The Problem
    -Outlook prompts for password, I enter myhost\zcferres and my password and it thinks for a minute. It does NOT prompt for PW again.
    -Connection status shows TCP/IP and Connecting.... (should be HTTPS?, no?)
    -Times out and throws an error that server is unavailable

    Seems working
    -Certificate is good, I can login to OWA and the certificate doesnt pop-up. After the certificate was offered by godaddy, I imported it on the server and saved it from there. Then I imported the PFX to my client and installed it as a Root certificate. I really don't think the certificate is the problem here, IE tells me the certificate is good without even prompting.
    -I am able to RPC Ping the server from the client
    rpcping -t ncacn_http -s winbox -o RpcProxy=winbox.myhost.net -P
    "zcferres,myhost.net,password" -I "zcferres,myhost.net,password"
    -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 6.0

    RPCPinging proxy server winbox.myhost.net with Echo Request Packet
    Sending ping to server
    Response from server received: 200
    Pinging successfully completed in 640 ms
    -I am also able to RPC Ping from the server itself.
    -OWA works great from everywhere

    Seems Broken
    -Using http://support.microsoft.com/kb/831051 I was able to try 'How to Use Basic Authentication and SSL to Connect to the Stores Port'. So I did a
    RpcPing t ncacn_http s winbox -o RpcProxy=winbox.myhost.net -P "zcferres,myhost.net,password" -I "zcferres,myhost.net,password" -H 1 F 3 a connect u 10 v 3 e 6001
    -From this RPCPing (coming from client) I got an error
    Exception 1722 (0x000006BA)
    RPC Server is unavailable The RPC service cannot be contacted. You may receive this response because there are problems with the RPC Proxy server (if this is the case, you can use the E argument to verify that the RPC Proxy server is available), because the service stopped on Exchange 2003 backend server (for example store), because the Exchange 2003 backend server is down, because the ValidPorts registry key does not permit access to this server, because the ValidPorts registry key does not permit this port, because you tried to to access the EMP when it was not published (neither the e switch or port 593 were available), or because you tried to access UUID when EMP was not published (for example, you used the a switch without port 593 being available.).
    This is pretty much all the info that I can think of right now, but if you need more shoot it my way and I will get it in here. Thanks for your help in advance!

    Zach

  • #2
    Re: RPC Issue (Yup, another one)

    RPC over HTTPS basically fails for one of three reasons.
    1. Authentication
    2. Registry settings
    3. SSL certificate issues.

    Are you testing this internally or externally? If you are doing it externally then do it internally first as that rules out the firewall as a forth cause.

    Why did you import the certificate in to the machine? That step was not required and may cause problems due to the way that the certificates are checked. GoDaddy certificates only need work on the server, and that is to import the root and intermediate certificate. I would suggest that you remove whatever you imported in to your machine as the root certificate should already be there.

    For authentication, I usually suggest enabling both Basic and Integrated authentication. Then test to see if the Integrated authentication goes through the firewall. You need to set Outlook to use NTLM in the RPC over HTTPS settings.
    However I do think you don't have the client configured correctly.
    I don't like sending you to another site, but my instructions on server and client setup are here: http://www.amset.info/exchange/rpc-http.asp

    Finally I have to say I don't rate that white paper you found at all. 38 pages! It is thorough, but hopelessly out of date. Plus it uses home grown certificates which are a pain to get to work correctly. Considering it mentions security at the start then uses home grown certificates (which I consider to be one step above no certificates at all, but only just) is quite amusing.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: RPC Issue (Yup, another one)

      Are you testing this internally or externally? If you are doing it externally then do it internally first as that rules out the firewall as a forth cause.
      -I have tested this internally and it works fine. I set up outlook on the server and connected with TCP/IP successfully as well as connecting with Outlook Anywhere using the same settings as on the client.

      Why did you import the certificate in to the machine? That step was not required and may cause problems due to the way that the certificates are checked. GoDaddy certificates only need work on the server, and that is to import the root and intermediate certificate. I would suggest that you remove whatever you imported in to your machine as the root certificate should already be there.
      I removed it. It still doesn't prompt me for certificate acceptance when I login to the HTTPS for OWA, the lock is in the corner of the screen as it is an accepted certificate by default as GoDaddy Certificate. Again, I believe the certificate checks out okay and I really don't think this is the problem.

      For authentication, I usually suggest enabling both Basic and Integrated authentication. Then test to see if the Integrated authentication goes through the firewall. You need to set Outlook to use NTLM in the RPC over HTTPS settings.
      However I do think you don't have the client configured correctly.
      I don't like sending you to another site, but my instructions on server and client setup are here: http://www.amset.info/exchange/rpc-http.asp
      Still no go on this one, I actually have used that same walkthrough and diagnostic section before to try to fix this. It still didn't work. I have been to about every whitepaper site on the internet for this! I like to try to do my homework before I ask the experts.


      Heres a bit more that I noticed:
      HTTP_ERR log shows
      2007-11-30 03:43:08 65.24.67.227 16465 208.109.232.64 443 HTTP/1.1
      RPC_IN_DATA /rpc/rpcproxy.dll?winbox.myhost.net:6004 - 1
      Connection_Abandoned_By_AppPool DefaultAppPool
      2007-11-30 03:43:08 65.24.67.227 16466 208.109.232.64 443 HTTP/1.1
      RPC_OUT_DATA /rpc/rpcproxy.dll?winbox.myhost.net:6004 - 1
      Connection_Abandoned_By_AppPool DefaultAppPool

      IIS log shows
      2007-11-29 23:02:36 W3SVC1 208.109.232.64 RPC_IN_DATA /rpc/
      rpcproxy.dll - 443 myhost.net\zcferres 65.24.67.227 MSRPC 200 0 0

      Event Viewer shows
      RPC Proxy successfully loaded in Internet Information Services (IIS)
      mode 6.0.

      Comment


      • #4
        Re: RPC Issue (Yup, another one)

        Still unable to connect here. I'm really beginning to think it has something to do with the strange reports in the HTTPERR log, it seems that DefaultAppPool keeps crashing or something. Can anyone here translate these log entries?

        I'm really at a stuck point here.

        Thanks in advance!

        Comment


        • #5
          Re: RPC Issue (Yup, another one)

          I would suggest removing the RPC Proxy component, virtual directories and starting again. That will usually fix the problem. If that doesn't work then it could be an issue with IIS, which would be more serious to resolve.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: RPC Issue (Yup, another one)

            No such luck, still crashing the pool.

            A process serving application pool 'DefaultAppPool' suffered a fatal communication error with the World Wide Web Publishing Service



            Any ideas on where to begin on troubleshooting this issue if it is IIS?

            Comment


            • #7
              Re: RPC Issue (Yup, another one)

              There is very little that you can do to troubleshoot IIS if it is playing up. If there are any third party applications using IIS then those should be removed, but otherwise you could be looking at a reinstall of IIS and Exchange.

              http://support.microsoft.com/default.aspx?kbid=320202

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment

              Working...
              X