Announcement

Collapse
No announcement yet.

RPC-HTTP: Usr\pwd being rejected

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC-HTTP: Usr\pwd being rejected

    Hi,

    Scenario
    After following the "How can I configure RPC over HTTP/S on Exchange 2003 (single server scenario)?" on an Windows SBS 2003 (fully service packed and updated) and configuring the built in CA, Outlook clients are prompted for their username and password, which is rejected. This has also been experienced on a Windows 2003 Standard with Exchange 2003 Standard setup. This occurs both internally and externally.


    Detail
    I've followed the "how to" to the letter, and also had my boss do the same, so I can guarantee we have not deviated from the article.

    As for the CA, we created a cert from within IIS, using the external FQDN of the server, and imported the root certificate into the trusted roots of the client PC.

    Outlook has been configured as per "How can I configure Outlook 2003 to use RPC over HTTP/S?", with the exception of within MS Exchange Proxy Settingswe have "Connect using SSL only" and "Only connect to proxy..." ticked, with "msstd:<external fqdn of exchange server" as the principal name below, and using NTLM Authentication.

    The authentication details we use when prompted by Outlook are definitely correct, since we can use those same details for OWA (we've also tried all variations of the username, eg [email protected], domain\username etc). We are confident the certificates are ok, since we use Exchange Activesync with the same certificates with no problems (which also proves that 443 is correctly configured on our firewall).

    Within the Outlook config, it correctly resolved the name of the mailbox and mailserver from outside the network, so we are definitely getting communication with the server.


    Thanks in advance,

    Will

  • #2
    Re: RPC-HTTP: Usr\pwd being rejected

    I don't recommend using a home grown certificate with this feature and changing that would be the first thing I would recommend that you do. I have spent hours getting it to work with home grown certificates, failed, then put a commercial certificate on and it has worked in minutes.

    The usual cause for authentication prompts is an authentication type mismatch.
    So if you want to use NTLM in Outlook then Integrated Authentication needs to be enabled on the /rpc virtual directory. That is the first thing I would check.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: RPC-HTTP: Usr\pwd being rejected

      Aha - your idea was nearly there; IA was enabled on the RPC virtual dir, but not on the RPCWithCert. When I cloned the settings from the RPC dir to this, the authentication issue stopped.

      Comment


      • #4
        Re: RPC-HTTP: Usr\pwd being rejected

        That shouldn't have fixed the problem as rpc-with-cert isn't used. It was introduced by Microsoft at some point, but never actually released.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X