Announcement

Collapse
No announcement yet.

Yet Another one who cant get RPC over HTTPS to work!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Yet Another one who cant get RPC over HTTPS to work!

    Hi Peeps,

    I do hope that one of the experts on RPC over HTTPS can help, as I am going out of my tree.

    1st - I am NOT and IT support expert, but more an annoying fiddler who gets by and has actually had mostly success so far, but please go easy with the very IT speak abbreviations as I am likely to think that DC was a band, or something to do with electrical current!

    I have been fiddling with SBS 2003 for a couple of years in a small company where we didn't have a direct IT support and with the "on-call" guy taking days to arrive I had to find my way round.

    Three years or more back I read up on RPC over HTTPS and as both I and some others did a lot of overseas travel it seemed an excellent solution. So we got the IT guy in he read up on it and bingo it worked fine.

    Since then I have moved myself and most others to Outlook 2007 and still had no issues so have been a great promoter of this RPC over HTTPS method.

    But now comes the story, as I have since left the company and set up on my own with a partner and two other staff, so being cocky, I built a basic server (tight budget) and installed SBS2003. All went OK, even did the SP2 update etc..., but when it came to RPC over HTTPS, I hit the familiar block of getting the login request, entering the domain\username and password and just getting the same request back!

    Called the old IT guy who dialled in fiddled about, it took an age, but in the end using a certificate issued by SBS2003 we got it working!

    Now fast forward and we now needed a bigger faster server, so pu together a nice new box with a decent RAID card and RAID5 array, Intel Xeon Quad Core CPU 4GB ram etc...

    But here we are again, despite following the guide from petri on a single server set-up, I am right back at this same total block, I can access via OWA and TCP/IP from inside, but as soon as I try to access via RPC over HTTPS whether inside the domain or from outside I get the same repeated password request.

    The odd thing is I know it MUST be a server setting, or authentication thing, as from the same laptop I have been using to test it, I can still create a user install the old servers certificate and access the same email account on that server via RPC/HTTPS.

    I get really confused with FQDN and whether I need to do anything at the ISP hosting the domain, but we actually got the other certificate on the old server working by using the external IP, but despite trying to copy every setting I can find from one server to the other, I just cannot get this to work on the new server.

    Can anyone suggest where on earth I have gone wrong and what daft setting have I missed that is causing this constant password\username rejection.

    Oh by the way I even tried to get a 30 day free SSL certificate from Rapid SSL, but that didn't make any odds, although I did get totally confused as to whether I should have done something different with it and did I need to install it on the client machine too.

    Please can anyone offer an insight as I have exmerged the mailboxes off the old server and really want to leave everthing on that new server, but I just cannot bear to be beaten by software, when I know it's my fault somewhere and it does and should work!

    Thanks

    Ridesy

  • #2
    Re: Yet Another one who cant get RPC over HTTPS to work!

    RPC over HTTPS errors comes down to one of three things...

    1. SSL certificate acceptance
    2. Authentication mismatch
    3. Registry settings.

    SSL certificate is the easiest to test for.

    Browse to https://host.domain.com/rpc and see if you get an SSL prompt. If you do, then the feature will fail. If you just get an authentication prompt then you are fine. Authentication will never work in this test.

    Authentication mismatch - this means having integrated enabled on the virtual directory and basic only set in Outlook (or vice versa). It should be either basic/basic or integrated/NTLM.
    On a side note, if the account has an expired password or the account is locked out, then that can also generate a repeated authentication prompt.

    The registry settings is more complicated.
    It isn't clear if you are now using SBS or not. If you are then you shouldn't be trying to set this manually. You need to be setting it up using the wizards. The only thing that you need to do manually is the SSL certificate work, as I find the wizard isn't too intuitive with that.
    The registry settings required seem to differ between sites. My version is here: http://exchange.sembee.info/2003/rpc...tp/default.asp

    Simon.
    Last edited by Sembee; 15th July 2011, 12:26. Reason: URL Correction
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Yet Another one who cant get RPC over HTTPS to work!

      Hi Simon,

      Thanks for the reply!

      I had hoped you mght see this and answer!

      First thing, when you say host.domain.com, what is the "host" bit, as if I use https://"mail".domain.co.uk/rpc (as my domain is a .co.uk), I get a "you are not authorised to view this page" error http 403.6! But if I try /exchange I get in to OWA without even a certificate error at all!

      I am using SBS2003 and did setup RPC usiing the wizard, so what does this mean?

      Thanks

      Ridesy

      Comment


      • #4
        Re: Yet Another one who cant get RPC over HTTPS to work!

        When I post host.domain.com that is just a short hand for whatever is on your SSL certificate. That could be mail.domain.co.uk, somethingverylongandannoying.anotherlongname.org.d k or whatever. It is simply to show certificate acceptance. What you should not be entering is "domain.com", as that is against best practises. Ideally domain.com should be pointed at a public web site and internal systems that are exposed to the internet should be using a specific host in the domain.

        The authentication prompt will always fail and that is to be expected. The /rpc test is to see whether a certificate prompt is generated.

        Therefore if the certificate is working, did you setup the feature exclusively using the wizard or have you tried to configure it manually in any shape or form?

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Yet Another one who cant get RPC over HTTPS to work!

          Hi Simon,

          I did type in the host.domain.co.uk/rpc correctly then, but I have tried so many methods (SBS IIS Wizard, Petri Guide here, rpcnofrontend gizmo), I reckon I've screwed it somewhere.

          I have got a 30day trial SSL certifcate from rapidssl and that seems fine with OWA, so I guess the certificate itself is OK!??

          If I go back to stage one and re-run the IIS Wizard from "To-do-list" in SBS and then try to use this certificate, would this potentially resolve the problems?

          Can you advise the steps I should go through? Do I just run the wizard, or do I need to do other bits from the Petri guide??

          Thanks for all the help.

          Ridesy

          Comment


          • #6
            Re: Yet Another one who cant get RPC over HTTPS to work!

            Simon,

            Thanks for help, I have finally realised that too much reading of too many articles doesn't help!

            As soon as I found this single article and just followed that by re-running the SBS 2003 Internet Connection Wizard and used the existing rapid SSL cert, it worked (of course!).

            I guess in my hurry to get it working I followed the full Server 2003 guides and screwed the whole thing by not just simply following the wizard!

            The stupid check box I missed was "Outlook via the Internet" one, as I just didn't realise that this one meant RPC over HHTPS or Outlook Anywhere and I guess I didn't check back carefully enough!

            Anyway all done now, RPC over HTTPS working fine and will just have to remember to purchase the certificate beyond its 30 day trial!

            Now it's on to setting up an FTP site, as I have suppliers that need to send me large files and lost of them! Any tips on this!!

            Ridesy

            Comment


            • #7
              Re: Yet Another one who cant get RPC over HTTPS to work!

              SBS calls the feature Outlook over the Internet, which is now Outlook Anywhere in Exchange 2007. All part of making SBS easy for non-technical people.

              As for FTP, if you open up FTP to the internet then make sure that you lock it down and the administrator password is strong. FTP servers are hammered by administrator password attempts.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment

              Working...
              X