Announcement

Collapse
No announcement yet.

Exchange 2003 RPC over HTTP problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 RPC over HTTP problem

    Hi All,

    I've been working on getting the RPC over HTTP configuration done on my Exchange Server 2003 (on Windows Server 2003 w/ SP2).

    Now that the configuation is finished, I can't seem to get the RPC over HTTP to function outside of network... Each time I setup the configuration on a Windows XP w/ Outlook 2003 outside the network, I'm not able to connect to the Exchange server....

    I used the https://www.testexchangeconnectivity.com/ to try and figure out where this is going on, and this was the result that I got:

    Attempting to Resolve the host name mail.domain.com in DNS.
    Host successfully Resolved
    Additional Details
    IP(s) returned: xxx.xxx.xxx.xxxx

    Testing TCP Port 443 on host mail.domain.com to ensure it is listening/open.
    The port was opened successfully.

    Testing SSLCertificate for validity.
    The SSLCertificate failed one or more certificate validation checks.
    Additional Details
    The SSL Certificate failed validation Exception Details: Message: The remote certificate is invalid according to the validation procedure. Type: System.Security.Authentication.AuthenticationExcep tion Stack Trace: at System.Net.Security.SslState.StartSendAuthResetSig nal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(B oolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication (LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsClient (String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient (String targetHost) at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificat eTest.PerformTestReally() :


    I went back into my Exchange server and checked the SSL certificate under my IIS, and created a new one. I tried the test again and got this message:

    Attempting to Resolve the host name mail.domain.com in DNS.
    Host successfully Resolved
    Additional Details
    IP(s) returned: xxx.xxx.xxx.xxx
    Testing TCP Port 443 on host mail.domain.com to ensure it is listening/open.
    The port was opened successfully.
    Testing SSLCertificate for validity.
    The SSLCertificate failed one or more certificate validation checks.
    Tell me more about this issue and how to resolve it
    Additional Details
    A network connection error occured while communicating with the remote host: Exception Details: Message: Authentication failed because the remote party has closed the transport stream. Type: System.IO.IOException Stack Trace: at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(B oolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication (LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsClient (String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient (String targetHost) at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificat eTest.PerformTestReally()

    Any help would be greatly appreciated......
    Last edited by Padfoot; 14th December 2008, 04:32. Reason: additional information added

  • #2
    Re: Exchange 2003 RPC over HTTP problem

    When you say "created a new certificate", how did you do it
    Outlook RPC/HTTPS wants a 3rd party certificate where the name matches the external domain name
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Exchange 2003 RPC over HTTP problem

      You can buy public certificates really cheaply nowadays so there is no reason to create your own. If you do you need to remember that no-one will trust them without the root certificate installed as well (something you can never do with the exchange connectivity site). Do you get certificate errors with OWA when viewed from the machine you are trying to connect from with rpc/https?
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: Exchange 2003 RPC over HTTP problem

        This is most likely your problem:

        "Testing SSLCertificate for validity.
        The SSLCertificate failed one or more certificate validation checks."

        IF you have used a home grown certificate I suggest that you change to a commercial certificate. While it is possible to get the feature to work with a home grown certificate, the work involved hardly makes it worth while. When you can get a commercial certificate for less than US$30 from places such as GoDaddy http://DomainsForExchange.net/ it is a no brainer really.

        I can get this feature to work in less than 30 minutes with a commercial certificate. How long have you been playing around with it?

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange 2003 RPC over HTTP problem

          Hi Ossian,

          thanks. i requested a certificate from a 3rd party and it is now working! XD

          Comment


          • #6
            Re: Exchange 2003 RPC over HTTP problem

            Hi All,

            I'm going to have to revisit this issue. Recently setup a new mail server and after all the configurations, I've come across a different issue than before. After I run the exchange connectivity test, I get the following error:

            Testing RPC/HTTP connectivity
            RPC/HTTP test failed
            Test Steps

            Attempting to Resolve the host name server.domain.com in DNS.
            Host successfully Resolved
            Additional Details
            Testing TCP Port 443 on host server.domain.com to ensure it is listening/open.
            The port was opened successfully.
            Testing SSLCertificate for validity.
            The certificate passed all validation requirements.
            Additional Details
            Testing SSL mutual authentication with RPC Proxy server
            Successfully verified Mutual Authentication
            Additional Details
            Testing Http Authentication Methods for URL https://server.domain.com/rpc/rpcproxy.dll
            Http Authentication Methods are correct
            Additional Details
            Attempting to Ping RPC Proxy dragon.enablence.com
            Cannot ping RPC Proxy
            Additional Details
            A Web Exception occured because an HTTP 401 - Unauthorized response was received from IIS6

            What should I be looking for with the error:

            A Web Exception occured because an HTTP 401 - Unauthorized response was received from IIS6

            Any pointers would be greatly appreciated!

            Comment

            Working...
            X