No announcement yet.

Outlook Anywhere/RPC over HTTP not working Exchange 2007

  • Filter
  • Time
  • Show
Clear All
new posts

  • Outlook Anywhere/RPC over HTTP not working Exchange 2007

    I posted this same question at Experts-Exchange, but I haven't gotten any help there, so I'm posting here too. Thanks.

    This is a brand new installation of Exchange 2007 on a brand new installation of Windows Server 2003 R2 Standard x64 Edition. Single server domain. RPC over HTTP Proxy is installed in Windows. Server is a Certificate Authority, I created a self signed certificate request in IIS, generated the certificate, installed/imported certificate into Exchange, Enabled said certificate for SIP & W no U. (not using P or I, but just enabled them in case I need it later.)

    Checked in IIS and the Certificate listed there has the same Thumbprint as listed in Exchange. There are two directories now added to IIS Default Web Site: RPC and RPCwithCert both pointing to C:\Windows\System32\RPCProxy. In Exchange Management Console (EMC) I then went to Server Configuration, Client Access and enabled Outlook Anywhere.

    I put in the internal FQDN for the server, which is the same as the external FQDN for this server, Basic Authentication is selected, Allow SSL offloading is unchecked. I have an internal DNS using that FQDN pointing to the internal private IP address and our external DNS points to our public IP. When I ping internally I get the correct IP address. I've added an external DNS entry for autodiscover for this server as well.

    In IIS on the default web site I have a host header entry for the FQDN as well as autodiscover. I have gone to https://FQDN/Certsrv, logged in (accepting a cert error about trusted root status) then installed the certificate chain in IE 7 on my Windows XP Professional workstation (which is not joined to the domain and my local username and password are different from the domain), and Outlook Web Access (OWA) works perfectly with no cert error (my self CA is now in my trusted roots.) I can access OWA internally and externally. I setup Outlook 2007 to do Outlook Anywhere, put in the FQDN, set it to basic authentication, set it to try to do HTTP first on both fast and slow networks.

    Outlook /rpcdiag reports connecting on TCP-IP internally and externally it won't connect because RPC over HTTP isn't working. When connected internally I did the "test e-mail autoconfiguration" (hold ctrl key, right click Outlook icon in system tray, choose test e-mail configuration) and it connects fine to the autodiscover.FQDN and reports:
    Autoconfiguration found the following settings:

    Display Name: Administrator

    Protocol: Exchange RPC
    Server: [note it actually has our FQDN here]
    Login Name: administrator
    Availability Service URL: https://FQDN/EWS/Exchange.asmx
    OOF URL: https://FQDN/EWS/Exchange.asmx
    OAB URL: http://FQDN/OAB/hexidecimal#matchingOABdirectory#/
    Unified Message Service URL: https://FQDN/UnifiedMessaging/Service.asmx
    AUth Package: Unspecified

    Protocol: Exchange HTTP
    Server: same name as above FQDN
    Login: administrator
    SSL: Yes
    Mutual Authentication: Yes
    Availability Service URL: https://FQDN/EWS/Exchange.asmx
    OOF URL: https://FQDN/EWS/Exchange.asmx
    OAB URL: http://FQDN/OAB/hexidecimal#matchingOABdirectory#/
    Unified Message Service URL: https://FQDN/UnifiedMessaging/Service.asmx
    AUth Package: Basic
    Certificate Principal Name: msstd:FQDN
    -end report-
    One note, before I correctly configured the autodiscovery DNS entries, I would get synch errors in Outlook about the OAB and a missing URL, after I added the DNS entry, that went away. However, one should be able to go in a web browser to https://FQDN/OAB/hexidecimal # of OAB dir/oab.xml and get an xml page returned (in IIS I have verified that OAB points to the ClientAccess OAB directory and got the hex # from there.) When I try this internally and externally I get an http 500 error.

    I did a
    PS] U:\>Test-OutlookWebServices -identity administrator | format-list
    Id : 1003 Type : Information
    Message : About to test AutoDiscover with the e-mail address [email protected]

    Id : 1006 Type : Information
    Message : Contacted AutoDiscover at https://FQDN/Autodiscover/Autodiscover.xml.

    Id : 1016 Type : Success
    Message : [EXCH]-Successfully contacted the AS service at https://FQDN/EWS/Exchange.asmx.

    Id : 1015 Type : Success
    Message : [EXCH]-Successfully contacted the OAB service at https://FQDN/EWS/Exchange.asmx.

    Id : 1014 Type : Success
    Message : [EXCH]-Successfully contacted the UM service at https://FQDN/UnifiedMessaging/Service.asmx.

    Id : 1016 Type : Success
    Message : [EXPR]-Successfully contacted the AS service at https://FQDN/EWS/Exchange.asmx.

    Id : 1015 Type : Information
    Message : [EXPR]-The OAB is not configured for this user.

    Id : 1014 Type : Information
    Message : [EXPR]-The UM is not configured for this user.

    Id : 1013 Type : Error
    Message : When contacting https://FQDN/Rpc received the error The remote server returned an error: (500) Internal Server Error.

    Id : 1017 Type : Error
    Message : [EXPR]-Error when contacting the RPC/HTTP service at https://FQDN/Rpc.

    Id : 1006 Type : Success
    Message : Successfully tested AutoDiscover.

    Id : 1021 Type : Information
    Message : The following web services generated errors.
    Contacting server in EXPR
    Please use the prior output to diagnose and correct the errors.
    -end 2nd report-
    All of which basically reports what I already know, that RPC isn't working...

    On another company's Exchange 2007 server I can go to https://FQDN/rpc, I get a login prompt, then after putting in good credentials, get an "Error: Access is Denied" webpage returned. On this server I don't get a login prompt, I just get an IE HTTP 500 error, just like OAB.

    I have checked Get-ExchangeCertificates, and as many other "gets" as I can think of from the multitude of postings out there about how to setup/check on Outlook Anywhere. As far as I can tell everything is correctly setup, but RPC doesn't work.

    The C:\Windows\System32\rpcproxy\rpcproxy.dll directory and file are there. The file has a date of 2/17/2007 and is version 5.2.3790.3959. I checked all of the rpcproxy.dll settings etc. but I wasn't able to re-register the dll, got an error. So I uninstalled RPC over HTTP Proxy from Add & Remove Programs. I checked out the rpcproxy directory and the dll disappeared. I deleted the dll in dllcache. The RPC listing in Web Services in IIS Manager disappeared and I deleted the RPC and RPCwithCert virtual dirs under the Default Web Site. I then reinstalled RPC over HTTP Proxy, then I stopped WWW & MS Exchange and restarted them, but can't reboot right now, so I haven't done that yet. The file reappeared in both directories, same file version and date as above, the virtual dirs reappeared in the Default Web Site and the RPC listing in Web Services reappeared too. All to no avail, it still gets the RPC error with Test-OutlookWebAccess.

    Full disclosure, I am a consultant and I have setup another 2007 server from scratch in this exact same way for a different company and this all worked flawlessly right out of the box. Just added RPC to Windows, enabled OA, put in the server name, and voila! it worked.

    I've also recently migrated a company from Exchange 2000 Windows 2000 to a new Windows 2003/Exchange 2007 server and Outlook Anywhere worked fine there too. I can't for the life of me figure out what else to check, or what could possibly have gone wrong. Anyone have any ideas? Please help me, I really don't want to start over, the user mailboxes are going to be a pain to export to PST and reimport without EXmerge.
    Last edited by Sembee; 24th January 2008, 18:32. Reason: Make it easier to read, some spell checking

  • #2
    Re: Outlook Anywhere/RPC over HTTP not working Exchange 2007

    OK, no one came up with anything at all helpful on this or the other 2 forums, and I did a bunch more testing and diagnosing using a bunch of different MS utilities that other places mentioned, none of which really matters, because they all seemed to tell me the same thing: RPC wasn't working.
    Not Exchange, not the certificate, not IIS, just RPC wasn't working. So, what I ended up doing was creating a temporary server with Windows 2003 64 bit, installing Exchange 2007 to it, making it a DC (since my other Exch server was the DC, GC and DNS for the domain) I used the migration utility to move the mailboxes from one server to the other.

    Then I moved the public folder replicas, deleted the Public folder database on the "bad" server, uninstalled Exch. 2007, dcpromo'd it to remove AD, then removed the server from the Domain. (I also moved all the user directories and files and recreated their shares on the temp server edited the login script, Oh and I made the temp server the operations master for all of the Domain/AD roles as well as a GC.)

    With the "bad" server out of the domain and everything functioning just fine on the temp server, I just wiped it clean and reinstalled from scratch.
    I installed Windows server 2003 x64, then service packed it, joined the Domain, made it a Domain controller, DCpromo'd it back to a being a DC, moved the DC/AD roles all back to it, made it a GC server, installed DNS and made sure everything synchronised just fine.
    Then I reinstalled Exchange 2007 and RPC over HTTP Proxy, created a test account on the newly reinstalled server and voilą! RPC over HTTP/S worked perfectly right out of the box as it is supposed to. I moved the mailboxes back, did everything necessary to make Exchange 2007 be the way it should be and I was done. What a hassle.

    But maybe this will encourage someone else to just start over instead of beating their head against a wall, and if it makes it easier for someone else then, this forum will have done its job. By the way someone else on another forum elsewhere insisted that you HAVE to use a certificate from a "real" CA, but this just isn't true.
    I created a self signed certificate from my server that has Certificate Services on it and it works just fine for RPC and everything else. Just remember to go to and click on download the certificate chain, then install the certificate chain and you'll be fine for RPC over HTTP with Outlook 2003 & 2007. Don't just do the https: to your server and try to click on "install certificate" you need to actually get your self CA into the trusted roots, not just the certificate.

    OK one caveat here, for "locked" mobile devices (the Samsung Blackjack for instance), where they only allow you to install approved apps from the wireless provider, you won't be able to download and install the chain, so for those and (as far as I know) only those locked devices you would need a "real" certificate from a "real" CA that you pay money for. Most other MS active sync or Windows Mobile devices play fair and let you install certificate chains.

    Good luck if you are reading this because you have this problem, I can sympathise. -Steve
    Last edited by Sembee; 24th January 2008, 18:30. Reason: Make it easier to read, some spell checking


    • #3
      Re: Outlook Anywhere/RPC over HTTP not working Exchange 2007

      You have to install the rpc over http function before it will work.


      • #4
        Re: Outlook Anywhere/RPC over HTTP not working Exchange 2007

        Gee, how do you people read posts like above? There are no paragraphs to break up the text or sections discussed and it is all just one big blur. Makes hard reading and I gave up after 3 lines.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2


        • #5
          Re: Outlook Anywhere/RPC over HTTP not working Exchange 2007

          As this question is getting so many hits, I have reformatted the two posts above to make them easier to read. As already pointed out by biggles above, a single block of text is very difficult to read. I too just skipped over the question because a block of text is hard to read.

          As I was editing it, there were a number of points I would have made in the original question.
          I would disagree with your point on using certificate services - the best practises has always been to use a commercial SSL certificate. That has been reinforced with Exchange 2007 and the use of subject alternative name certificates. When you can get a single certificates for US$20 or SAN/UM certificates for US$60/year it simply doesn't pay to struggle with self generated certificates.

          At first glance it also looks like your have your URLs set incorrectly as well.

          Simon Butler
          Exchange MVP

          More Exchange Content:
          Exchange Resources List:
          In the UK? Hire me:

          Sembee is a registered trademark, used here with permission.


          • #6
            Re: Outlook Anywhere/RPC over HTTP not working Exchange 2007

            I ran into this exact same problem and spent a bunch of time banging my head against the wall.

            I am posting because I was able to get past it without the full server rebuild described above.

            I think my problem was caused by attempting to active Outlook Anywhere before having RPC over HTTP proxy loaded in Windows. This seems very easy to do because the "enable Outlook Anywhere" wizard does not mention this requirement at all.

            I fixed mine as follows:

            disable Outlook Anywhere
            unload RPC over HTTP proxy
            reboot the server
            relead RPC over HTTP proxy
            re-run Outlook Anywhere wizard

            As the wizard says, it took several minutes for the Application Event Log entries to appear, but shortly after that, the client that where I had Outlook open waiting to connect did so without any interaction. I closed and reopened, and tested a different client and all is working so far.