Announcement

Collapse
No announcement yet.

RPC over https problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC over https problem

    I am having trouble implementing RPC over https. My configuration is this:

    Server1:
    Windows 2003 Standard SP2
    Exchange 2003 SP2
    OWA

    Server2:
    Windows 2003 Standard SP2
    DC

    So, my DC is on a separate computer. My Exchange server also acts as our OWA server.

    I followed the directions at www.amset.info/exchange/rpc-http-server.asp. On Server2 I imported the reg settings in the Domain Controller Registry Changes - All Scenarios section. On Server1 I imported the reg settings in the Separate Exchange and Domain Controller Configuration section, after changing everything per the key and shrinking it down a single line. I also rebooted both servers.

    OWA still works fine. The problem is connecting Outlook 2003 across the WAN. I've also configured the client per the directions at the above site. The problem I have is that I keep getting prompted for the login credentials. I've tried "domain\username" and just "username" and I know the password is correct. I've run Outlook with the /rpcdiag option and the screenshot is below.

    Running Outlook /rpcdiag from inside gives me the names of the DC and Exchange server. It's only using a TCP/IP connection though, not RPC.

    Any thoughts of what I need to do? It seems that the Exchange server is not communicating with the DC.

    Thanks for the help!
    Attached Files

  • #2
    Re: RPC over https problem

    not sure, just a thought...
    Is your IIS on exchange also configured to use NTLM authentication, or it's configured to use Basic? What happens if you try to change to Basic on your Outlook client.
    Regards,
    John

    Comment


    • #3
      Re: RPC over https problem

      Sorry, forgot that part. The RPC folder under IIS is configured with anonymous unchecked and using Basic Authentication.

      Outlook is configured to use Basic Authentication also.

      Comment


      • #4
        Re: RPC over https problem

        Found this at the following link...
        http://mcpmag.com/columns/article.asp?editorialsid=654

        If you get prompted over and over and over again for credentials, check the server name format on the certificate from the RPC Proxy server. Hereís a quick way to make this check. Open a browser at the client and enter the secure path to the RPC virtual folder in IIS. An example of the syntax is:

        https://w2k3-fe1.company.com/rpc

        If the port on the firewall is configured correctly and the SSL configuration at the server is correct, you should connect and get a 403.2 error, indicating Access Denied. Thatís because the browser requests Read access to a folder that only permits Execute. This is exactly what you want to see. If you get a 404 error, indicating that the client canít find the server, then you have a DNS problem. Double-click the little padlock in the status bar to view the certificate received from the server. Verify that the server name format matches the format you used when you configured Outlook.
        Regards,
        John

        Comment


        • #5
          Re: RPC over https problem

          When I connect to https://www.server.com/rpc I get the error below.

          Directory Listing Denied
          This Virtual Directory does not allow contents to be listed.

          I've run the command below from the remote computer and I received a success ping message.

          rpcping -t ncacn_http -s exchange.domain.com -o RpcProxy=external.domain.com -P "username,domain,*" -I "username,domain,*" -H 1 -u 10 -a connect -F 3 -v 3 -R none -E

          Any other thoughts?

          Thanks,
          Carlos

          Comment


          • #6
            Re: RPC over https problem

            not sure, but it could be something not set correctly in IIS.
            Do you have multiple sites configured in there, or you have it setup under default website?
            Regards,
            John

            Comment


            • #7
              Re: RPC over https problem

              It's setup under the default web site.

              Comment


              • #8
                Re: RPC over https problem

                check this out... it's a solution from our "own" Sembee that was provided on the different forum.
                Are you using the default web site on the server, or have you tried to recreate it on another web site?
                If you look at the /rpc virtual directory in IIS Manager, make sure that it is set to "Scripts and Executables" and that the application pool is set to DefaultAppPool (should be greyed out).
                Directory security should be basic and integrated only.
                Regards,
                John

                Comment


                • #9
                  Re: RPC over https problem

                  The /rpc directory has those settings. I have tried it with Integrated only, Basic only, and both. Still no joy.

                  I can't get over that somehow the Exchange server is not passing the authentication to the DC. The JPG that I attached on my first post shows the Exchange server but doesn't show anything for the Directory server.

                  Thanks for your suggestions!

                  Carlos

                  Comment


                  • #10
                    Re: RPC over https problem

                    Should it help someone else I resolved this issue.

                    When we purchased our certificate for the first time several years ago, we used domain.com as the primary name, with www.domain.com as a subject alternate name on the certificate.

                    All of our OWA users used https://www.domain.com/exchange to login. When I was configuring everything using Sembee's instructions I was using www.domain.com on the server side REG file and the client side Outlook configuration.

                    I changed both sides to the primary name on the certificate, domain.com, and it's working now.

                    Comment

                    Working...
                    X