Configure RPC/HTTP 1

[MagnumVP]

I currently have Exchange 2003 running on a Member Server as our Internal and External (OWA and Pop3) email.

I've be tring to configure the RPC for use with out Outlook 2003 clients but with no luck. I've installed the PRC over HTTP service. Configured the rpc directory in IIS but still nothing.

Everything works internal but I cann't even "Check Name" when configuring the Outlook Client. I've installed the Hotfix patch for Outlook 2003 to work better over RPC. I have opened tcp port 135 on my firewall just to see if that would work, but it didn't. I have gone through the steps on KB 833401 and that doesn't work. I currently have the following ports redirected to the email server;

25 (SMTP), 80 (OWA), 135 (RPC), 110 (Pop3) & 3389 (RDP)

I'm not using SSL yet, because I want to test to see if RPC will work for our company prior to implementing.

Any help would be greatly appreciated.

Thanks

 

[Rookcr]

Correct me if I am wrong but I thought a requirement was SSL to use RPC over http.

Rook

 

[MagnumVP]

According to

http://support.microsoft.com/?id=833401

that is the default configuration....but not required.

"Note While RPC over HTTP does not require Secure Sockets Layer, you must modify the registry to enable RPC over HTTP if you do not want to use Secure Sockets Layer. Microsoft recommends that you enable and require Secure Sockets Layer for your RPC over HTTP communications

 

[maelx]

Do you have a 2003 Global Catalog Server up and have the RPC registry entries pointing to it?

Brent

 

[MagnumVP]

I only have one DC (Windows 2003: Essentially one GC) so I'm assuming that the RPC registry is pointing to it.

Where can I verify this?

 

[JillofAllTrades]

Do you have DNS resolution to the Exchange server? Try a HOSTS entry maybe.

Christine

 

[MagnumVP]

I can get to OWA and I get the error message for

https://<URL>/rpc

I ran the rpcping utility from the server and the client and found that I am having an RPC communication issue.

I'm receiving this error;

Error 12175 returned in the WinHttpSendRequest Come to find out it has something to do with the certificate that I am using. Which is interesting because I haven't install one yet.

I'm going to install one and see what happens.

While I'm here, how can I install a Trusted Certificate on the client so it will trust the URL that I am pointing to?

 

[Knutern]

If you have more than one DC/GC, make sure they every DC/GC is Windows Server 2003.

If you are using your own CA to issue certificates, go to default web site and view certificate, save it to file, and do export the private key too. Import this on any client which needs OWA and do not want to accept the certificate everytime they log on.

Regarding the problem checking the name: There a hotfix for this problem. Need to call Microsoft in order to get it though (ie. you need to open a request, but you do not need to pay for it). More details here

http://support.microsoft.com/default.aspx?kbid=830355

Hope this helps.


Cheers
Knutern

 

[MagnumVP]

Ok..here is what I have figured out.

I installed a Network monitor on the Outloko Machine and watched what happened.

It sends the request over to the Exchange server using the External FQDN (

https://mail.blah.com).

The Exchange server send back a response, then Outlook sends a request for server1.blah.com (The Internal address or NetBIOS address).

Why is Outlook querying for the NetBIOS name of the server when I told it to point to

https://mail.blah.com?

Any Thoughts?

 

[xmsre]

Is your forest W2K3 native? 12175 means ERROR_DS_FOREST_VERSION_TOO_LOW, so I suspect not.

 

[MagnumVP]

The forest and domain are in Windows Server 2003 mode, but Exchange is in 2000 Mixed. It can be chagned to Exch 2003 Native, but I have to verify that nothing is in need of it being in mixed.

Could Exchange being in Mixed cause the issue?

 

[MagnumVP]

Ok...I sort of fixed it.

I have successfully run rpcping from the client and the server and get


rpcping -t ncacn_http -s mail.url.com -o RpcProxy=mail.url.com -P "BobSmith,url,Password1" -I "BobSmith,url,Password1" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none

RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 1, QFE Q331320 present

RPCPinging proxy server mail.url.com with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in 500 ms


So it does connect using NTLM (-H 2) and SSL (-F 3)

But for some reason I can't configure Outlook 2003.

I've tried

http://support.microsoft.com/default.aspx?scid=kb;en-us;833401&Product=exch2003

and

http://www.microsoft.com/office/ork/2003/three/ch8/OutC07.htm

and

http://www.msexchange.org/tutorials/Outlook_2003_Connect_Exchange_2003.html

and many others.

The Error message that it gives me is

The connection to the MS Exchange Server is unavailable. Outlook must be online or connected to complete this action

Any thoughts?

 

[Knutern]

I've struggled with this issue my self for a long time too, without any success.

As you, I have read almost any information available on this issue without getting closer to a solution.

We are going to implement VPN instead. Not very useful my posting, but well, just had to tell.

Cheers
Knutern

 

[MagnumVP]

I figured it OUT!!!! Sort of what Microsoft calls..."A Workaround"

I removed the SSL Cert, uninstalled RPC fom the server then rebooted the server. I then performed the task STEP-BY-STEP at

http://support.microsoft.com/?id=833401

Everything worked until Step 3: Test the Outlook connection.

I noticed that for some odd reason the mail.ulr.com (124.25.26.8) (External address) was being changed to the netbios name of the server, EmailSrv.internal.local.

Example:
Internal Address
Netbios=EmailSrv
FQDN=EmailSrv.Internal.local

External Address
Netbios=None
FQDN=mail.url.com

What I did to fix the issue is open C:\Windows\System32\Drivers\etc\Host file and add the following

EmailSrv.Internal.local 124.25.26.8


That way when the computer attempts to resolve the EmailSrv.Internal.local address it will just point to the same location. Normally it would have never resolved it because EmailSrv.Internal.local is not reachable from the Internet.

I hope this helps someone who is having one hell of a time configuring RPC/HTTP.