problems with RPC over HTTP/S

[schase]

Hi all,

Exchange 2003 & Windows 2003,Outlook 2003 SSL Cert from GoDaddy.com

I've followed Petri's guides to set up Exchange for RPC over HTTP/S on single server. A test of the RPC locally works good. Remotely however, I'll launch the rpcdiag and the box shows 4 lines

server name " ---" type: directory Conn "---" Status: Connecting.
Server name "<my server>" type: Referral Conn "---" Status: Connecting.
server name " ---" type: directory Conn "---" Status: Connecting.
Server name "<my server>" type: Referral Conn "---" Status: Connecting.

Then I get prompted for a username/pass. - which I enter. If I enter something wrong it prompts right back. Meanwhile the RPCDiag box will shorten to two Types of Directory.

Eventually I will get an error box saying: Exchange server is unavailable. Outlook must be online or connected to complete this action.

To test the firewalls, I can connect to Outlook Web Access over SSL just fine - log in no problem. I can type the
https:\\<url>\RPC and get the 401.3 error noted in article about 401.3 error on Petri's site that says to disregard it.

I'm stuck, firewalls seem to be okay, outlook setup seems to be okay. What else am I missing?

Stuart

 

[nsantin]

Follow this guide from M$. I found it covered a number of items that Petri didn't. For example setting the RPC web site authenication. Also make sure you don't have any SSL certificate errors getting to your site.

http://www.microsoft.com/technet/pr...03d-64c2-470f-9561-6de9003effe4.mspx?mfr=true

 

[schase]

thanks I'll give it a shot and let you know.

Stuart

 

[schase]

No luck,

There were a couple differences that I altered but same results. I imported the certificate too to see if that was doing it.

I can connect to the web client via ssl, just not the RPC over HTTP/S - I tried removing the SSL portion and still couldn't connect.

Stuart

 

[Zelandakh]

You won't be able to do it without https. So you imported the cert and put it into the trusted certificates container? (that's the obvious one most people miss). You did basic auth and did the right msstd line in Outlook?

What does outlook /rpcdiag say?

 

[schase]

Just to make sure I added the certs again. They're imported in both local computer and current user.

Certificates (local computer) > Trusted Root Certification Authorities > Certificates.
I've imported the root and the cert for my server.

Just going over the settings again here. My settings look exactly like those listed here

http://www.msexchange.org/tutorials...-single-Exchange-Server-2003-environment.html

What happens is - I connect on the RPCDiag, choose a profile, almost immediately I get the login prompt which I put in as me@mydomain.com - put in the pass - I see rpcdiag go to

server name " ---" type: directory Conn "---" Status: Connecting.

Then it will alter to

Server name "<my server>" type: Referral Conn "---" Status: Connecting.

Then it will come back and say Exchange server unavailable.

I've got the exchange setup to host multiple domains - although only one other one is on there that is not the same domain name as the server. (I can connect on the LAN with the same account testing RPC over HTTP - just not the wan).





Stuart

 

[schase]

hmmm

I followed a MS article I found on creating a page to import the certificate.

Now I'm getting authentication failure messages on the exchange server itself that show the computer I try to connect from and the ip addy, etc.

When I try to connect using domainname\person it will authenticate - but I still get an error that says Microsoft Exchange Server Unavailable.

Stuart

 

[Zelandakh]

ok, dumb question...

Can you establish a VPN from that box to the LAN, start Outlook, connect normally? If so, do that just once then remove the VPN connector and test once again.

 

[schase]

VPN connected with the RPC over HTTP just fine. Disconnected VPN and tried without it. it did connect - sort of. It connects and is extremely slow, then it will disconnect and that's all she wrote.

RPCDiag will show the connection - and not show any errors on it. Status will show established. Then the two Directory connectors will drop and try to reconnect. Eventually it times out and says Exchange server unavailable.

I also tried it from a different PC on a different isp connection and it too wouldn't connect up.



Stuart

 

[nsantin]

What are you seeing in the RPCDiag for the server name. Is it SERVERNAME, or SERVERNAME.LocalDomain or EXTERNAL NAME?

Also, did you setup the coresponding "ValidPorts" for ALL 3 name variations?

Since it works when on the network (via VPN), it sounds like its not resolving/forwaring the server names properly.

check out this article which shows you how to set the "validports" option for the RPC Proxy in the registry

http://www.amset.info/exchange/rpc-http-server.asp

 

[schase]

for the RPCDiag name - I see whatever I type in the Exchange Server name. either hostname or hostname.mydomain.com

I tried the manual method with the ValidPorts - and it seemed to want to connect less than before.

I came across this, which I initially discarded due to another thread here where Zel and others felt it'd still work - I may have misunderstood.

HTTP/S also requires Windows Server 2003 in a Global Catalog role.

My setup is:

Exchange 2003 Ent on a Windows 2003 Standard box.
DC is a Windows 2000SBS.

If that's the case - how do I resolve it? I really want to avoid setting up VPN's for everyone where several of my users are in remote locations to begin with, and the owner travels a lot, staying at hotels that have shoddy connections.

I have no budget for any additional servers or software, whats the alternative to make the Exchange box a DC also? If so, how can I secure that?

Stuart