hiepho
asked on
RPC over HTTPS is not working
i am not sure if the problem is related to my earlier question here
https://www.experts-exchange.com/questions/21769589/SSL-is-not-working-on-Exchange-2003.html
anyway, i did everything to figure RPC over HTTPS on single server following these two articles
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401
first, i tested the connection locally and it works only if i use my local machine name "mymailserver". when i look at the "Connection Status", it saYS TCP/IP instead of HTTPS
second, i tested externally i won't be able to log in, the log in prompt keeps asking for login account. i have tried both with domain\user and user. either one is working.
in IIS > Default Web site > rpc > Directory Security > Default Domain: i have tried both with domain name and no domain name. they are all not working
please help
https://www.experts-exchange.com/questions/21769589/SSL-is-not-working-on-Exchange-2003.html
anyway, i did everything to figure RPC over HTTPS on single server following these two articles
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401
first, i tested the connection locally and it works only if i use my local machine name "mymailserver". when i look at the "Connection Status", it saYS TCP/IP instead of HTTPS
second, i tested externally i won't be able to log in, the log in prompt keeps asking for login account. i have tried both with domain\user and user. either one is working.
in IIS > Default Web site > rpc > Directory Security > Default Domain: i have tried both with domain name and no domain name. they are all not working
please help
ASKER
i currently used rapidssl 30 trial out SSL certificate but it is fully functional. i think the certificate is fine and correct because i have tested throughly before trying to do RPC over HTTPS
https://servername.domain.com/rpc
i got a prompt to connect to servername.domain.com login and log in failed, it returned HTTP 403 (Forbidden)
i have gone over your article and the only difference i found is registry for rpc: server:100-5000. i have added this.
Outlook is working fine in regular way.
i have tested again and again but i won't be able to log in.
https://servername.domain.com/rpc
i got a prompt to connect to servername.domain.com login and log in failed, it returned HTTP 403 (Forbidden)
i have gone over your article and the only difference i found is registry for rpc: server:100-5000. i have added this.
Outlook is working fine in regular way.
i have tested again and again but i won't be able to log in.
ASKER
i mean i just tested internally using servername.domain.com to configure Outlook.
The login failure is normal when you browse to the location. Something was changed in SP1 of Windows 2003 which causes it to fail.
What authentication settings do you have on the /rpc virtual server in IIS Manager?
Which authentication setting is Outlook set to use in "Proxy Authentication Settings"?
Simon.
What authentication settings do you have on the /rpc virtual server in IIS Manager?
Which authentication setting is Outlook set to use in "Proxy Authentication Settings"?
Simon.
ASKER
in IIS > rpc > directory security
Uncheck "Enable anonymous access"
Check "integrated Windows authentication"
check "basic authentication"
default domain: "myservernam.domain.com"
Outlook > Microsoft Exchange Server : "myservernam.domain.com" > More setting > Connection >
Check "connect to my Exchange mailbox using HTTP"
Exchange Proxy Settings:
https://myservernam.domain.com
Principal name for proxy server: msstd:myservernam.domain.c
Check on fast networks...
Check on slow networks...
Proxy authentication settings: Basic Authentication
Uncheck "Enable anonymous access"
Check "integrated Windows authentication"
check "basic authentication"
default domain: "myservernam.domain.com"
Outlook > Microsoft Exchange Server : "myservernam.domain.com" > More setting > Connection >
Check "connect to my Exchange mailbox using HTTP"
Exchange Proxy Settings:
https://myservernam.domain.com
Principal name for proxy server: msstd:myservernam.domain.c
Check on fast networks...
Check on slow networks...
Proxy authentication settings: Basic Authentication
Switch the Proxy Authentication setting to NTLM - what happens then?
Is both default domain and default realm set?
Simon.
Is both default domain and default realm set?
Simon.
ASKER
i did try to switch to NTLM Authentication and it is the same problem.
i also did try and set both default domain and default realm to "myservernam.domain.com". it did not help either.
i also did try and set both default domain and default realm to "myservernam.domain.com". it did not help either.
ASKER
i just read it and modified client machine registry accordingly and it is still the same thing. this is the error message returned once it could not connect:
"The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action"
i think i did configure the Exchange correctly and the SSL certificate is valid otherwise i would not get as far as trying to connect it. it seems it tried to connect but failed because of domain authentication or something.
remember i posted on the other problem i have with https where i left "Default Domain" blank then i would be able to log in. i think it is some how related, do you think so?
do i need to turn on https for regular OWA in order to use RPC over HTTPS. currently i can use http://mymail.domainname.com/exchange.
i am just in dire of getting this working but it is not.
"The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action"
i think i did configure the Exchange correctly and the SSL certificate is valid otherwise i would not get as far as trying to connect it. it seems it tried to connect but failed because of domain authentication or something.
remember i posted on the other problem i have with https where i left "Default Domain" blank then i would be able to log in. i think it is some how related, do you think so?
do i need to turn on https for regular OWA in order to use RPC over HTTPS. currently i can use http://mymail.domainname.com/exchange.
i am just in dire of getting this working but it is not.
What do you mean by turn on https?
If you mean do you need to enable Require SSL, then no, you don't have to enable that. The connection will come in on the https port automatically - because that is all this feature supports.
If you go back through this site, you will see that a similar problem has come up before and it wasn't able to be resolved. Usually in the end the recommendation is to remove the HTTP RPC proxy from Windows components and add it all back in again, making as few changes as possible - ie just the registry change and nothing else.
Simon.
If you mean do you need to enable Require SSL, then no, you don't have to enable that. The connection will come in on the https port automatically - because that is all this feature supports.
If you go back through this site, you will see that a similar problem has come up before and it wasn't able to be resolved. Usually in the end the recommendation is to remove the HTTP RPC proxy from Windows components and add it all back in again, making as few changes as possible - ie just the registry change and nothing else.
Simon.
ASKER
i just removed HTTP RPC and reinstalled it. one registry change is RpcProxy. that's it.
NOT WORKING.
i am not sure what to do now that i have traced back all the steps required.
NOT WORKING.
i am not sure what to do now that i have traced back all the steps required.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i have never called Mircosoft before. i wonder if they offer free support or how does it work?
i am going to install a new exchange under different domain name and i am going to try it there to see if i would get the same problem.
i am going to install a new exchange under different domain name and i am going to try it there to see if i would get the same problem.
Microsoft don't offer free support. There is a charge to speak to them. However it is a fixed charge and it is the same whether you are on the phone for ten minutes or ten hours. Charge varies from country to country.
Simon.
Simon.
Just a question. We are running SBS 2003 and can't connect remotely; locally Outlook works fine, it's just a problem remotely.
bitwise-sa - this is an old question. unlike a forum, it is not possible to "bump" questions. The only people who will see your question are those that have already participated in the question. Therefore you should ask your question fresh, so that other experts can see the question and respond.
Simon
Exchange Server Zone Advisor.
Simon
Exchange Server Zone Advisor.
First.
Browse to https://servername.domain.com/rpc
where servername.domain.com is the name of your Exchange server AND the name on the SSL certificate.
You should not get any certificate prompts, but instead an authentication prompt. Authentication will fail three times then throw an error back - that is perfectly normal.
Are you using a purchased certificate or a home grown certificate?
If it fails to connect, ping servername.domain.com and ensure that the correct, internal, IP address is being returned.
Next.
Registry settings. Most problems with RPC over HTTPS are down to the registry. Make sure that they are correct. A missing semi-colon can cause this feature to fail, so be very careful.
If you want yet another opinion on the registry settings, then take a look at my web site here:
http://www.amset.info/exchange/rpc-http-server.asp
Next.
Configure Outlook in the regular way, and ensure that it is working correctly. Only then, go in to the Advanced settings of the Account configuration and add the RPC over HTTPS settings. Do not change any of the existing settings.
Then test it once again.
Simon.