wl6538
asked on
RPC over HTTP issues for Exchange 2007 and Outlook 2007
Dear Experts,
Here is the current configuration of my domain:
dc.domain.local = Primary domain controller on Windows 2008 x64, as well as DHCP and DNS server
mail.domain.local = Exchange 2007 SP1 x64 on Windows 2008 x64
isa.domain.local = ISA 2006 server on Windows 2003
FQDN = mail.domain.com
SSL certificate = Wildcard certificate for *.domain.com
client machines = Windows XP Pro SP3 with Outlook 2007 / 2003
I need to get Outlook Anywhere (RPC over HTTP) working on my client machines
First, I have done the following to set it up:
1. Installed RPC over HTTP proxy on mail.domain.local
2. Enabled Outlook Anywhere in EMC under Client Access
3. Set NTLM authentication for Outlook Anywhere
4. Apply wildcard certificate on mail.domain.local and isa.domain.local on IIS
5. Setup forwarding rules, SSL web listerners, and so on for isa.domain.local so it will authenticate users and pass them onto mail.domain.local, I was using the wizard for ISA 2006 for RPC over HTTP
6. I also setup ISA for Outlook Web Access using the wizard.
7. DNS on our ISP is setup to point to isa.domain.local when using mail.domain.com
Initial, I have some success:
1. OWA was working on remote client over the internet
2. Outlook Anywhere was working on remote Outlook 2007 clients except users cant browser the GAL
3. Activesync on WM6 devices also working
But now I have the following issues:
1. I was trying to solve the GAL problem, I noticed on the Outlook 2007 client connection status, it would say connection established for Mail on mail.domain.localm, but there is no connection for Directory for dc.domain.local so I guess that is why users cant get to the GAL.
2. I tried to solved the problem by editing the registry key for RpcProxy ValidPorts on mail.domain.local and NSPI Interface protocol sequences on the NTDS server on dc.domain.local, I rebooted both machines the changes I made are:
On dc.domain.local
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\NTD S\Paramete rs
Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
On mail.domain.local
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Rpc\Rpc Proxy]
"ValidPorts"="
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.loc al:6001-60 02;
dc:6001-6002;
dc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.loc al:6004;
dc:6004;
dc.domain.local:6004;
mail.external.com:6001-600 2;
mail.external.com:6004;
dc:593;
dc.domain.local:593;
exchange-server:593;
exchange-server.domain.loc al:593;
mail.external.com:593;"
3. Then I got a whole heap of Event Viewer errors in both machines after the reboot about Exchange having A Transient failure (Event ID 4001) and Group Policy cant be processed because it could find the SysVol on the DC
4. On DC.domain.local I got errors like DFS Replication failed to connect to domain controller (Event 1202) and DHCP server failed to see a directory server for authorization (Event 1059) and Publishing KMS to the DNS in the domain has failed (Event 12293) all these errors I didnt get before
5. I changed the registery keys to what they were before and reboot both machines but the problem persists.
6. Now every time when I start a remote Outlook 2007, it either say the exchange server is offline, or it keeps on asking me for the login details. The remote Outlook works fine of course when connected to our LAN using VPN to the ISA server.
I would like to
1. Get RPC over HTTP working again
2. Get GAL working over RPC over HTTP
3. Fix the errors I have created whatever they were!
Thanks
Wayne
Here is the current configuration of my domain:
dc.domain.local = Primary domain controller on Windows 2008 x64, as well as DHCP and DNS server
mail.domain.local = Exchange 2007 SP1 x64 on Windows 2008 x64
isa.domain.local = ISA 2006 server on Windows 2003
FQDN = mail.domain.com
SSL certificate = Wildcard certificate for *.domain.com
client machines = Windows XP Pro SP3 with Outlook 2007 / 2003
I need to get Outlook Anywhere (RPC over HTTP) working on my client machines
First, I have done the following to set it up:
1. Installed RPC over HTTP proxy on mail.domain.local
2. Enabled Outlook Anywhere in EMC under Client Access
3. Set NTLM authentication for Outlook Anywhere
4. Apply wildcard certificate on mail.domain.local and isa.domain.local on IIS
5. Setup forwarding rules, SSL web listerners, and so on for isa.domain.local so it will authenticate users and pass them onto mail.domain.local, I was using the wizard for ISA 2006 for RPC over HTTP
6. I also setup ISA for Outlook Web Access using the wizard.
7. DNS on our ISP is setup to point to isa.domain.local when using mail.domain.com
Initial, I have some success:
1. OWA was working on remote client over the internet
2. Outlook Anywhere was working on remote Outlook 2007 clients except users cant browser the GAL
3. Activesync on WM6 devices also working
But now I have the following issues:
1. I was trying to solve the GAL problem, I noticed on the Outlook 2007 client connection status, it would say connection established for Mail on mail.domain.localm, but there is no connection for Directory for dc.domain.local so I guess that is why users cant get to the GAL.
2. I tried to solved the problem by editing the registry key for RpcProxy ValidPorts on mail.domain.local and NSPI Interface protocol sequences on the NTDS server on dc.domain.local, I rebooted both machines the changes I made are:
On dc.domain.local
HKEY_LOCAL_MACHINE\SYSTEM\
Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
On mail.domain.local
[HKEY_LOCAL_MACHINE\SOFTWA
"ValidPorts"="
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.loc
dc:6001-6002;
dc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.loc
dc:6004;
dc.domain.local:6004;
mail.external.com:6001-600
mail.external.com:6004;
dc:593;
dc.domain.local:593;
exchange-server:593;
exchange-server.domain.loc
mail.external.com:593;"
3. Then I got a whole heap of Event Viewer errors in both machines after the reboot about Exchange having A Transient failure (Event ID 4001) and Group Policy cant be processed because it could find the SysVol on the DC
4. On DC.domain.local I got errors like DFS Replication failed to connect to domain controller (Event 1202) and DHCP server failed to see a directory server for authorization (Event 1059) and Publishing KMS to the DNS in the domain has failed (Event 12293) all these errors I didnt get before
5. I changed the registery keys to what they were before and reboot both machines but the problem persists.
6. Now every time when I start a remote Outlook 2007, it either say the exchange server is offline, or it keeps on asking me for the login details. The remote Outlook works fine of course when connected to our LAN using VPN to the ISA server.
I would like to
1. Get RPC over HTTP working again
2. Get GAL working over RPC over HTTP
3. Fix the errors I have created whatever they were!
Thanks
Wayne
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the comment - I did remove / revert the reg changes I've made to their previous settings, that was after I notice the error events.
Geoss -
The guide from isaserver.org was actually the one I followed for setting up the ISA server initially! (a whole 7 parts series), I have Outlook Anywhere working (except for the GAL). I don't think it is an ISA issue, as Exchange 2007 should just use the RPC Proxy for GAL related "stuff" (?)
Mestha -
Yes I am aware of the wildcard problem, like you said I should have gotten an UC certificate (but I have just started on the wildcard for 1 year) - anyway I am happy to report that I have some success on the Outlook 2007 client side, after changing the msstd field to blank!
The settings I tried on the client side was:
msstd: mail.domain.com - did not work
msstd: *.domain.com - did not work
-blank field- and uncheck "only connect to proxy servers......" - now works
But I am still having problem with GAL not working
Thanks for your inputs
Connection-Status1.jpg