run the powershell command "get-outlookprovider" and report the results...
Main Topics
Browse All Topics
Loading Advertisement...
Question
Cannot get RPC over HTTPS working, Exchange 2007 SBS 2008
Hi All,
I have recently set up a SBS 2008 running Exchange 2007 with the intention of getting Outlook Anywhere to work, something which I have very quickly found out is easier said than done...
Setup: Single server domain, SBS 2008, Exchange 2007, IIS7, Clients - Outlook 2007 SP2, Windows XP SP3, not joined to the domain, Firewall - ports 443, 80 and 25 open
Installed SBS 2008 clean install, installed Exchange, enabled Outlook Anywhere with basic authentication and hostname remote.domain.co.uk, installed self signed certificate*, checked and set permissions for virtual directories in IIS, pointed remote.domain.co.uk and autodiscover.domain.co.uk to the external static IP address
*I have read that self signed certificates will not work, or at least the default self signed will not work, I have requested a SAN certificate using Exchange PowerShell and issued with my server so that it contains; hostname, hostname.local; domain.co.uk, remote.domain.co.uk, autodiscover.domain.co.uk,
I do think the problem may lie with the certificate, however until I know it will solve the issue I am unable to spend the £250 required for a SAN certificate. I also believe there may be another problem as OWA accepts the certificate without a problem when browsing to https://remote.domain.co.u
Here is how far I can get:
OWA works without a problem, as long as the certificate is installed on the client (cert error if not)
Autodiscover passes a test (the one which ignores SSL authentication) on testexchangeconnectivity.c
When setting up a profile on an external client and entering the email address and password, it brings back the internal name of the server but says 'you must be connected/online to complete this operation'
When setting up a profile on an internal client (not joined to the domain, just in the same switch) it comes back with the correct information, connects and shows emails, but when send/receive is pressed it crashes on receiving when trying to download either the OAB or public folders.
Here is what I have tried from various forums (including this one):
Disabling IPv6
Editing hosts file to hash out #;;1 and add hostname, hostname.local to internal IP
Browsing directly to https://remote.domain.co.u
Switching between NTLM and Basic authentication in Outlook Anywhere
Inserting registry entries to manually assign ports 6001-6004 (which may be redundant but it was worth a shot)
rpcping from client computer (passes tests on ports 6001-6004)
Using a free trial certificate for remote.domain.co.uk from Comodo (unable to find trial SAN certificate)
Manually setting the clients to use https://remote.domain.co.u
Removing and reinstalling RPC over HTTP
Disabling and re-enabling Outlook Anywhere
Breaking a keyboard (not much good to the server but relieved a little stress)
I apologise if this seems a little scrambled, I have spent the last few days on this same problem so it is possible I have missed a few steps out..! Any suggestions would be greatly appreciated
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
Get-OutlookProvider
name server certprincipalname TTL
EXCH hostname 1
EXPR hostname 1
WEB hostname 1
Outlook Anywhere With AutoDiscover test:
Attempting to Resolve the host name autodiscover.domain.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: [correct IP]
Testing TCP Port 443 on host autodiscover.domain.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname autodiscover.domain.co.uk in Certificate Subject Alternative Name entry
Validating certificate trust
Certificate trust validation failed
Additional Details
Certificate chain could not be built. You may be missing required intermediate certificates.
Outlook Provider AutoDiscover (Ignore Trust For SSL)
Attempting to test potential AutoDiscover URL https://autodiscover.domai
Testing AutoDiscover URL succeeded
Test Steps
Attempting to Resolve the host name autodiscover.domain.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: [correct IP]
Testing TCP Port 443 on host autodiscover.domain.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname autodiscover.domain.co.uk in Certificate Subject Alternative Name entry
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 8/5/2009 8:09:00 AM, NotAfter = 8/5/2011 8:09:00 AM
Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.domai
Successfully Retrieved AutoDiscover XML Response
Additional Details
AutoDiscover Account Settings - XML Response:<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.o
<Response xmlns="http://schemas.micr
<User>
<DisplayName>User Account</DisplayName>
<LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
<DeploymentId>c19e45e1-ed14-
</User>
<Account>
<AccountType>email</AccountTy
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>hostname.local</Serve
<ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<ServerVersion>720180F0</Serv
<MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<ASUrl>https://remote.domain
<OOFUrl>https://remote.domai
<OABUrl>https://remote.domai
<UMUrl>https://remote.domain
<Port>0</Port>
<DirectoryPort>0</DirectoryPo
<ReferralPort>0</ReferralPort
<PublicFolderServer>hostname
<AD>hostname.local</AD>
<EwsUrl>https://remote.domai
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>hostname</Server>
<ASUrl>https://remote.domain
<OOFUrl>https://remote.domai
<OABUrl>https://remote.domai
<UMUrl>https://remote.domain
<Port>0</Port>
<DirectoryPort>0</DirectoryPo
<ReferralPort>0</ReferralPort
<EwsUrl>https://remote.domai
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPo
<ReferralPort>0</ReferralPort
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://remote.domain
</Protocol>
</External>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://remote.domain
</Protocol>
</Internal>
</Protocol>
</Account>
</Response>
</Autodiscover>
Outlook 2003 RPC/HTTP (manual entry of server name etc)
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to Resolve the host name remote.domain.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: [correct IP]
Testing TCP Port 443 on host remote.domain.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname remote.domain.co.uk in Certificate Subject Common name
Validating certificate trust
Certificate trust validation failed
Additional Details
Certificate chain could not be built. You may be missing required intermediate certificates.
I believe you might need to recreate the certificate using the SBS wizards.
Another thing I might mention...we had a SBS 2008 implementation not too long ago where one of the first things we tried doing (just because of issues when we had Exchange 2007 on Server 2008 boxes) was to disable IPv6. This ended up causing all sorts of wierd issues with non-Exchange services on the SBS 2008 box, so we ended up turning it back on.
lastlostlast: I will re-enable IPv6, the internal certificate was not installed on the computer I ran the test from, would this make a difference?
esmith69: What would be the best way to create the certificate via SBS? The current certificate I have I requested via Exchange PowerShell, I also tried via IIS but I have not used an SBS certificate wizard before
Thank you both for your assistance in this
Try Network->Connectivity->Fix My Network. From what I've read, this is supposed to recreate the certs.
http://sbs.editme.com/sbs2
Running Fix My Network found and fixed a few errors, the new log I receive from exchangeconnectivity is:
Attempting to Resolve the host name autodiscover.domain.co.uk in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: [Correct IP]
Testing TCP Port 443 on host autodiscover.domain.co.uk to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.cobaltenergy.
I have tested it with clients anyway, installing the certificate using the install package in Public\downloads and I get the following results:
Creating a profile whilst on the same network allows me in but (after giving a certificate error, autodiscover.domain.co.uk is not valid on this certificate) it uses TCP/IP rather than HTTPS (even when selected on fast networks). Also, in the field "use this url to connect to my proxy" it has the local hostname rather than the external, if i attempt to change this it changes it back...
When I re-open this profile it seems to attempt to connect to HTTPS (i get the certificate error again) but quickly gives up and uses TCP/IP
Creating a profile manually whilst not on the network results in the "this server must be online / connected" error message.
The only way which seems to half work is if the client is on the same network using TCP/IP, but even then if you send/receive it sticks on receiving and you have to click cancel all
Is there another wizard I am missing?
sorry, I re-read your last post and think I answered my own question.
Check out the following link for some more information about how this whole process works with SBS: http://blogs.technet.com/s
I've run the wizard as suggested: I already have a domain > I want to manage the domain name myself > [domain.co.uk]. The Remote Web Workplace Site (https://remote.domain.co.
Still no joy though I'm afraid, I read through the link provided and the only thing I'm not sure about is the SRV record so I have sent an email to our DNS guy
Update: Since running the internet connection wizard (and possibly the import certificate wizard) the 'rpc' and 'rpcwithcert' virtual directories within IIS have moved from 'SBS Web Applications' to 'Default Website'. OWA, OAB, Exchange etc. are all still in 'SBS Web Applications'.
Now if i browse to https://remote.domain.co.u
I realise I could change this back in IIS but am unwilling due to so many reports of 'use the wizards, only the wizards, and nothing but the wizards...!'
I think you can export a directory to a backup file, then restore it into the location that you desire in IIS. I know this is how it was done in 2003 but I'm not 100% sure the process is identical in 2007. I'd imagine you could at least copy the OWA, OAB, Exchange, etc. directories into the default website though and maybe that would do the trick?
i too am having similiar problems. I noticed on my setup that the /Rpc and /RpcwithCert folders are under Default Website and not SBS Web Applications. I beleive this is a result of installing TS Gateway on the SBS 2008 Server which set a binding on port 443 on the Default Website. Given that two websites cannot listen on port 443, the default website does not start.
Finally managed to get this working!! Just as I was about to open a support call to Microsoft I stumbled across this forum:
http://social.technet.micr
The part that worked for me was the following:
On our exchange server:
- We added another registry key: HKEY_LOCAL_MACHINE\SYSTEM\
Value Name: MaxWorkItems
Data Type: REG_DWORD
Value data: 8192 (decimal)
- Ran IISRESET and restarted the System Attendant service.
- Now, the username resolves while configuring a profile and Outlook connects on HTTPS without errors.
This is the only place i have even seen this key mentioned, and I have no idea why it works but am very happy it does. Hopefully this will help with anybody else having this problem.
hottips: please see the below link for how I managed to move my /rpc and /rpcwithcert virtual directories;
http://www.experts-exchang
Thanks everyone for the suggestions
I had a similar error I followed the link below it may help
http://sbs.editme.com/sbs2
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: lastlostlastPosted on 2009-08-11 at 11:23:53ID: 25071842
run a test for Outlook RPC over HTTPS at https://testexchangeconnec