• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3475
  • Last Modified:

RPC Proxy Server troubleshooting

I have a single W2k3 server running a single Exchange server 2k3 installation and I am trying to get RPC over HTTP working... but with no luck.

- The RPC Proxy is running on the same machine.
- I've made all the registry changes detailed in Microsoft's RPC over HTTP deployment document.

I'm pretty sure it's a problem with the proxy and I've been using rpcping to try to make sense of it all. What I really need is some help troubleshooting the error I'm getting back.

I'm using rpping like this:

rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none

... and I'm getting this back:

401: Client is not authorized to ping RPC proxy

... and Microsoft say this:

You receive this response if the RPC Ping Utility test failed. The PRC Ping Utility test may have failed if HTTP access is denied, if there are incorrect credentials on the –P switch, or if the user does not exit.

So basically, if you can get me pinging the proxy...you get the points.
0
dmjabbo
Asked:
dmjabbo
  • 10
  • 7
1 Solution
 
ewtaylorCommented:
Did you run rpings on the server first?
0
 
dmjabboAuthor Commented:
no - what does that do...?
0
 
ewtaylorCommented:
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ewtaylorCommented:
Shoot just saw you are running 2k3 do not think you need it then sorry...
0
 
ewtaylorCommented:
Are you using certificates?
0
 
dmjabboAuthor Commented:
Yep, I'm using certificates and the default website (containing the RPC dir) is protected by SSL.

Does that mean I need some extra switches when running rpcping?
0
 
dmjabboAuthor Commented:
I have changed the -H switch from 2 to 1. This uses basic auth instead of NTLM and the server is set to use basic auth.

So, now it seems to authenticate but now I get error 501 returned.

MS say this about error 501:

The PRC Ping Utility test may have failed because the RcpProxy.dll could not be contacted, because the wrong virtual root folder (Vroot) was being accessed, if a RPC Proxy server has not been installed, or if Vroot is not accessible.

Any clues?
0
 
ewtaylorCommented:
Try adding this switch

-B Mutual authentication. You must specify the server certificate subject that is being used.
0
 
ewtaylorCommented:
The syntax is

–B msstd:server_certificate_subject
0
 
dmjabboAuthor Commented:
No change I'm afraid - still an error 501
0
 
ewtaylorCommented:
On the RPC Proxy server computer, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
Expand your domain, double-click Default Web Site, right-click RPC, and then click Properties.
Click the Directory Security tab, and then click View Certificate.
Make sure that the certificate is issued to the same server that is used by the client for authentication.
0
 
dmjabboAuthor Commented:
I've fixed it - I have SharePoint running on the same sever and I hadn't defined the rpc virtual dir as an excluded path in the SharePoint admin.

Thanks for your help with rpcping - am I allowed to just give you the points?
0
 
ewtaylorCommented:
Ahh nice, sure.
0
 
dmjabboAuthor Commented:
There you go... enjoy. Thanks again.
0
 
ewtaylorCommented:
Thanks, are you using a sharepoint server? If so what do you think of it?
0
 
dmjabboAuthor Commented:
It's just the free one, not the full blown portal server but it seems brilliant - exactly what a lot of companies have been wanting for a long time...
0
 
ewtaylorCommented:
I just received my technet beta's and that and the comm server are both I would like to setup and try.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now