ecfmis
asked on
RPC over HTTP Directory portion not working
I have installed RPC over HTTP and it seemed to go ok. I have Exchange 2003 server with SP1 installed. After the install, it works fine on my laptop which is part of the domain computers, but only connects mail and not directory (found by holding ctrl over the connected icon and choosing status). When I try to connect my home pc via RPC over HTTPS it doesnt connect at all (my guess is directory is the authentication portion and since my laptop has cached credentials it works).
Does anyone know why just the directory portion is not working and how I can fix it. The Exchange server is not a domain controller if that matters.
Does anyone know why just the directory portion is not working and how I can fix it. The Exchange server is not a domain controller if that matters.
ASKER
Ok, I know how to do the rpc status. That is how I knew that the Directory service was not connecting. Internally, Mail connects via HTTPS and Directory via TCP/IP. Externally I only get the mail from my laptop.
And I configured RPC over HTTPS with both registry and gui in ESM.
Any ideas?
I wondered if it might be how I setup the SSL Certificate?
And I configured RPC over HTTPS with both registry and gui in ESM.
Any ideas?
I wondered if it might be how I setup the SSL Certificate?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That is a dead link but I will give it a try when it works :)
ASKER
Ok I just followed your domain links and found your webpage at: http://www.amset.info/exchange/rpc-http-server.asp
I followed the instructions to the T (we have GC DS seperate from Exchange Server).
HEre is the Valid ports entry where ECFSRV6 = Exchange Server and ECFSRV1 = PDC + GC and ECFINC.com = domain.
ECFSRV6:6001-6002;ECFSRV6.
And here is a screen shot of my status after running the test:
http://64.186.60.28/tim/rpc.jpg
Do i need to restart the information store or the server after the registry settings (I did have it set for a single server i think and I changed it to the 2 server per your instructions). I also took it off of rpc in the GUI. The dc has had the change for awhile, in fact i made this registry entry on all of my dc's here. Should it only be on one?
I followed the instructions to the T (we have GC DS seperate from Exchange Server).
HEre is the Valid ports entry where ECFSRV6 = Exchange Server and ECFSRV1 = PDC + GC and ECFINC.com = domain.
ECFSRV6:6001-6002;ECFSRV6.
And here is a screen shot of my status after running the test:
http://64.186.60.28/tim/rpc.jpg
Do i need to restart the information store or the server after the registry settings (I did have it set for a single server i think and I changed it to the 2 server per your instructions). I also took it off of rpc in the GUI. The dc has had the change for awhile, in fact i made this registry entry on all of my dc's here. Should it only be on one?
ASKER
When installing the thawte certificate they also gave me this:
This is the SSL123 Intermediate CA certificate which must also be installed on your
web server:
Which i have not used yet. Do i need to and what is it for? I have already installed the standard certificate on the default website.
This is the SSL123 Intermediate CA certificate which must also be installed on your
web server:
Which i have not used yet. Do i need to and what is it for? I have already installed the standard certificate on the default website.
ASKER
I figured out the intermediate thing, and also found this:
http://forums.msexchange.org/ultimatebb.cgi?ubb=get_topic;f=15;t=002518
I have the EXACT same symptoms as this guy, but my DC is definetly a GC. Is there a way to test this to make certain? We did recently upgrade to 2003 from 2000 on this server.
http://forums.msexchange.org/ultimatebb.cgi?ubb=get_topic;f=15;t=002518
I have the EXACT same symptoms as this guy, but my DC is definetly a GC. Is there a way to test this to make certain? We did recently upgrade to 2003 from 2000 on this server.
Serves me right for doing the link from memory. Now need to put a redirect in...
The correct link is this one: http://www.amset.info/exchange/rpc-http-server.asp
My own web site as well!
The registry change only needs to be on the GC that you are pointing the RPC proxy at.
If you have other domain controllers, such as one that was a clean Windows 2003 build and is a gc, try switching the references in the registry to the other one.
Simon.
The correct link is this one: http://www.amset.info/exchange/rpc-http-server.asp
My own web site as well!
The registry change only needs to be on the GC that you are pointing the RPC proxy at.
If you have other domain controllers, such as one that was a clean Windows 2003 build and is a gc, try switching the references in the registry to the other one.
Simon.
ASKER
Ok I am still at a loss, I re-installed RPC service and did exactly what you said and still the directory connects at TCP/IP this is bizarre. Should I promote the Exchange server to a dc and make it a gc server? Wont this cause uneccisary traffic?
I wouldn't promote the Exchange server.
Two reasons.
1. Exchange is a lot happier on a member server.
2. It isn't supported. The role of the server at the point of Exchange install must remain the same.
If you make/install Exchange server a DC then it must be a GC as Exchange will not look to any other machine.
You have installed the RPC-Proxy on the Exchange server?
Made the registry changes on both the Exchange server and the global catalog DC?
I am trying to think what would force Outlook to use TCP/IP for the directory access.
How have you got the client configured? Is it like I have on my web site at http://www.amset.info/exchange/rpc-http-client.asp? (right link this time)
Simon.
Two reasons.
1. Exchange is a lot happier on a member server.
2. It isn't supported. The role of the server at the point of Exchange install must remain the same.
If you make/install Exchange server a DC then it must be a GC as Exchange will not look to any other machine.
You have installed the RPC-Proxy on the Exchange server?
Made the registry changes on both the Exchange server and the global catalog DC?
I am trying to think what would force Outlook to use TCP/IP for the directory access.
How have you got the client configured? Is it like I have on my web site at http://www.amset.info/exchange/rpc-http-client.asp? (right link this time)
Simon.
Are you still having problems with this?
I have been working on RPC/HTTPS for most of the last two days and have rewritten my RPC/HTTPS server setup article. It now includes information on how to setup RPC/HTTPS on a single Exchange server with SP1 installed.
Simon.
I have been working on RPC/HTTPS for most of the last two days and have rewritten my RPC/HTTPS server setup article. It now includes information on how to setup RPC/HTTPS on a single Exchange server with SP1 installed.
Simon.
ASKER
I was finally able to get it working by reinstalling the certificate, and following your info to the "T." Then I rebooted all DC's and the email server (by pure luck because the KDC CA server crashed and screwed up the DC's so all needed rebooting. When they came back up RPC over HTTP worked for the directory).
Make sure that Outlook is configured to use HTTP connections for both slow and fast connections.
Close Outlook completely, checking that outlook.exe has gone from the Task Manager.
Then click start, run and type:
outlook /rpcdiag
Press enter.
Outlook will start normally, but with an additional dialogue box.
Each connection item should say https. If any say TCP/IP then RPC/HTTP isn't working correctly.
(If you want to see screenshots of this process: http://www.amset.info/exchange/rpc-http-diag.asp)
How did you configure RPC/HTTPS? Registry entries or GUI in ESM?
Simon.