jamie177
asked on
RPC over HTTP Client no longer works
Hello all, I have an RPC over HTTP issue here:
I had successfully configured RPC over HTTP for a remote user. Last week the user began getting popup boxes for user name and password. He enters in the correct user/pass but is not able to connect and get his email.
I used the steps off of amset.info for the server and client configuration and with some help (https://www.experts-exchange.com/questions/21365177/RPC-over-HTTP-DNS-Domain-Name-SSL-Cert-question.html) got it working. I'm dead in the water now though. I had the user run outlook /rpcdiag and there were no connection entries listed.
One thing that could be causing the problem is that the users pc is not a memeber of the domain the exchange server is in. Should that matter? I'm by no means an expert, that's why I'm asking you guys :)
Thanks for any help or ideas you may have.
Regards,
Jamie
I had successfully configured RPC over HTTP for a remote user. Last week the user began getting popup boxes for user name and password. He enters in the correct user/pass but is not able to connect and get his email.
I used the steps off of amset.info for the server and client configuration and with some help (https://www.experts-exchange.com/questions/21365177/RPC-over-HTTP-DNS-Domain-Name-SSL-Cert-question.html) got it working. I'm dead in the water now though. I had the user run outlook /rpcdiag and there were no connection entries listed.
One thing that could be causing the problem is that the users pc is not a memeber of the domain the exchange server is in. Should that matter? I'm by no means an expert, that's why I'm asking you guys :)
Thanks for any help or ideas you may have.
Regards,
Jamie
ASKER
Thanks for the reply IBCIT.
As a work around I have the user on OWA. Great minds think alike eh? :)
I'm not certain about the domain requirement though. When you configure an exchange account in outlook, it never asks you for the password, just the domain user name.
I'd think if you had a valid domain account and you knew the password that you would not have to be on a joined pc, but that's why I'm here because I'm not an expert :)
As a work around I have the user on OWA. Great minds think alike eh? :)
I'm not certain about the domain requirement though. When you configure an exchange account in outlook, it never asks you for the password, just the domain user name.
I'd think if you had a valid domain account and you knew the password that you would not have to be on a joined pc, but that's why I'm here because I'm not an expert :)
RPC over http should not require a domain name. The domain is set in the initial install which is why this is done connected to the LAN initially. Verify the site information and test to see if it make a connection inside the LAN. If it does not make a connection, use outlook /rpcdiag to troubleshoot.
http://support.microsoft.com/?kbid=827330
http://support.microsoft.com/?kbid=827330
The machine with Outlook installed does not have to be a member of the domain. You just need to take care when configuring Outlook as pass through authentication will fail initially.
If RPCDIAG is showing no connections at all, then my first instinct is the Outlook profile could be corrupt, or name resolution isn't working.
Presuming that you are using the same name for OWA as you use with RPC/HTTPS then test it works from the same machine. That would confirm that name resolution is working correctly.
Otherwise the next thing to try is to recreate the Outlook profile. If possible do this on the LAN as it makes things so much easier.
RPCDIAG is the key thing with this feature as it is the only way that you can see if it is working correctly or not.
Simon.
Exchange MVP.
If RPCDIAG is showing no connections at all, then my first instinct is the Outlook profile could be corrupt, or name resolution isn't working.
Presuming that you are using the same name for OWA as you use with RPC/HTTPS then test it works from the same machine. That would confirm that name resolution is working correctly.
Otherwise the next thing to try is to recreate the Outlook profile. If possible do this on the LAN as it makes things so much easier.
RPCDIAG is the key thing with this feature as it is the only way that you can see if it is working correctly or not.
Simon.
Exchange MVP.
ASKER
Well I've tried several things.
1 - I've logged in as local administrator and set up the account again, but I got the same results. I thought this might eliminate user profile issues.
2 - I've set up the account via RPC on a different computer with the same results.
This leads me to believe that it is something server side that is not configured properly.
I can't see the results of the rpcdiag as it keeps prompting me for credentials until I finally hit cancel, then both rpcdiag and outlook disappear.
I tried to set these accounts up as POP3 accounts. When i test the account settings everything is successful until the 'Log onto incoming mail server(POP3)' step. At this point I get asked again and again for credentials. The password is correct as I can access OWA with the user/pass combo.
On the server's smtp virtual server I have the following settings:
Access Tab - Authentication:
- Anonymous access CHECKED - Is this bad?
-- resolve anonymous e-mail NOT Checked
- Basic Auth CHECKED
-- Requires TLS Encryption NOT Checked
- Integrated Windows Authentication
Users button
Auth Users - submit perms
POP3 Relay - Submit & Relay (user is in this group)
Access Tab - Connection
All except listed below (blank list)
Access Tab - Relay Restrictions
Only the list below (blank list)
Allow computers that authenticate to relay is checked
Deliver Tab - Outbound Security
Anonymouse Access is the only one selected (Good? Bad?)
I'm stumped and am not sure what to try next. Any ideas or help would be appreciated!
Regards,
Jamie
1 - I've logged in as local administrator and set up the account again, but I got the same results. I thought this might eliminate user profile issues.
2 - I've set up the account via RPC on a different computer with the same results.
This leads me to believe that it is something server side that is not configured properly.
I can't see the results of the rpcdiag as it keeps prompting me for credentials until I finally hit cancel, then both rpcdiag and outlook disappear.
I tried to set these accounts up as POP3 accounts. When i test the account settings everything is successful until the 'Log onto incoming mail server(POP3)' step. At this point I get asked again and again for credentials. The password is correct as I can access OWA with the user/pass combo.
On the server's smtp virtual server I have the following settings:
Access Tab - Authentication:
- Anonymous access CHECKED - Is this bad?
-- resolve anonymous e-mail NOT Checked
- Basic Auth CHECKED
-- Requires TLS Encryption NOT Checked
- Integrated Windows Authentication
Users button
Auth Users - submit perms
POP3 Relay - Submit & Relay (user is in this group)
Access Tab - Connection
All except listed below (blank list)
Access Tab - Relay Restrictions
Only the list below (blank list)
Allow computers that authenticate to relay is checked
Deliver Tab - Outbound Security
Anonymouse Access is the only one selected (Good? Bad?)
I'm stumped and am not sure what to try next. Any ideas or help would be appreciated!
Regards,
Jamie
RPC / HTTPS has nothing to do with the SMTP Virtual Server. However your settings for that appear to be correct for the operation of Exchange.
You need anonymous access on SMTP as other servers cannot authenticate against you.
When you are entering your credentials, are you putting in username/password or domain\username password?
Simon.
You need anonymous access on SMTP as other servers cannot authenticate against you.
When you are entering your credentials, are you putting in username/password or domain\username password?
Simon.
ASKER
Thanks for working with me here Simon!
I'm using domain\username password
Since it's a non-joined workstation it wants to put localpcname\user in so I have to specify the domain credentials.
I'm getting the same behavior when I try to setup the account as POP3 at the 'Log onto incoming mail server(POP3)' testing step and when I specify the mail server and username in the Exchange server account setup. The diaglogue box for username and password pops up over and over even when the very same credentials work on OWA.
Does this have something to do with the underlying authentication mechanism?
Regards,
Jamie
I'm using domain\username password
Since it's a non-joined workstation it wants to put localpcname\user in so I have to specify the domain credentials.
I'm getting the same behavior when I try to setup the account as POP3 at the 'Log onto incoming mail server(POP3)' testing step and when I specify the mail server and username in the Exchange server account setup. The diaglogue box for username and password pops up over and over even when the very same credentials work on OWA.
Does this have something to do with the underlying authentication mechanism?
Regards,
Jamie
What happens on a workstation that is a member of the domain?
Does it work inside and outside the firewall?
What are the authentication settings at the moment on the /rpc virtual directory in IIS Manager?
Simon.
Does it work inside and outside the firewall?
What are the authentication settings at the moment on the /rpc virtual directory in IIS Manager?
Simon.
ASKER
A domain memeber works inside and outside the firewall.
The vdir settings are Basic Authentication (only option selected).
The vdir settings are Basic Authentication (only option selected).
If a domain member works then that is saying authentication.
When you try to connect to the /rpc directory in a web browser - do you get any prompts for username or password, or does it just go straight in?
Take a look at this article: http://support.microsoft.com/?kbid=820281
While it isn't directly connected with your problem, by looking at what it suggests changing you may find where one of the authentication processes is not configured correctly.
Simon.
When you try to connect to the /rpc directory in a web browser - do you get any prompts for username or password, or does it just go straight in?
Take a look at this article: http://support.microsoft.com/?kbid=820281
While it isn't directly connected with your problem, by looking at what it suggests changing you may find where one of the authentication processes is not configured correctly.
Simon.
ASKER
I get prompted for user/pass. I recall reading somewhere that that's not supposed to happen. What setting do I have miss configure?
Jamie
Jamie
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've set the user up with POP3 for the time being. I had to delete the user account and recreate it for it to work. I'm not exactly sure what the problem was.
Simon you've been very helpful as you always are. I did not quite home in on why rpc over http stopped working, but I'd like to give you some/all of the points for your efforts. Can I do that?
-Jamie
Simon you've been very helpful as you always are. I did not quite home in on why rpc over http stopped working, but I'd like to give you some/all of the points for your efforts. Can I do that?
-Jamie
If you don't want to award the full points you need to post in the Support TA (click on support in the top right corner) and ask the moderators for assistance.
Simon.
Simon.
ASKER
Your knowledge, expertise, and willingness to help are certaily worth the points. Thanks for your exchange help on this problem as well as the problems I've had in the past.
OWA.. Do you have OWA up and running on the box? It is an easy way for remote users to check thier mail and the new '03 interface is nice as well.
Also, like I mentioned before, I do not have any experience with RPC over HTTP but wouldnt you think that the requirement for it to be joined to the domain would defeat the purpose of the technology itself?