RPC over https will not work

We have recently deployed a front end\back end exchange 2003 SP2 system.  Email works fine, OWA works fine.  I have followed MS KB articles to set up RPC over HTTPS and have not had any luck.  I have also searched a million tech articles to no avail.  I can reach my server via https://servername.domain.com/rpc and /rpcproxy.dll.  I beleive the problem is the communication from FE to BE. I have tried to use rpcdump with no success.  We have a Thawte certificate, so I do not beleive that that is the problem. I accidentally set rpc ports manually the FE, BE and DC's.  If I deselect this is a front end server, restart and re-enable it, will that reset the ports in the registry?  Also, can I do the same for the back end server? How else can I test this configuration?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

are you using forms based authentication or are you using a separate virtual server for any non-forms based authentication traffic?

jgarciajrAuthor Commented:
I am not using forms based authentication.  I have the smpt virtual server and the http virtual server set up.
Rpcdumpt failing implies server connection issues but so many minor things improperly configured on the client side can be a culprit also.  But assuming it is not client issues, try the following tools to test the server connectivity,



or try rpcdiag
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

FBA should have nothing to do with it.

As you are using a frontend / backend scenario all you should have to do is toggle the settings in ESM. You don't have to set the registry by hand.

If you think you have made an error, then remove the RPC over HTTPS proxy from the frontend, reboot and then reinstall it. Set the options in ESM only and it should work for you.

Do you have anything between the Exchange servers? Firewall or anything like that?


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Well if the problem is on the client-side, which has not been ruled out, FBA would be an issue if there are multiple Virtual Servers and Basic Authentication issues exist. Just getting that question out of the way.

So, if the problem is isolated to be between FE/BE servers (the tools listed should help you determine that), then Sembee is correct, FBA has nothing to do with it.

YOu can also check your firewall logs to see if the Outlook on the client side is trying to connect via HTTPS and if so to help rule out the client config.

I don't think I have ever had FBA cause a problem with RPC over HTTPS - in fact I wouldn't have even asked the question as it has nothing to do with the feature. The only common thing that they have is that they both use a web service.

The only valid part of the question would be whether the default web site is being used or not - as the /rpc virtual directory only exists on the default web site by default.

What I know to be fact is that enabling forms based authentication on a virtual server effectively disables Basic Authentication on that virtual server which in turn breaks OMA, EAS, and RPC-HTTPS access.  To fix this, you must create a second virtual server and configure it properly.  I have been down that road and had to correct it .
FBA will break OMA and EAS, but not RPC over HTTPS. I have done many many deployments and not run in to that issue.

The issue of FBA breaking OMA and EAS can also be worked around without having to create another virtual server as well, despite what Microsoft may say. On my home Exchange server I have RPC over HTTPS, EAS, OMA, OWA, FBA all running on the same machine with an SSL certificate.

jgarciajrAuthor Commented:
Well, the problem must of been the Validports that I fat fingered in the registry. I set both FE\BE servers to not be part of the rpc http topology, then turned those features back on.  Connected to the site via VPN, set up rpc over http in outlok, disconnected the vpn and now I am able to send\receive email through https.  THanks
Awesome, it didn't take too much tinkering.   Glad it worked out.

Thanks for posting the resolution.


is it a requirement to use basic authentication?

Basic authentication where?

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.