?
Solved

RPC over https will not work

Posted on 2006-04-04
13
Medium Priority
?
590 Views
Last Modified: 2008-02-01
We have recently deployed a front end\back end exchange 2003 SP2 system.  Email works fine, OWA works fine.  I have followed MS KB articles to set up RPC over HTTPS and have not had any luck.  I have also searched a million tech articles to no avail.  I can reach my server via https://servername.domain.com/rpc and /rpcproxy.dll.  I beleive the problem is the communication from FE to BE. I have tried to use rpcdump with no success.  We have a Thawte certificate, so I do not beleive that that is the problem. I accidentally set rpc ports manually the FE, BE and DC's.  If I deselect this is a front end server, restart and re-enable it, will that reset the ports in the registry?  Also, can I do the same for the back end server? How else can I test this configuration?
0
Comment
Question by:jgarciajr
  • 7
  • 4
  • 2
13 Comments
 
LVL 14

Expert Comment

by:top_rung
ID: 16375409
are you using forms based authentication or are you using a separate virtual server for any non-forms based authentication traffic?

0
 

Author Comment

by:jgarciajr
ID: 16375443
I am not using forms based authentication.  I have the smpt virtual server and the http virtual server set up.
0
 
LVL 14

Expert Comment

by:top_rung
ID: 16375544
Rpcdumpt failing implies server connection issues but so many minor things improperly configured on the client side can be a culprit also.  But assuming it is not client issues, try the following tools to test the server connectivity,

rpcping

http://support.microsoft.com/default.aspx?kbid=831051


or try rpcdiag
http://www.amset.info/exchange/rpc-http-diag.asp
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 16376037
FBA should have nothing to do with it.

As you are using a frontend / backend scenario all you should have to do is toggle the settings in ESM. You don't have to set the registry by hand.

If you think you have made an error, then remove the RPC over HTTPS proxy from the frontend, reboot and then reinstall it. Set the options in ESM only and it should work for you.

Do you have anything between the Exchange servers? Firewall or anything like that?

Simon.
0
 
LVL 14

Expert Comment

by:top_rung
ID: 16376189
Well if the problem is on the client-side, which has not been ruled out, FBA would be an issue if there are multiple Virtual Servers and Basic Authentication issues exist. Just getting that question out of the way.

So, if the problem is isolated to be between FE/BE servers (the tools listed should help you determine that), then Sembee is correct, FBA has nothing to do with it.

YOu can also check your firewall logs to see if the Outlook on the client side is trying to connect via HTTPS and if so to help rule out the client config.


0
 
LVL 104

Expert Comment

by:Sembee
ID: 16376211
I don't think I have ever had FBA cause a problem with RPC over HTTPS - in fact I wouldn't have even asked the question as it has nothing to do with the feature. The only common thing that they have is that they both use a web service.

The only valid part of the question would be whether the default web site is being used or not - as the /rpc virtual directory only exists on the default web site by default.

Simon.
0
 
LVL 14

Expert Comment

by:top_rung
ID: 16376496
What I know to be fact is that enabling forms based authentication on a virtual server effectively disables Basic Authentication on that virtual server which in turn breaks OMA, EAS, and RPC-HTTPS access.  To fix this, you must create a second virtual server and configure it properly.  I have been down that road and had to correct it .
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16379359
Really?
FBA will break OMA and EAS, but not RPC over HTTPS. I have done many many deployments and not run in to that issue.

The issue of FBA breaking OMA and EAS can also be worked around without having to create another virtual server as well, despite what Microsoft may say. On my home Exchange server I have RPC over HTTPS, EAS, OMA, OWA, FBA all running on the same machine with an SSL certificate.

Simon.
0
 

Author Comment

by:jgarciajr
ID: 16386252
Well, the problem must of been the Validports that I fat fingered in the registry. I set both FE\BE servers to not be part of the rpc http topology, then turned those features back on.  Connected to the site via VPN, set up rpc over http in outlok, disconnected the vpn and now I am able to send\receive email through https.  THanks
0
 
LVL 14

Expert Comment

by:top_rung
ID: 16386361
Awesome, it didn't take too much tinkering.   Glad it worked out.

Thanks for posting the resolution.

0
 
LVL 14

Expert Comment

by:top_rung
ID: 16393528
Sembee,

is it a requirement to use basic authentication?




0
 
LVL 104

Expert Comment

by:Sembee
ID: 16393937
Basic authentication where?

Simon.
0
 
LVL 14

Expert Comment

by:top_rung
ID: 16400758
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question