• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 631
  • Last Modified:

RCP over HTTPS Connection Issue

I am having some problems getting my RPC over HTTPS connection going.  I have set this up at least half a dozen times, but this is the first time i am having issues.  I have a SBS2003 running Exchange ServicePack2 server BEHIND a watchguard Firewall.  I use this setup many times previously, so i know it works.
  i run the 'outlook /rpcdiag' from the outside client, and only get the following:

 ______________________________________________________
    ----                                         Directory           connecting      |
  server.domain.local                     Referral            connecting     |
______________________________________________________

Then they dissappear and i get:
   "The connection to the microsoft exchange server is unavailable.  Outlook must be online to complete this action"

   I then click OK, and i am prompted with The General Config info.
     Microsoft Exchange Server Name
     Mailbox Name
  If i click check name, i get "The Name could not be resolved.  The connection to the microsoft .........."
  Then i click OK, and get Unable to open Default email folders.

  Could the Firewall be the culprit?  How can i see if the client is even getting to the Exchange server?

  My firewall is a Firebox X Edge.  The firewall error is as follows:

 IP entry duplicated 2 times
2006-05-07-09:49:13 IP discard from 192.168.1.10 to 192.168.1.1 ICMP type (3) code (3)(port not available)
2006-05-07-09:49:13 IP allowed from 68.168.141.89 port 1226 to 69.95.159.168 port 443 TCP SYN (HTTPS)
  IP entry duplicated 2 times
2006-05-07-09:49:12 IP discard from 192.168.1.10 to 192.168.1.1 ICMP type (3) code (3)(port not available)
2006-05-07-09:49:12 IP allowed from 68.168.141.89 port 1224 to 69.95.159.168 port 443 TCP SYN (HTTPS)
  IP entry duplicated 2 times
2006-05-07-09:49:12 IP discard from 192.168.1.10 to 192.168.1.1 ICMP type (3) code (3)(port not available)
2006-05-07-09:49:12 IP allowed from 68.168.141.89 port 1222 to 69.95.159.168 port 443 TCP SYN (HTTPS)
  IP entry duplicated 2 times
2006-05-07-09:49:07 IP discard from 192.168.1.10 to 192.168.1.1 ICMP type (3) code (3)(port not available)

 Thank you in advance for any insight, help.
   
0
PTVenom
Asked:
PTVenom
  • 6
  • 5
1 Solution
 
SembeeCommented:
Does it work inside?
You shouldn't even think about trying it from outside until you know it is working inside.

Once you know it is working inside then you can move outside -  fails there and you start to look at the firewall.

Simon.
0
 
PTVenomAuthor Commented:
 Yes it does work on the inside.  That i have verified.  Everyone is connecting and using the excahnge server from the inside.  
0
 
SembeeCommented:
Not that I doubt you - but many people think that the feature works internally because it falls back to TCP/IP when unable to connect via HTTPS. You have used the rpcdiag switch to check internally?

If that is the case, then you have to look at the firewall. Look for any http scanning feature in the firewall that could be blocking the traffic.

Simon.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
PTVenomAuthor Commented:
When i type this in from the outside client:
  https://mail.server.com/rpc" target="_blank" onclick="return openNew(this.href);">https://mail.server.com/rpc
i get a 404 error, page cannot be found.
  I thought i was supposed to gat a 403.2 error?
 
0
 
SembeeCommented:
If you browse to /rpc outside then you should not get a 404. I would look at the web site logs to see if the 404 is being generated by the Exchange server or something else.

Simon.
0
 
PTVenomAuthor Commented:
thanks for the quick response simon.  I will try that and let you know.  i cannot get internal w/outlook pc till the AM.
  Just to verify,  when using the outlook /rpcdiag switch, the connection setting will say HTTPS, even on the inside, correct?  It should connect w/both protocols?
 
  Thanks for your help.
0
 
SembeeCommented:
As long as you have everything set correctly, both inside and outside it should connect using HTTPS. It is always key to check that it works inside - otherwise you have too many variables that could be causing a problem - plus you don't even know if it is working!

Simon.
0
 
PTVenomAuthor Commented:
Ok, i am on the inside network testing with outlook /rpcdiag, it all connects with the following:

Type                              Connection             Status
directory                         TCP/IP                   Established
directory                         tcp/ip                     established
mail                                    "                            "
mail                                   "                             "
mail                                   "                             "

Nothing that says HTTPS.  How do i test from the inside?  I have the client configured for HTTPS Proxy and i hve installed the certificate on the client as well.
0
 
SembeeCommented:
Either the feature isn't working, or the DNS isn't correct.

From INSIDE, can you browse to

https://servername.domain.com/rpc

where servername.domain.com is the name on the certificate.

If you can, then RPC over HTTPS isn't working.
If you can't, then you need to configure split DNS and try again. http://www.amset.info/netadmin/split-dns.asp
Split DNS lets you use the same names internally as you do externally.

If, once you have configured split DNS, you can browse to the /rpc directory as I have outlined above, but Outlook will not connect, then you have a problem - most probably the certificate or the registry entries.
When you browse to /rpc from the client machine, you shouldn't get any certificate prompts. If you do, then RPC over HTTPS will not work.

Simon.
0
 
PTVenomAuthor Commented:
Sembee, you are so right on.  I could not browse to the certificate server to process the request, so i uninstalled and re-installed the cert services.  and guess what, the web server is totaly hosed now.  I have NO working HTTP server.
  I am on w/micro$haft support as we speak, been on with them for around 2 hours now.  I will keep you posted.  But, again, i believe it to be the Certificate as well after doing some research as you suggested.

  Once it is up and running, i will post again.

  Thanks for your responses.
0
 
PTVenomAuthor Commented:
 it is up and running.  It was the certificate.  The internet connection wizard on SBS server for some reason was not creating the certificate correctly.  We re-ran it three times, and the third time it worked.  Crazy Microsoft world.

This question can be closed.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now