RPC over HTTPS Almost Working!!!

Posted on 2006-06-06
Last Modified: 2008-02-01
Current situation.

1 Windows 2003 Server SP1, MS Exchange 2003 SP1, this machine has active directory installed and is a global catalog.
I have installed “Rpc over http” and I have installed CA. I have edited the registry options, Valid ports and NSPI interface protocol sequences as instructed. I then shutdown MSExchangeSA as instructed and rebooted my server.
I am using a client that is directly connected to the same subnet. (No firewall!)
IIS – Default website – rpc – has been configured for https/ssl only and basic authentication.
I installed a server certificate on the server and also connected the client to the server and installed a client certificate and tested successfully by using IE to connect to the RPC virtual directory and getting access denied. But then adding rpcproxy.dll and getting a blank page. If I click on the lock it shows the proper certificate and shows status as internet.
My outlook client is configured to use HTTPS only, 128bit encryption and basic authentication. And fast and slow networks using http first are checked.  
If I connect using outlook.exe /rcpdiag… I get the connection status page showing mail as https but directory as tcpip!?!?

I had a test network setup almost identical to my production one above and I had the same problem. It was port 6004 wasn’t listening. I fixed that by editing the registry under NSPI and rebooted and it worked fine… Now I have the same issue with my production network but cannot get it to work. Port 6004 is listening!
Any help would be greatly appreciated.
Thank you.
Question by:alexL3
    LVL 18

    Expert Comment


    Please these two links for reference:

    and verify the steps again from these sites.

    LVL 104

    Expert Comment

    Directory would tend to indicate that you haven't made the domain controller entry on to that machine. Even though you have gone against good practise and installed Exchange on to DC, you still need to make the domain controller registry change.


    Create a new key of type REG_MULTI_SZ

    Name: NSPI Interface protocol sequences
    Value: ncacn_http:6004


    Author Comment

    Both articles were very helpful but I've followed those intstructions and  I have it working perfectly in my Test network.
    But there must be something running on my Production server that is not allowing me to connect completely under https.
    Only the "Directory" connection is coming up TCP/IP?
    The "Mail" connection comes up HTTPS?
    So I believe my settings are correct. I must be off by one little registry edit or one little checkbox!!!  ARGH!!!!

    Author Comment

    Hello Simon, I should of noted in my original question that I did make this change.







    NSPI interface protocol sequences - ncacn_http:6004

    LVL 104

    Expert Comment

    The registry settings can be wrong by the smallest thing - a semi-colon in the wrong place, the wrong name or the name resolution not working.


    Author Comment

    I triple checked these registry settings... ;o)
    I can't figure it out... I have the exact same setup on a test network and it works.. same client connecting to both.

    Author Comment

    I figured it out... using rpcping... great too!!!!!  Thanks

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why spend so long doing email signature updates?

    Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

    Use email signature images to promote corporate certifications and industry awards.
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now