Solved

RPC over HTTP for  Front End Server

Posted on 2006-06-30
28
270 Views
Last Modified: 2010-03-06
Ok, I just read to whole scenario that was posted by AdamHolmes and the responses by Simon and Sembee.  I too am running into somewhat of the same issue however I do know that I only put the ssl cert on the FE server and enabled the appropriate setiings on the RPC tabs (system manager) for the BE and FE servers.  OWA works fine, The error is "Your Microsoft Exchange Server is Unavailable".  I am able to RPC into other servers.  I also looked at the settings in Outlook. As I am most familiar with the settings for an SBS server, my concern might be focused on the principal name being used, should this be msstd:mail.mydomain.com or msstd:feservername.mydomain.com ?

Any other suggestions to look at and resolve this?

BTW I am logging on with the credentials ADdomainname\username and password
0
Comment
Question by:rbarwig
  • 16
  • 10
  • 2
28 Comments
 
LVL 18

Expert Comment

by:amaheshwari
ID: 17018842
It should be msstd:feservername.mydomain.com .

Check this:

http://www.msexchange.org/tutorials/outlookrpchttp.html
0
 

Author Comment

by:rbarwig
ID: 17018946
looked at that document, it shows the setup if you VPN in, this user is not using VPN.  I made the chnage to msstd:feservername.mydomain.com and now when I get the authentication screen, I input daminname\username and password and the screen refreshes but goes no where, just right back to the login screen
0
 
LVL 18

Expert Comment

by:amaheshwari
ID: 17018975
You could try changing the setting in the profile from None to NT Password Authentication.
0
 

Author Comment

by:rbarwig
ID: 17019033
nope same thing
0
 

Author Comment

by:rbarwig
ID: 17019157
sembee any ideas on this?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17019359
Give me a chance - I am still going through today's questions!

msstd:servername.domain.com - should match what is on the certificate.

Is the machine a member of the same domain as the Exchange server? If so, you shouldn't be getting any prompts.

The other thing to check is the authentication settings on the /rpc virtual directory in IIS Manager on the frontend. It should be integrated and basic ONLY.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17019672
msstd:mail.mydomain.com   this is the same as the cert

FE server is member of the same domain as BE server

settings match
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17019888
I meant the machine with Outlook on it, not the Exchange servers. Is that in the same domain as the Exchange servers?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17019899
no, it is a system at the VP's home, running XP Pro, SP-2 Outllook 2003 SP-2
0
 

Author Comment

by:rbarwig
ID: 17020111
Not that it makes a difference, he is able to OWA in from home
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17021004
Does it work inside on a machine that is a member of your domain?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17022673
do not know for sure, I will not be able to test until Wednesday after the holiday
0
 

Author Comment

by:rbarwig
ID: 17059149
will there be any changes needed on the client setup?  internal vs external?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17064895
If you setup your network correctly, it should be totally transparent to the users. I always set up the feature and the network in that way. Users can then come and go without having to do anything to their Outlook.

One of my more sneaky tricks is to deploy it without telling anyone. About 10 days later I get a phone call, asking how they are getting their email without the VPN.

Simon.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:rbarwig
ID: 17065312
Simon,

That really sounds great!, would you mind sharing a high level summary of what is needed to do this?  or am I missing the point here?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17065693
I have covered it on my web site.
The major thing is to setup split DNS on your network - so that mail.domain.com (or whatever you certificate is in the name of) resolves to the internal IP address of the Exchange server when on the LAN, and the external IP address when outside.

http://www.amset.info/netadmin/split-dns.asp

The detection algorithm for fast and slow networks inside Outlook is easily confused, so I tend to set Outlook to use https for both fast and slow. That makes the split DNS system almost mandatory if you want the process to be transparent to the user community.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17075665
Simon,

From the inside (and externally for that matter) I get the message "Your Microsoft Exchange Server is Unavailable".  I verified that the internal DNS points the host record of mail. to the correct IP.  OWA works from internal and external.

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17075707
That means in short that RPC over HTTPS isn't working. It is very sensitive - if everything isn't set correctly, then it will fail. Ensure that name you are putting in to Outlook resolves to the correct machine - it should be the frontend machine that has the SSL certificate on it.

Check that you are setting up Outlook correctly. One of the common errors is to put the SSL certificate address in to the box where you put the Exchange server. That is incorrect. What I normally suggest is that you configure Outlook in the normal way, verify it works, then ADD the RPC over HTTPS information, without changing anything else in the configuration.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17076684
I understand what you are saying, however I am concerned that this client does not have his FE/BE environment correct.  Is there an address that I can send some specific domain information to?  I would prefer not to post here but also keep this thread going as we work to resolve this
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17076913
My email address is in my profile.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17085078
Simon,

Thank you, due to confidentialy, I am sending you some screen shots to your private address for your review.  Please post open replies here so wqe may continue to work to resolve this issue.

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17085424
The screenshots look fine.
One thing though... you sent one shot over of an authentication settings. What was that from? SMTP? RPC? Something else?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17085451
I beleive that it was from the virtual SMTP server (BE).

Are you allowed to try to establish an email connection from your system?  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17085569
This has nothing to do with the SMTP message flow. I would presume that is flowing correctly.
You need to look at the web services.

Make sure that integrated and basic authentication is enabled on the /rpc virtual directory in IIS manager on the frontend server. Anonymous authentication should not be enabled on that virtual directory.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17085578
Will look at those now and send them off to you
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17090524
Those last screenshots all look fine to me as well. Nothing in there of any concern.

As this is a fe/be scenario, you shouldn't need to make registry changes. However I would be tempted to think about trying it with registry settings instead of the GUI. Have you tried manually setting the registry?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17092865
no, I have not, but will look into it
0
 

Author Comment

by:rbarwig
ID: 17185469
tried the registry, no progress, will be calling MS today and will post solution here...
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now