Solved

RPC over HTTP for  Front End Server

Posted on 2006-06-30
28
275 Views
Last Modified: 2010-03-06
Ok, I just read to whole scenario that was posted by AdamHolmes and the responses by Simon and Sembee.  I too am running into somewhat of the same issue however I do know that I only put the ssl cert on the FE server and enabled the appropriate setiings on the RPC tabs (system manager) for the BE and FE servers.  OWA works fine, The error is "Your Microsoft Exchange Server is Unavailable".  I am able to RPC into other servers.  I also looked at the settings in Outlook. As I am most familiar with the settings for an SBS server, my concern might be focused on the principal name being used, should this be msstd:mail.mydomain.com or msstd:feservername.mydomain.com ?

Any other suggestions to look at and resolve this?

BTW I am logging on with the credentials ADdomainname\username and password
0
Comment
Question by:rbarwig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 10
  • 2
28 Comments
 
LVL 18

Expert Comment

by:amaheshwari
ID: 17018842
It should be msstd:feservername.mydomain.com .

Check this:

http://www.msexchange.org/tutorials/outlookrpchttp.html
0
 

Author Comment

by:rbarwig
ID: 17018946
looked at that document, it shows the setup if you VPN in, this user is not using VPN.  I made the chnage to msstd:feservername.mydomain.com and now when I get the authentication screen, I input daminname\username and password and the screen refreshes but goes no where, just right back to the login screen
0
 
LVL 18

Expert Comment

by:amaheshwari
ID: 17018975
You could try changing the setting in the profile from None to NT Password Authentication.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:rbarwig
ID: 17019033
nope same thing
0
 

Author Comment

by:rbarwig
ID: 17019157
sembee any ideas on this?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17019359
Give me a chance - I am still going through today's questions!

msstd:servername.domain.com - should match what is on the certificate.

Is the machine a member of the same domain as the Exchange server? If so, you shouldn't be getting any prompts.

The other thing to check is the authentication settings on the /rpc virtual directory in IIS Manager on the frontend. It should be integrated and basic ONLY.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17019672
msstd:mail.mydomain.com   this is the same as the cert

FE server is member of the same domain as BE server

settings match
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17019888
I meant the machine with Outlook on it, not the Exchange servers. Is that in the same domain as the Exchange servers?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17019899
no, it is a system at the VP's home, running XP Pro, SP-2 Outllook 2003 SP-2
0
 

Author Comment

by:rbarwig
ID: 17020111
Not that it makes a difference, he is able to OWA in from home
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17021004
Does it work inside on a machine that is a member of your domain?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17022673
do not know for sure, I will not be able to test until Wednesday after the holiday
0
 

Author Comment

by:rbarwig
ID: 17059149
will there be any changes needed on the client setup?  internal vs external?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17064895
If you setup your network correctly, it should be totally transparent to the users. I always set up the feature and the network in that way. Users can then come and go without having to do anything to their Outlook.

One of my more sneaky tricks is to deploy it without telling anyone. About 10 days later I get a phone call, asking how they are getting their email without the VPN.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17065312
Simon,

That really sounds great!, would you mind sharing a high level summary of what is needed to do this?  or am I missing the point here?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17065693
I have covered it on my web site.
The major thing is to setup split DNS on your network - so that mail.domain.com (or whatever you certificate is in the name of) resolves to the internal IP address of the Exchange server when on the LAN, and the external IP address when outside.

http://www.amset.info/netadmin/split-dns.asp

The detection algorithm for fast and slow networks inside Outlook is easily confused, so I tend to set Outlook to use https for both fast and slow. That makes the split DNS system almost mandatory if you want the process to be transparent to the user community.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17075665
Simon,

From the inside (and externally for that matter) I get the message "Your Microsoft Exchange Server is Unavailable".  I verified that the internal DNS points the host record of mail. to the correct IP.  OWA works from internal and external.

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17075707
That means in short that RPC over HTTPS isn't working. It is very sensitive - if everything isn't set correctly, then it will fail. Ensure that name you are putting in to Outlook resolves to the correct machine - it should be the frontend machine that has the SSL certificate on it.

Check that you are setting up Outlook correctly. One of the common errors is to put the SSL certificate address in to the box where you put the Exchange server. That is incorrect. What I normally suggest is that you configure Outlook in the normal way, verify it works, then ADD the RPC over HTTPS information, without changing anything else in the configuration.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17076684
I understand what you are saying, however I am concerned that this client does not have his FE/BE environment correct.  Is there an address that I can send some specific domain information to?  I would prefer not to post here but also keep this thread going as we work to resolve this
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17076913
My email address is in my profile.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17085078
Simon,

Thank you, due to confidentialy, I am sending you some screen shots to your private address for your review.  Please post open replies here so wqe may continue to work to resolve this issue.

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17085424
The screenshots look fine.
One thing though... you sent one shot over of an authentication settings. What was that from? SMTP? RPC? Something else?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17085451
I beleive that it was from the virtual SMTP server (BE).

Are you allowed to try to establish an email connection from your system?  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17085569
This has nothing to do with the SMTP message flow. I would presume that is flowing correctly.
You need to look at the web services.

Make sure that integrated and basic authentication is enabled on the /rpc virtual directory in IIS manager on the frontend server. Anonymous authentication should not be enabled on that virtual directory.

Simon.
0
 

Author Comment

by:rbarwig
ID: 17085578
Will look at those now and send them off to you
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17090524
Those last screenshots all look fine to me as well. Nothing in there of any concern.

As this is a fe/be scenario, you shouldn't need to make registry changes. However I would be tempted to think about trying it with registry settings instead of the GUI. Have you tried manually setting the registry?

Simon.
0
 

Author Comment

by:rbarwig
ID: 17092865
no, I have not, but will look into it
0
 

Author Comment

by:rbarwig
ID: 17185469
tried the registry, no progress, will be calling MS today and will post solution here...
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question