RPC over HTTP for Front End Server

Ok, I just read to whole scenario that was posted by AdamHolmes and the responses by Simon and Sembee.  I too am running into somewhat of the same issue however I do know that I only put the ssl cert on the FE server and enabled the appropriate setiings on the RPC tabs (system manager) for the BE and FE servers.  OWA works fine, The error is "Your Microsoft Exchange Server is Unavailable".  I am able to RPC into other servers.  I also looked at the settings in Outlook. As I am most familiar with the settings for an SBS server, my concern might be focused on the principal name being used, should this be msstd:mail.mydomain.com or msstd:feservername.mydomain.com ?

Any other suggestions to look at and resolve this?

BTW I am logging on with the credentials ADdomainname\username and password
rbarwigAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
Those last screenshots all look fine to me as well. Nothing in there of any concern.

As this is a fe/be scenario, you shouldn't need to make registry changes. However I would be tempted to think about trying it with registry settings instead of the GUI. Have you tried manually setting the registry?

Simon.
0
 
amaheshwariCommented:
It should be msstd:feservername.mydomain.com .

Check this:

http://www.msexchange.org/tutorials/outlookrpchttp.html
0
 
rbarwigAuthor Commented:
looked at that document, it shows the setup if you VPN in, this user is not using VPN.  I made the chnage to msstd:feservername.mydomain.com and now when I get the authentication screen, I input daminname\username and password and the screen refreshes but goes no where, just right back to the login screen
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
amaheshwariCommented:
You could try changing the setting in the profile from None to NT Password Authentication.
0
 
rbarwigAuthor Commented:
nope same thing
0
 
rbarwigAuthor Commented:
sembee any ideas on this?
0
 
SembeeCommented:
Give me a chance - I am still going through today's questions!

msstd:servername.domain.com - should match what is on the certificate.

Is the machine a member of the same domain as the Exchange server? If so, you shouldn't be getting any prompts.

The other thing to check is the authentication settings on the /rpc virtual directory in IIS Manager on the frontend. It should be integrated and basic ONLY.

Simon.
0
 
rbarwigAuthor Commented:
msstd:mail.mydomain.com   this is the same as the cert

FE server is member of the same domain as BE server

settings match
0
 
SembeeCommented:
I meant the machine with Outlook on it, not the Exchange servers. Is that in the same domain as the Exchange servers?

Simon.
0
 
rbarwigAuthor Commented:
no, it is a system at the VP's home, running XP Pro, SP-2 Outllook 2003 SP-2
0
 
rbarwigAuthor Commented:
Not that it makes a difference, he is able to OWA in from home
0
 
SembeeCommented:
Does it work inside on a machine that is a member of your domain?

Simon.
0
 
rbarwigAuthor Commented:
do not know for sure, I will not be able to test until Wednesday after the holiday
0
 
rbarwigAuthor Commented:
will there be any changes needed on the client setup?  internal vs external?
0
 
SembeeCommented:
If you setup your network correctly, it should be totally transparent to the users. I always set up the feature and the network in that way. Users can then come and go without having to do anything to their Outlook.

One of my more sneaky tricks is to deploy it without telling anyone. About 10 days later I get a phone call, asking how they are getting their email without the VPN.

Simon.
0
 
rbarwigAuthor Commented:
Simon,

That really sounds great!, would you mind sharing a high level summary of what is needed to do this?  or am I missing the point here?
0
 
SembeeCommented:
I have covered it on my web site.
The major thing is to setup split DNS on your network - so that mail.domain.com (or whatever you certificate is in the name of) resolves to the internal IP address of the Exchange server when on the LAN, and the external IP address when outside.

http://www.amset.info/netadmin/split-dns.asp

The detection algorithm for fast and slow networks inside Outlook is easily confused, so I tend to set Outlook to use https for both fast and slow. That makes the split DNS system almost mandatory if you want the process to be transparent to the user community.

Simon.
0
 
rbarwigAuthor Commented:
Simon,

From the inside (and externally for that matter) I get the message "Your Microsoft Exchange Server is Unavailable".  I verified that the internal DNS points the host record of mail. to the correct IP.  OWA works from internal and external.

0
 
SembeeCommented:
That means in short that RPC over HTTPS isn't working. It is very sensitive - if everything isn't set correctly, then it will fail. Ensure that name you are putting in to Outlook resolves to the correct machine - it should be the frontend machine that has the SSL certificate on it.

Check that you are setting up Outlook correctly. One of the common errors is to put the SSL certificate address in to the box where you put the Exchange server. That is incorrect. What I normally suggest is that you configure Outlook in the normal way, verify it works, then ADD the RPC over HTTPS information, without changing anything else in the configuration.

Simon.
0
 
rbarwigAuthor Commented:
I understand what you are saying, however I am concerned that this client does not have his FE/BE environment correct.  Is there an address that I can send some specific domain information to?  I would prefer not to post here but also keep this thread going as we work to resolve this
0
 
SembeeCommented:
My email address is in my profile.

Simon.
0
 
rbarwigAuthor Commented:
Simon,

Thank you, due to confidentialy, I am sending you some screen shots to your private address for your review.  Please post open replies here so wqe may continue to work to resolve this issue.

0
 
SembeeCommented:
The screenshots look fine.
One thing though... you sent one shot over of an authentication settings. What was that from? SMTP? RPC? Something else?

Simon.
0
 
rbarwigAuthor Commented:
I beleive that it was from the virtual SMTP server (BE).

Are you allowed to try to establish an email connection from your system?  
0
 
SembeeCommented:
This has nothing to do with the SMTP message flow. I would presume that is flowing correctly.
You need to look at the web services.

Make sure that integrated and basic authentication is enabled on the /rpc virtual directory in IIS manager on the frontend server. Anonymous authentication should not be enabled on that virtual directory.

Simon.
0
 
rbarwigAuthor Commented:
Will look at those now and send them off to you
0
 
rbarwigAuthor Commented:
no, I have not, but will look into it
0
 
rbarwigAuthor Commented:
tried the registry, no progress, will be calling MS today and will post solution here...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.