Avatar of scubaed69
scubaed69
 asked on

RPC over HTTP

All,

I have been working on this for days.  I have a single server in our organization I want to host an RPC over http.  We are a single server in the entire organization.  I have read and re-read all of the documents.  I have configured the ports:
Server Name                         Port Settings
---------------------------------------------------
win2k3                              6001-6002 6004
win2k3.edbinc.local                 6001-6002 6004
www.edbsolutions.net                6001-6002 6004

However, when I connect over the lan using outlook.exe /rpcdiag, it still connects with TCP instead of http.  I have tried setting the name of the server in the Outlook proxy settings to be the netbios name, the FQDN name and IP address with no luck.  
I can't figure this out.  Please help.
Exchange

Avatar of undefined
Last Comment
scubaed69

8/22/2022 - Mon
Sembee

Stock questions I am afraid..

1. SSL Certificate. Purchased or home grown?
2. Are you able to browse internally to the name on the SSL certificate internally?
3. If you can, when you browse to the name on the certificate internally, do you get any certificate prompts?
4. You do meet all the requirements? Exchange 2003 on Windows 2003 with a Windows 2003 DC/GC available? Outlook 2003 on Windows XP for the client.

You may want to look at my web site, as most of the common issues and configurations are covered there.
http://www.amset.info/exchange/rpc-http.asp

Simon.
scubaed69

ASKER
1. Home grown Windows Certificate Server. I can view the certificate on the virtual directory
2. Not sure what you mean on this one.
3. I can browse to an SSL session for my Default Website (ie Outlook Web)
4.  Yes, Exchange 2003 SP2. Outlook 2k3 with all SPs.
scubaed69

ASKER
When I do the https://server/rpc I keep getting prompted for a password.  There are no permissions set on the Virtual directory.  I enabled READ as a test and was able to get past the login prompt, but it didn't solve my issue.  So, what does this tell me? what permissions are blocking this?
Your help has saved me hundreds of hours of internet surfing.
fblack61
scubaed69

ASKER
I get this when I do an rpcping

Exception 5 (0x00000005)
Number of records is: 3
ProcessID is 4836
System Time is: 9/17/2006 1:17:46:812
Generating component is 14
Status is 5
Detection location is 1398
Flags is 0
NumberOfParameters is 2
Long val: 1
Long val: 5
ProcessID is 4836
System Time is: 9/17/2006 1:17:46:812
Generating component is 13
Status is 5
Detection location is 1426
Flags is 0
NumberOfParameters is 1
Long val: 401
ProcessID is 4836
System Time is: 9/17/2006 1:17:46:812
Generating component is 13
Status is 401
Detection location is 1419
Flags is 0
NumberOfParameters is 1
Unicode string: Unauthorized
scubaed69

ASKER
I redid the rpc ping with better setting and get a exception 1722
scubaed69

ASKER
This command works fine:

C:\Documents and Settings\ebryant>rpcping -t ncacn_http -s win2k3 -P "ebryant,ed
binc,*" -H 1 -u 10 -a connect -F 3 -e 6001

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
nitadmin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Sembee

I strongly recommend that you use a commercial certificate, not a home grown certificate. If you have a .com/.net/.org then one of GoDaddy's US$20 certificates will be fine. You will save yourself a lot of headaches by using a commercial certificate.

The certificate's common name needs to be the name that you want to use externally for the clients - so mail.domain.com for example. I would suggest that you use a generic name rather than the server's real name.

The reason you have to browse to the name on the certificate is to verify if you get any certificate errors. If you do, then RPC over HTTPS will not work. It cannot cope with the certificate prompts you get from home grown or invalid certificates - either failing completely or repeatedly asking for authentication.

As long as you meet the requirements, RPC over HTTPS fails for one of three reasons:

1. Certificate issues.
2. Registry settings
3. Authentication type issues.

Very unusual for the problem to be outside of those three.

Forget about doing the rpcping tests and things like that - I think I have done those less than half a dozen times because they very rarely prove anything.

Simon.
scubaed69

ASKER
OK.  I have purchased the Godaddy Cert and still have the same result. It has to be some sort of permission issue.  But, I am lost at where to look.  I started this poroject reading the documents above.  Any other ideas?  It doesn't work on my local lan so I know there is not a firewall issue.