Link to home
Create AccountLog in
Avatar of scubaed69
scubaed69

asked on

RPC over HTTP

All,

I have been working on this for days.  I have a single server in our organization I want to host an RPC over http.  We are a single server in the entire organization.  I have read and re-read all of the documents.  I have configured the ports:
Server Name                         Port Settings
---------------------------------------------------
win2k3                              6001-6002 6004
win2k3.edbinc.local                 6001-6002 6004
www.edbsolutions.net                6001-6002 6004

However, when I connect over the lan using outlook.exe /rpcdiag, it still connects with TCP instead of http.  I have tried setting the name of the server in the Outlook proxy settings to be the netbios name, the FQDN name and IP address with no luck.  
I can't figure this out.  Please help.
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Stock questions I am afraid..

1. SSL Certificate. Purchased or home grown?
2. Are you able to browse internally to the name on the SSL certificate internally?
3. If you can, when you browse to the name on the certificate internally, do you get any certificate prompts?
4. You do meet all the requirements? Exchange 2003 on Windows 2003 with a Windows 2003 DC/GC available? Outlook 2003 on Windows XP for the client.

You may want to look at my web site, as most of the common issues and configurations are covered there.
http://www.amset.info/exchange/rpc-http.asp

Simon.
Avatar of scubaed69
scubaed69

ASKER

1. Home grown Windows Certificate Server. I can view the certificate on the virtual directory
2. Not sure what you mean on this one.
3. I can browse to an SSL session for my Default Website (ie Outlook Web)
4.  Yes, Exchange 2003 SP2. Outlook 2k3 with all SPs.
When I do the https://server/rpc I keep getting prompted for a password.  There are no permissions set on the Virtual directory.  I enabled READ as a test and was able to get past the login prompt, but it didn't solve my issue.  So, what does this tell me? what permissions are blocking this?
I get this when I do an rpcping

Exception 5 (0x00000005)
Number of records is: 3
ProcessID is 4836
System Time is: 9/17/2006 1:17:46:812
Generating component is 14
Status is 5
Detection location is 1398
Flags is 0
NumberOfParameters is 2
Long val: 1
Long val: 5
ProcessID is 4836
System Time is: 9/17/2006 1:17:46:812
Generating component is 13
Status is 5
Detection location is 1426
Flags is 0
NumberOfParameters is 1
Long val: 401
ProcessID is 4836
System Time is: 9/17/2006 1:17:46:812
Generating component is 13
Status is 401
Detection location is 1419
Flags is 0
NumberOfParameters is 1
Unicode string: Unauthorized
I redid the rpc ping with better setting and get a exception 1722
This command works fine:

C:\Documents and Settings\ebryant>rpcping -t ncacn_http -s win2k3 -P "ebryant,ed
binc,*" -H 1 -u 10 -a connect -F 3 -e 6001

ASKER CERTIFIED SOLUTION
Avatar of nitadmin
nitadmin
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I strongly recommend that you use a commercial certificate, not a home grown certificate. If you have a .com/.net/.org then one of GoDaddy's US$20 certificates will be fine. You will save yourself a lot of headaches by using a commercial certificate.

The certificate's common name needs to be the name that you want to use externally for the clients - so mail.domain.com for example. I would suggest that you use a generic name rather than the server's real name.

The reason you have to browse to the name on the certificate is to verify if you get any certificate errors. If you do, then RPC over HTTPS will not work. It cannot cope with the certificate prompts you get from home grown or invalid certificates - either failing completely or repeatedly asking for authentication.

As long as you meet the requirements, RPC over HTTPS fails for one of three reasons:

1. Certificate issues.
2. Registry settings
3. Authentication type issues.

Very unusual for the problem to be outside of those three.

Forget about doing the rpcping tests and things like that - I think I have done those less than half a dozen times because they very rarely prove anything.

Simon.
OK.  I have purchased the Godaddy Cert and still have the same result. It has to be some sort of permission issue.  But, I am lost at where to look.  I started this poroject reading the documents above.  Any other ideas?  It doesn't work on my local lan so I know there is not a firewall issue.