RPC over HTTP- client issues.

Posted on 2006-10-30
Medium Priority
Last Modified: 2012-06-21
I'm currently at one of our branch sites trying to get RPC over HTTP
to work on an Outlook 2003 client and haven't had any success.  

As far as I'm aware I'm using exactly the same settings on the
client that I'm using on my own laptop.  My laptop is connecting fine using RPC
over HTTP, but other clients at the remote site are not.

Exchange has been set up using a Front End / Back End Topology.
I've browsed to https://External.FQDN/rpc from the remote site,
have been prompted for credentials and received the "read access denied"
message which apparently is a good sign that everything's working at the
server end.

I've attempted to install a SSL certificate on one of the XP clients having the trouble-
I just copied the certificate being used on our Front End server to the client's
desktop, right clicked and selected "install certificate".  Not sure if this
is the way to do it, but it doesn't seem to have worked in any case.

The remote sites are on a separate domain to the central office where the Exchange
servers live.  I thought this may have been the problem but after joining the remote
client to a temporary workgroup the problem persisted.  My home computer (separate again
to laptop) connects fine to the exchange server using RPC over HTTP, and it is just
on a local workgroup.  

Summary of client settings used (these work on my laptop, but not on clients at remote site):

Microsoft Exchnage server: internal name of Back End server.
Exchange Proxy Settings:
      Use this url to connect to my proxy = external FQDN used for OWA / SSL certificate.
      Mutually authenticate is ticked, with the following entry below it:
            msstd:external FQDN of OWA site.
      Basic Authentication is selected in the bottom drop down box.

At the remote site, when I run outlook /rpcdiag I get the no real output, just:

Server Name            Type            Conn      Status

----                             Directory            ---      Connecting

InternalExchangeSrvName      Referral            ---      Connecting

..these two entries then disappear, then I get a popup saying "Your Microsoft Exchange server is

To me it looks like this has to be a client issue- but I don't know where to begin.  Any help would be great.

Question by:farfo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 104

Expert Comment

ID: 17841068
Is the certificate a home grown certificate or a purchased certificate?
If it is a home grown certificate then I strongly advise switching to a purchased certificate, particularly if you are going to be using this with clients who are off the domain.

When you browse to the /rpc virtual directory from one of the clients with a problem, do you get a certificate prompt? Does the padlock icon appear at all?


Author Comment

ID: 17841355
Thanks Simon.  Certificate = Home grown.  Do you have any recommednations for the purchased type?

From memory I did get a certificate prompt on the problem machine- one exclamation marke on top then two green ticks.  Pretty sure I would have got a padlock but not 100%- can get back to you (I'm off site now).

Regarding certificates are you able to tell me what the proper procedure is for installing a certificate on an XP client (i.e. homegrown or otherwise)?

Also- I found this link: http://www.msexchange.org/tutorials/outlookrpchttp.html
In the intro it makes a repeated point that the initial set up on the client needs to be done with the client on the
internal network.  Could this be contributing to my problem at the remote site?  It doesn't really explain why I
can connect without problems from my home machine- but then again I'm pretty sure I connected it to our office's
VPN at some point when I was trying to get RPC over HTTPS to work.
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 17841373
If you are getting certificate prompts then this feature will fail. End of Story. RPC over HTTPS cannot deal with certificate prompts.

I never use home grown certificates except in the lab, when I move a file around for them. For a commercial deployment you should use purchased certificates. This is becoming even more important with the built in security features in Internet Explorer 7.0 - which flags home grown certificates.

For Exchange type deployments I use one of two suppliers. For .com/.net/.org you can use GoDaddy. For any other domain (including those) I use RapidSSL (http://www.rapidssl.com).

The setting up of the client on the LAN is a common misconception, but if you had to do that, how would the hosted Exchange operators work? Your machine isn't on their LAN with that type of service.
It can be done off LAN, it just a little more fiddly.



Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question