Solved

RPC over HTTP- client issues.

Posted on 2006-10-30
3
366 Views
Last Modified: 2012-06-21
I'm currently at one of our branch sites trying to get RPC over HTTP
to work on an Outlook 2003 client and haven't had any success.  

As far as I'm aware I'm using exactly the same settings on the
client that I'm using on my own laptop.  My laptop is connecting fine using RPC
over HTTP, but other clients at the remote site are not.

Exchange has been set up using a Front End / Back End Topology.
I've browsed to https://External.FQDN/rpc from the remote site,
have been prompted for credentials and received the "read access denied"
message which apparently is a good sign that everything's working at the
server end.

I've attempted to install a SSL certificate on one of the XP clients having the trouble-
I just copied the certificate being used on our Front End server to the client's
desktop, right clicked and selected "install certificate".  Not sure if this
is the way to do it, but it doesn't seem to have worked in any case.

The remote sites are on a separate domain to the central office where the Exchange
servers live.  I thought this may have been the problem but after joining the remote
client to a temporary workgroup the problem persisted.  My home computer (separate again
to laptop) connects fine to the exchange server using RPC over HTTP, and it is just
on a local workgroup.  

Summary of client settings used (these work on my laptop, but not on clients at remote site):

Microsoft Exchnage server: internal name of Back End server.
Exchange Proxy Settings:
      Use this url to connect to my proxy = external FQDN used for OWA / SSL certificate.
      Mutually authenticate is ticked, with the following entry below it:
            msstd:external FQDN of OWA site.
      Basic Authentication is selected in the bottom drop down box.


At the remote site, when I run outlook /rpcdiag I get the no real output, just:


Server Name            Type            Conn      Status

----                             Directory            ---      Connecting

InternalExchangeSrvName      Referral            ---      Connecting


..these two entries then disappear, then I get a popup saying "Your Microsoft Exchange server is
unavailable".


To me it looks like this has to be a client issue- but I don't know where to begin.  Any help would be great.

Thanks,
Farfo.
0
Comment
Question by:farfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17841068
Is the certificate a home grown certificate or a purchased certificate?
If it is a home grown certificate then I strongly advise switching to a purchased certificate, particularly if you are going to be using this with clients who are off the domain.

When you browse to the /rpc virtual directory from one of the clients with a problem, do you get a certificate prompt? Does the padlock icon appear at all?

Simon.
0
 

Author Comment

by:farfo
ID: 17841355
Thanks Simon.  Certificate = Home grown.  Do you have any recommednations for the purchased type?

From memory I did get a certificate prompt on the problem machine- one exclamation marke on top then two green ticks.  Pretty sure I would have got a padlock but not 100%- can get back to you (I'm off site now).

Regarding certificates are you able to tell me what the proper procedure is for installing a certificate on an XP client (i.e. homegrown or otherwise)?

Also- I found this link: http://www.msexchange.org/tutorials/outlookrpchttp.html
In the intro it makes a repeated point that the initial set up on the client needs to be done with the client on the
internal network.  Could this be contributing to my problem at the remote site?  It doesn't really explain why I
can connect without problems from my home machine- but then again I'm pretty sure I connected it to our office's
VPN at some point when I was trying to get RPC over HTTPS to work.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17841373
If you are getting certificate prompts then this feature will fail. End of Story. RPC over HTTPS cannot deal with certificate prompts.

I never use home grown certificates except in the lab, when I move a file around for them. For a commercial deployment you should use purchased certificates. This is becoming even more important with the built in security features in Internet Explorer 7.0 - which flags home grown certificates.

For Exchange type deployments I use one of two suppliers. For .com/.net/.org you can use GoDaddy. For any other domain (including those) I use RapidSSL (http://www.rapidssl.com).

The setting up of the client on the LAN is a common misconception, but if you had to do that, how would the hosted Exchange operators work? Your machine isn't on their LAN with that type of service.
It can be done off LAN, it just a little more fiddly.

http://www.amset.info/exchange/rpc-http-client2.asp

Simon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question