RPC over HTTP- client issues.

Posted on 2006-10-30
Last Modified: 2012-06-21
I'm currently at one of our branch sites trying to get RPC over HTTP
to work on an Outlook 2003 client and haven't had any success.  

As far as I'm aware I'm using exactly the same settings on the
client that I'm using on my own laptop.  My laptop is connecting fine using RPC
over HTTP, but other clients at the remote site are not.

Exchange has been set up using a Front End / Back End Topology.
I've browsed to https://External.FQDN/rpc from the remote site,
have been prompted for credentials and received the "read access denied"
message which apparently is a good sign that everything's working at the
server end.

I've attempted to install a SSL certificate on one of the XP clients having the trouble-
I just copied the certificate being used on our Front End server to the client's
desktop, right clicked and selected "install certificate".  Not sure if this
is the way to do it, but it doesn't seem to have worked in any case.

The remote sites are on a separate domain to the central office where the Exchange
servers live.  I thought this may have been the problem but after joining the remote
client to a temporary workgroup the problem persisted.  My home computer (separate again
to laptop) connects fine to the exchange server using RPC over HTTP, and it is just
on a local workgroup.  

Summary of client settings used (these work on my laptop, but not on clients at remote site):

Microsoft Exchnage server: internal name of Back End server.
Exchange Proxy Settings:
      Use this url to connect to my proxy = external FQDN used for OWA / SSL certificate.
      Mutually authenticate is ticked, with the following entry below it:
            msstd:external FQDN of OWA site.
      Basic Authentication is selected in the bottom drop down box.

At the remote site, when I run outlook /rpcdiag I get the no real output, just:

Server Name            Type            Conn      Status

----                             Directory            ---      Connecting

InternalExchangeSrvName      Referral            ---      Connecting

..these two entries then disappear, then I get a popup saying "Your Microsoft Exchange server is

To me it looks like this has to be a client issue- but I don't know where to begin.  Any help would be great.

Question by:farfo
  • 2
LVL 104

Expert Comment

Comment Utility
Is the certificate a home grown certificate or a purchased certificate?
If it is a home grown certificate then I strongly advise switching to a purchased certificate, particularly if you are going to be using this with clients who are off the domain.

When you browse to the /rpc virtual directory from one of the clients with a problem, do you get a certificate prompt? Does the padlock icon appear at all?


Author Comment

Comment Utility
Thanks Simon.  Certificate = Home grown.  Do you have any recommednations for the purchased type?

From memory I did get a certificate prompt on the problem machine- one exclamation marke on top then two green ticks.  Pretty sure I would have got a padlock but not 100%- can get back to you (I'm off site now).

Regarding certificates are you able to tell me what the proper procedure is for installing a certificate on an XP client (i.e. homegrown or otherwise)?

Also- I found this link:
In the intro it makes a repeated point that the initial set up on the client needs to be done with the client on the
internal network.  Could this be contributing to my problem at the remote site?  It doesn't really explain why I
can connect without problems from my home machine- but then again I'm pretty sure I connected it to our office's
VPN at some point when I was trying to get RPC over HTTPS to work.
LVL 104

Accepted Solution

Sembee earned 500 total points
Comment Utility
If you are getting certificate prompts then this feature will fail. End of Story. RPC over HTTPS cannot deal with certificate prompts.

I never use home grown certificates except in the lab, when I move a file around for them. For a commercial deployment you should use purchased certificates. This is becoming even more important with the built in security features in Internet Explorer 7.0 - which flags home grown certificates.

For Exchange type deployments I use one of two suppliers. For .com/.net/.org you can use GoDaddy. For any other domain (including those) I use RapidSSL (

The setting up of the client on the LAN is a common misconception, but if you had to do that, how would the hosted Exchange operators work? Your machine isn't on their LAN with that type of service.
It can be done off LAN, it just a little more fiddly.


Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now