We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


RPC over HTTP- client issues.

farfo asked
Medium Priority
Last Modified: 2012-06-21
I'm currently at one of our branch sites trying to get RPC over HTTP
to work on an Outlook 2003 client and haven't had any success.  

As far as I'm aware I'm using exactly the same settings on the
client that I'm using on my own laptop.  My laptop is connecting fine using RPC
over HTTP, but other clients at the remote site are not.

Exchange has been set up using a Front End / Back End Topology.
I've browsed to https://External.FQDN/rpc from the remote site,
have been prompted for credentials and received the "read access denied"
message which apparently is a good sign that everything's working at the
server end.

I've attempted to install a SSL certificate on one of the XP clients having the trouble-
I just copied the certificate being used on our Front End server to the client's
desktop, right clicked and selected "install certificate".  Not sure if this
is the way to do it, but it doesn't seem to have worked in any case.

The remote sites are on a separate domain to the central office where the Exchange
servers live.  I thought this may have been the problem but after joining the remote
client to a temporary workgroup the problem persisted.  My home computer (separate again
to laptop) connects fine to the exchange server using RPC over HTTP, and it is just
on a local workgroup.  

Summary of client settings used (these work on my laptop, but not on clients at remote site):

Microsoft Exchnage server: internal name of Back End server.
Exchange Proxy Settings:
      Use this url to connect to my proxy = external FQDN used for OWA / SSL certificate.
      Mutually authenticate is ticked, with the following entry below it:
            msstd:external FQDN of OWA site.
      Basic Authentication is selected in the bottom drop down box.

At the remote site, when I run outlook /rpcdiag I get the no real output, just:

Server Name            Type            Conn      Status

----                             Directory            ---      Connecting

InternalExchangeSrvName      Referral            ---      Connecting

..these two entries then disappear, then I get a popup saying "Your Microsoft Exchange server is

To me it looks like this has to be a client issue- but I don't know where to begin.  Any help would be great.

Watch Question

Expert of the Year 2007
Expert of the Year 2006

Is the certificate a home grown certificate or a purchased certificate?
If it is a home grown certificate then I strongly advise switching to a purchased certificate, particularly if you are going to be using this with clients who are off the domain.

When you browse to the /rpc virtual directory from one of the clients with a problem, do you get a certificate prompt? Does the padlock icon appear at all?



Thanks Simon.  Certificate = Home grown.  Do you have any recommednations for the purchased type?

From memory I did get a certificate prompt on the problem machine- one exclamation marke on top then two green ticks.  Pretty sure I would have got a padlock but not 100%- can get back to you (I'm off site now).

Regarding certificates are you able to tell me what the proper procedure is for installing a certificate on an XP client (i.e. homegrown or otherwise)?

Also- I found this link: http://www.msexchange.org/tutorials/outlookrpchttp.html
In the intro it makes a repeated point that the initial set up on the client needs to be done with the client on the
internal network.  Could this be contributing to my problem at the remote site?  It doesn't really explain why I
can connect without problems from my home machine- but then again I'm pretty sure I connected it to our office's
VPN at some point when I was trying to get RPC over HTTPS to work.
Expert of the Year 2007
Expert of the Year 2006
If you are getting certificate prompts then this feature will fail. End of Story. RPC over HTTPS cannot deal with certificate prompts.

I never use home grown certificates except in the lab, when I move a file around for them. For a commercial deployment you should use purchased certificates. This is becoming even more important with the built in security features in Internet Explorer 7.0 - which flags home grown certificates.

For Exchange type deployments I use one of two suppliers. For .com/.net/.org you can use GoDaddy. For any other domain (including those) I use RapidSSL (http://www.rapidssl.com).

The setting up of the client on the LAN is a common misconception, but if you had to do that, how would the hosted Exchange operators work? Your machine isn't on their LAN with that type of service.
It can be done off LAN, it just a little more fiddly.



Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.