btomkins
asked on
RPC over https login failing - HTTP Error 401.3
I have a new 2003 single server exchange install. I am having no luck with RPC over https.
The server is installed in a the site domain with a seperater domain controller in each site.
the site with exchange has
mx1.domain.local - exhcange server
dc2.domain.local - domain controller (dns)
I have followed a heap of guides the only one that talks of RPC in a single exchange server - with a seperate dc.
http://www.amset.info/exchange/rpc-http-server.asp
In particular he mentions including the dc in the Validports entry
HKEY_LOCAL_MACHINE\SOFTWAR
In IIS I have set the rpc directory security - authentication to basic and the default domain to domain.local
Anyway now to the problem
When I test the server in a browser on the LAN or the wan eg https://mx1/rpc
I get a prompt for a username and password however authentication is unsuccsessfull after three attempts I recieve a "HTTP Error 401.3"
I have tried a world of username password combinations with no luck.
owa is working fine externally.
Any ideas welcome.
The server is installed in a the site domain with a seperater domain controller in each site.
the site with exchange has
mx1.domain.local - exhcange server
dc2.domain.local - domain controller (dns)
I have followed a heap of guides the only one that talks of RPC in a single exchange server - with a seperate dc.
http://www.amset.info/exchange/rpc-http-server.asp
In particular he mentions including the dc in the Validports entry
HKEY_LOCAL_MACHINE\SOFTWAR
In IIS I have set the rpc directory security - authentication to basic and the default domain to domain.local
Anyway now to the problem
When I test the server in a browser on the LAN or the wan eg https://mx1/rpc
I get a prompt for a username and password however authentication is unsuccsessfull after three attempts I recieve a "HTTP Error 401.3"
I have tried a world of username password combinations with no luck.
owa is working fine externally.
Any ideas welcome.
ASKER
RPCdump has some access denied errors
dc2.domain.local has had the registry fix
HKEY_LOCAL_MACHINE\SYSTEM\
Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
I notice
UUID:1544f5e0-613c-11d1-93
how can I tell what server this is?
Thanks
Brian
==========================
Querying Endpoint Mapper Database...
149 registered endpoints found.
Collecting Data.... This may take a while.
0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----|
..........................
ProtSeq:ncacn_http
Endpoint:6002
NetOpt:
Annotation:MS Exchange Directory RFR Interface
IsListening:ACCESS_DENIED
StringBinding:ncacn_http:192.168.100.8[6002]
UUID:1544f5e0-613c-11d1-93
ComTimeOutValue:RPC_C_BIND
VersMajor 1 VersMinor 0
rpcdump completed sucessfully after 1 seconds
dc2.domain.local has had the registry fix
HKEY_LOCAL_MACHINE\SYSTEM\
Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
I notice
UUID:1544f5e0-613c-11d1-93
how can I tell what server this is?
Thanks
Brian
==========================
Querying Endpoint Mapper Database...
149 registered endpoints found.
Collecting Data.... This may take a while.
0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----|
..........................
ProtSeq:ncacn_http
Endpoint:6002
NetOpt:
Annotation:MS Exchange Directory RFR Interface
IsListening:ACCESS_DENIED
StringBinding:ncacn_http:192.168.100.8[6002]
UUID:1544f5e0-613c-11d1-93
ComTimeOutValue:RPC_C_BIND
VersMajor 1 VersMinor 0
rpcdump completed sucessfully after 1 seconds
ASKER
Sembee,
Thanks for your quick reply
Sorry I disagree on the bit where you say its normal to get access denied.
From my reading its normal to get a 403.2 error not a 402.3 error.
I get the certificate ok. I are useing self certificates although I dont believe that that is the problem.
Using outlook on the LAN with HTTPS on the domain is the same story it just keeps asking for a password.
Outlook work fine with standard TCPIP on the LAN.
owa also works fine from internal and external networks.
Thanks
Thanks for your quick reply
Sorry I disagree on the bit where you say its normal to get access denied.
From my reading its normal to get a 403.2 error not a 402.3 error.
I get the certificate ok. I are useing self certificates although I dont believe that that is the problem.
Using outlook on the LAN with HTTPS on the domain is the same story it just keeps asking for a password.
Outlook work fine with standard TCPIP on the LAN.
owa also works fine from internal and external networks.
Thanks
Second opinion,
401.3 is normal, all of my exchange servers report that (and they are all configured correctly for RPC/HTTPS)
When you say "I get the certificate ok" does that mean it comes up and you say "yes" to it?
If so, that is a problem right there
-red
401.3 is normal, all of my exchange servers report that (and they are all configured correctly for RPC/HTTPS)
When you say "I get the certificate ok" does that mean it comes up and you say "yes" to it?
If so, that is a problem right there
-red
Sembee,
Can you prune that log a bit please? This thread hurts and it only has 4 posts! :)
-red
Can you prune that log a bit please? This thread hurts and it only has 4 posts! :)
-red
ASKER
red,
Sorry about the rpcdump - How do you prune a comment?
Dont the "IsListening:ACCESS_DENIED
> When you say "I get the certificate ok" does that mean it comes up and you say "yes" to it?
When I first connect on a machine it Actually does come up and say it is not from company that I have chosen to trust.
After I install the certificate the warning no longer comes up when I conect.
I'm sorry if I have not been clear.
The problem is still that the username and password dialog keeps coming back! ie Authentication is failing
I only get the 401.3 error after I click cancel.
Thanks
Brian
Sorry about the rpcdump - How do you prune a comment?
Dont the "IsListening:ACCESS_DENIED
> When you say "I get the certificate ok" does that mean it comes up and you say "yes" to it?
When I first connect on a machine it Actually does come up and say it is not from company that I have chosen to trust.
After I install the certificate the warning no longer comes up when I conect.
I'm sorry if I have not been clear.
The problem is still that the username and password dialog keeps coming back! ie Authentication is failing
I only get the 401.3 error after I click cancel.
Thanks
Brian
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Simon,
I added the integrated authentication and now outlook https connections work on the LAN using the external domain the exchange proxy settings.
I dont know why but it just wont work on my machine externally.
I am buying a certificate to see if thats it.
thanks again
Brian
I added the integrated authentication and now outlook https connections work on the LAN using the external domain the exchange proxy settings.
I dont know why but it just wont work on my machine externally.
I am buying a certificate to see if thats it.
thanks again
Brian
ASKER
Well buying a certificate has made it work from the outside.
Thanks for your help.
You need to move on to the Outlook configuration. Using a normal domain client already configured for Exchange access (and working) add the addition settings for RPC over HTTPS. Restart Outlook and see what happens.
Simon.