RPC over HTTPS IIS

Shawnspi
Shawnspi used Ask the Experts™
on
I used this link to set up RPC over HTTPS
http://www.experts-exchange.com/OS/Miscellaneous/Q_21796712.html

I am able to connect to OWA just fine.  I cannot seem to get RPC over https to work.

I tried going to https://webmail.site.com/rpc .. and I get a prompt for my user name and password.. but it never accepts it..

Any ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
I have outlook 2003.. but I don't see the RPC setting in the registry .. I am working on that now.. but if you have any ideas why it isn't there ... please let me know?

Author

Commented:
I can however access rcpproxy.dll like all the troubleshooting documents say ..

weird...  i don't have that registry key; but i do have the option for exchange over the internet .. it just won't work..
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
By doing this :
http://msmvps.com/blogs/erikr/archive/2005/01/02/29356.aspx

To disable Outlook's ability to fallback to using RPC over HTTP create the following value:
Value Name: DisableRpcTcpFallback
Data: 1
Path: HKLM\Software\Microsoft\Office\11.0\Outlook\Rpc


I see that.. i am not connecting .. or even really attempting ot connect through HTTPS....

Expert of the Year 2007
Expert of the Year 2006

Commented:
The test to /rpc is to confirm or not whether you get a certificate prompt.
If you do, then the feature will never work.

You shouldn't need to make any changes to the workstation for the feature to work - the registry change that you have indicated above is not one I have needed to do.

The most common reasons for this feature failing are not meeting the requirements, errors in the registry settings, SSL certificate issues.

Are you using a commercial SSL certificate or a home grown certificate?

Simon.

Author

Commented:
Home grown.

But OWA works.

and when i goto  https://webmail.domain.com/rpc
I get a security response...  so .. that is bad, huh?

Author

Commented:
Ok.. so I fixed the certificate error.
It now just prompts for my name and password.. and then i get a 403 error.

I still cannot connect via outlook.

Thanks
Expert of the Year 2007
Expert of the Year 2006

Commented:
I don't recommend using a home grown certificate. I have had no end of problems with home grown certificates but put a commercial certificate on and have it working in less than 30 minutes.

Simon.
Donnie4572IT Manager

Commented:

home grown...well they are all grown in somebody's home..

You may need to install the root cert on the client.
open internet explorer
tools
internet options
content tab
certificates button
import button
---you will need to import the same certificate that you installed on the OWA server.

I agree with Simon. If we purchase a cert from a "trusted" .....less trouble.

 

Author

Commented:
Do you have any recommendations for a cheap cert?

If I do that.. I still need the CA installed?

Also... I have 2 sites.. one is OWA and one is sharepoint.
different URLS, do i need a seperate cert for each?
Donnie4572IT Manager

Commented:
You need a cert for each website. OWA is installed on the default web site of the exchange server. Where is sharepoint installed.

You can get a godaddy cert for about 20USD and no your CA will not be needed for a purchased cert.
https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=9039

Author

Commented:
sharepoint is on the same server, running off the IP of the second NIC... 2 external IP's and routed using a PIX.

Expert of the Year 2007
Expert of the Year 2006

Commented:
RapidSSL or GoDaddy are my usual certificate choices.
RapidSSL have a 30 day trial certificate which is fully trusted by Outlook so you could get one of those, prove it works then pay out for the full thing.

Simon.

Author

Commented:
I have installed RapidSSL and I am still having the same issue.

I start outlook with /rpcdiag and I don't see the https connection.

Thanks

Author

Commented:
I see conflicting information...

This is a single exchange server enviornment.
Right now the server is set up as : RPC-HTTP back-end server

the RPC-HTTP front-end server is grayed out ...

is this correct?

Thanks.

Expert of the Year 2007
Expert of the Year 2006

Commented:
On a single server deployment you cannot use the GUI to setup the feature.
Only those operating a frontend/backend scenario can use the GUI.
For single server deployments you have to make the registry changes by hand.

Simon.

Author

Commented:
this is what I have.. and i haven't changed it:

lstech03:6001-6002;lstech03.lstechllc-hq:6001-6002;webmail.lstechllc.com:6001-6002;lstech03:6004;lstech03.lstechllc-hq:6004;webmail.lstechllc.com:6004


does that look correct?
Expert of the Year 2007
Expert of the Year 2006

Commented:
Without knowing what your internal Windows domain is called, it is difficult to know.
It doesn't look right, not enough entries in the correct format.

Is Exchange installed on a domain controller?

You are missing server:100-5000

Simon.
Donnie4572IT Manager

Commented:
It doesn't look right to me

You should have four entries here. Or at least thats the way I remember it.

servername:6001-6002
servername.domain.com:6001-6002
servername:6004
servername.domain.com:6004

Author

Commented:
It is a domain controller

the server name is  lstech03
the domain name is  lstechllc-hq
the "external" domain name is  webmail.lstechllc.com

since the names are different internal and external; what do I use?  the RPC over HTTPS will only be used externally.


ports 100-5000  ??


Thanks

Author

Commented:
That last link you provided Donnie was the one that I had used originally.  I will go through it again and make sure that I didn't miss anything.
Donnie4572IT Manager

Commented:
Are you sure your AD domain name is  lstechllc-hq?
That name is not an FQDN..
You should add your internal name and not external name.

Author

Commented:
I am using the RPC/HTTPS No Front End Single Server Registry Utility that was provided on that link.

It says  NetBios : lstech03
               FQDN: lstechllc-hq

and i added the optional external as : webmail.lstechllc.com .. it creates this :
lstech03:6001-6002;lstech03.lstechllc-hq:6001-6002;webmail.lstechllc.com:6001-6002;lstech03:6004;lstech03.lstechllc-hq:6004;webmail.lstechllc.com:6004

Author

Commented:
WAIT!!!

I think I got it!!

It is now working after I reset that to the defaults and then redid it!

let me make sure and I will close this later today!

Thanks for all your help!
Donnie4572IT Manager

Commented:
You should add these back as Simon stated above..

ServerNETBIOSName:100-5000

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial