[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1022
  • Last Modified:

RPC over HTTPS Not Connecting

Hello, I have a windows 2003 standard server w/SPI and exchange 2003 w/SP II.
I configured RPC over http to let my clients (outlook 2003 SP II) connect from outside the company without making a VPN tunnel. It won't work, for some reason they cannot connect to the mailserver...

https://mail.demeyere.be/exchange (OK)
https://mail.demeyere.be/RPC (OK)
https://mail.demeyere.be/RPC/RPCPROXY.DLL (BLANK OK)

I installed a free mail certificate on the server and clients. The only thing that I can see in my eventvwr is that my Certsvc crashes with the following 2  event ID: 9 & 44

I checked MS knowledgebase and followed their installatie & configuration sheets, nothing I didn't do...

Someone who can help me out?
0
Info-Service
Asked:
Info-Service
  • 9
  • 7
1 Solution
 
orizivCommented:
Hi,
Event 9 is about hardware not responding I don't think it has something with your problem.
Event 44 is a general DB error of the terminal server licensing server.
Try to re-install the terminal server licensing component.
If this doesn't help, please post the full event so I'd be able to understand it
0
 
SembeeCommented:
When you browse to https://mail.demeyere.be/RPC do you get a certificate prompt? I just tested it myself and I got a certificate prompt.
If you are getting certificate prompts then the feature will not work as Outlook cannot cope with the prompt. You need to look at resolving the certificate prompt. A purchased commercial trusted SSL certificate from somewhere such as RapidSSL or GoDaddy is the best way to deal with the SSL prompt.

Simon.
0
 
Info-ServiceAuthor Commented:
These are the 2 full eventid's
Eventid 44 - source Certsvc
The "Windows default" Policy Module "Initialize" method returned an error. The handle is invalid. The returned status code is 0x80070006 (6).  

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Eventid 9 - source Certsvc
The Certificate Services did not start: Unable to load an external policy module.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Sembee:
Does it mean that my cert isn't compatible for SSL?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
SembeeCommented:
The certificate services errors are not related to this issue, so can be ignored.
The certificate you currently have cannot be used by RPC over HTTPS in its current format. You cannot have any certificate prompts.
If the certificate is a home grown one, then I suggest you replace it with a commercial certificate. I have been to many sites where the administrator has spent hours trying to get it to work, and I have it working in less than 30 minutes with a commercial SSL certificate. That doesn't mean an expensive Verisign certificate, a cheap certificate from Go Daddy or RapidSSL will be fine. RapidSSL have 30 day trial certificates which you can use to prove that it works before committing funds.

Simon.
0
 
Info-ServiceAuthor Commented:
I issued another certificate from RapidSSL. If I connect to my exchange page through https there is no error about the certificate. Still no connection through my outlook 2003...
Getting a little bit desperate that I won't get it to work.
0
 
Info-ServiceAuthor Commented:
Addendum:

I get service unavailable now when I do the RPC tests...
0
 
SembeeCommented:
Was the certificate issued with the same name?
If you have removed the SSL certificate error, then you move on.
After SSL certificates, the next most common problem is with the registry keys.
There are various versions of the keys required. My version is on my web site hat http://www.amset.info/exchange/rpc-http.asp

Simon.
0
 
Info-ServiceAuthor Commented:
My cert is made for mail.demeyere.be. When I test https://mail.demeyere.be/rpc he says that the certificate isn't correct for this server??!! I already followed your version and put the registry keys as told in your "walkthrough". What to do with the certificate problem. I tried to take netbios name but rapidssl does not accept this as a correct servername!
0
 
SembeeCommented:
You cannot use a netbios name for a public certificate. It has to be an FQDN.
If you are getting an SSL prompt then you need to resolve that first. When you get the certificate prompt you should be able to view the certificate. That will allow you to see which certificate it is and what name it was issued to.

Are you using an ISA server or something else that could be presenting a different SSL certificate?

Simon.
0
 
Info-ServiceAuthor Commented:
There is no ISA server configured in the network.
I use mail.demeyere.be as FQDN because it's the site where I want the clients to connect to.
I don't think this is wrong??... If I look to the name it says that it's issued to mail.demeyere.be
Strange things these certificates :)
0
 
SembeeCommented:
Presuming that is a valid domain, I cannot connect to that URL. Is the server exposed to the internet?

Have you configured the network so that address works internally? So mail.demeyere.be resolves to an internal IP address when you are inside the network?

A common error with RPC over HTTPS is putting the wrong server names in the boxes.

Simon.
0
 
Info-ServiceAuthor Commented:
https://mail.demeyere.be gives me "service unavailable"... The same problem when I do this on the server with RDP. If I try https://mail.demeyere.be/exchange there is no problem. I have an A record in DNS that points mail.demeyere.be to 192.168.0.1 (server IP)
Servername internal: srv_demeyere
Domain: demeyere.be
sitename: mail.demeyere.be

What do you mean with "...is putting the wrong server names in the boxes."
0
 
SembeeCommented:
That sounds like you are looking at internal DNS information.
I presume there is nothing in external DNS for that host name?

By servername in the wrong boxes I mean I have heard people putting the external name in to the Server Name box on the first screen of Outlook (where you enter the account name and whether to use cached mode or not). That is wrong, it should be the server's NETBIOS name.
Then in the RPC over HTTPS proxy config it should mail.demeyere.be in the first box and msstd:mail.demeyere.be in the second box.

Simon.
0
 
Info-ServiceAuthor Commented:
Simon,

I found where the problem lies. It is my default app pool that crashes all the time. In the eventvwr I get 5 times ID 1009 with different process id:
7556 / 5892 / 6736 / 4608 / 6776

Any ideas again?
0
 
SembeeCommented:
Default application pool failures can indicate a problem with IIS, corrupt installation, third party interference etc. A problem with IIS on an Exchange server isn't pretty to resolve, as you have to do some work to both Exchange and IIS if you are going to reinstall IIS.

Simon.
0
 
Info-ServiceAuthor Commented:
I reinstalled IIS and had a lot of work to get exchange working again. So far so good except for my webmail... After 3 logins it gives me "access denied" I already reinstalled the virtual directories.
As for the RPC it did not work after re-install of IIS

could it be a solution to install SP II of server 2003?
0
 
Info-ServiceAuthor Commented:
It took me several days and a lot of stress but it finally works!!!

Solution:
1) Another certificate (trusted one)
2) Re-install of IIS (problem with default app pool)
3) Re-installatie of my servers servicepack
4) Followed the installatie guide of Sembee

Everything works fine now, thanks for all the tips and help!!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now