RPC/HTTP Configuration Parameters
I have our RPC over HTTPS working with an internal client. With an external client, I get the "Outlook must be online or connected" message. I think I've tried all the suggestions in the posts here, at amset, and elsewhere, but still need help. One thing I'm not sure about: I have a single Exchange 2003 server, so I have been using the single-server configurations. However, this is a single Exchange server, but the domain controllers, and web servers are separate. Is this still the correct configuration, or do I need to use different registry settings? We have a Netgear firewall with port 443 open and pointed to the mail server.
Next: Some configuration pages I've read indicate that the ValidPorts key should include 100-5000, but others do not.
I have purchased and registered a certificate to our mail server, mail1.company.com. Do I actually need the mail server registered? I haven't seen anything which indicates so.
The only change I've made on the domain controllers (since they are also GC servers) is the NSPI interface protocol sequences key.
More information will be provided as requested.
Thanks in advance!
Next: Some configuration pages I've read indicate that the ValidPorts key should include 100-5000, but others do not.
I have purchased and registered a certificate to our mail server, mail1.company.com. Do I actually need the mail server registered? I haven't seen anything which indicates so.
The only change I've made on the domain controllers (since they are also GC servers) is the NSPI interface protocol sequences key.
More information will be provided as requested.
Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Windows 2003 domain, Exchange Server 2003 sp2, clients are XP Pro with Outlook 2003.
I *think* I've went through the troubleshooting steps, but please remind me what to do. I'd rather do it again than miss something.
With an internal client the HTTPS connection works (outlook /rpcdiag shows HTTPS connection).
Thanks for all the quick replies!
I *think* I've went through the troubleshooting steps, but please remind me what to do. I'd rather do it again than miss something.
With an internal client the HTTPS connection works (outlook /rpcdiag shows HTTPS connection).
Thanks for all the quick replies!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I can't get that far. The setup fails immediately at the "Check Name", even after checking/setting the HTTP settings.
What happens if you take a client that is already configured and use it outside the firewall? Prove that connectivity first, before you start trying to setup clients externally.
Simon.
Simon.
ASKER
Thanks Sembee, we'll do that next and keep y'all posted.
Update: I've noticed that the error message pops up immediately during the Check Name stage (after setting up the RPC settings). There is no traffic to the dial-up connection. My guess is something on the client itself, since it generates the error without even trying the connection. Hope this extra information helps.
Update: I've noticed that the error message pops up immediately during the Check Name stage (after setting up the RPC settings). There is no traffic to the dial-up connection. My guess is something on the client itself, since it generates the error without even trying the connection. Hope this extra information helps.
ASKER
Update: I've connected the client to the LAN, and Outlook HTTPS works properly. If I disconnect from the LAN and try dial-up, it fails.
We've tried the same tests on another laptop (Vista with Outlook 2007) - same results.
Both laptops fail immediately - that is, they do not even try to access the dial-up connection, they just fail.
We've tried the same tests on another laptop (Vista with Outlook 2007) - same results.
Both laptops fail immediately - that is, they do not even try to access the dial-up connection, they just fail.
If you are getting https on the LAN but it drops off when you go over the internet then something is blocking the connection. Firewall, NAT redirection, something like that.
If the client is configured correctly and you haven't placed connection restrictions on the web server, then it is something outside of Exchange that is causing the failure off site.
Simon.
If the client is configured correctly and you haven't placed connection restrictions on the web server, then it is something outside of Exchange that is causing the failure off site.
Simon.
ASKER
Still have problems. I've verified that port 443 is opened on the firewall, and is pointing to the exchange server. From the test computer (connected via dialup and not the LAN), I use IE to navigate to https://www.companyname.com, I am taken to the default web page on the mail server which shows the active certificate.
What can/should I check next?
Thanks!
What can/should I check next?
Thanks!
What happens if you go to https://host.domain.com/rpc
Do you get any errors? Ignore an authentication prompt.
Is there more than one web site on this server?
Simon.
--
If your question has been answered, pleased remember to accept the answer and close the question.
Do you get any errors? Ignore an authentication prompt.
Is there more than one web site on this server?
Simon.
--
If your question has been answered, pleased remember to accept the answer and close the question.
ASKER
Using the dialup, if I browse to https://mail1.company.com, I get a standard "can't find it" error from the browser. However, if I browse to https://www.company.com, I get the three prompts to login, then the ACL error.
Configuration: Two Windows 2003 domain controllers, 1 Exchange 2003 server, 1 Windows 2003 web server hosting company domain (www.company.com).
Configuration: Two Windows 2003 domain controllers, 1 Exchange 2003 server, 1 Windows 2003 web server hosting company domain (www.company.com).
ASKER
More Info.: I do not have the CA installed in the domain. Do I need a CA server for this to function?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The certificate is VeriSign. Notice that when I browse to https://mailserver.company.com, I get the browser error. If I browse to https://www.company.com, I get the login prompts. Should I not get these when I browse to the mail server?
Thanks in advance!
PS - Previous question: Do I need CA installed in the domain?
Thanks in advance!
PS - Previous question: Do I need CA installed in the domain?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the reply regarding the CA.
What are your thoughts on the issue of when I browse to https://mailserver.company.com, I get the browser error. If I browse to https://www.company.com, I get the login prompts. Should I not get these when I browse to the mail server?
I keep rechecking all the information on this, yet still have problem. Now I'm trying to find out specifics to see what's wrong.
What are your thoughts on the issue of when I browse to https://mailserver.company.com, I get the browser error. If I browse to https://www.company.com, I get the login prompts. Should I not get these when I browse to the mail server?
I keep rechecking all the information on this, yet still have problem. Now I'm trying to find out specifics to see what's wrong.
Presuming that the URLs point to the same IP address, you can only have one certificate on each virtual web server. Therefore working on one address and not on the other would be expected. You do need to ensure that the names resolve to the correct IP address.
Simon.
--
If your question has been answered, please remember to accept the answer and close the question.
Simon.
--
If your question has been answered, please remember to accept the answer and close the question.
ASKER
Problem solved: I hired a local consultant to come in and see what was wrong. An nslookup revealed that the mail server's name would not resolve. We called our ISP and had them add the mail server's name to our DNS record. All is well now.
I want to award the points anyway. All of the responses contributed to the final solution.
Thanks!
I want to award the points anyway. All of the responses contributed to the final solution.
Thanks!
ASKER