tamarackcomputers
asked on
Problems with Exchange 2003 RPC over HTTPS
Hello All,
Ok. I've been fighting with this for about a month now.. and I can't seem to fix it on my own. Here's the scoop so far:
Setup:
Server 1: Windows 2003 R2 Enterprise GC / DC
Server 2: Windows 2003 R2 w/ Exchange 2003 and all Service Packs
OWA is installed, and working on Exchange. Using a purchased certificate from Certificates for Exchange. Installed, and working correctly.
I have followed all of the steps for RPC over HTTPS that I can find. I've done and redone the registry settings, using the guide from Sembee's site, to create the registry settings and just install a .reg file. Today, I just did Split DNS to be sure. Here are the specifics:
The internal domain name is the same as what it is on the internet... domain.ca. I have a machine that I have synched internally once.. so it has a copy of the exchange mailbox.. and I am able to use it there. Some notes:
1) My client machine is running Outlook 2007.
2) I have yet to be able to connect successfully.
I've checked and re-checked the registry entries.. but hell, I'll check them again. One question: should I be making any alterations to the registry on my secondary DC?
Despite the novel above, when making suggestions.. assume nothing. I have no problem starting from the beginning, if you think it will help.
For ease of reference, here are the internal Server names (minus the domain name)
ECDC1 - Primary Domain Controller, GC
ECEXCH1- Exchange 2003 Server
ECDC2- Second Domain Controller
Ok. I've been fighting with this for about a month now.. and I can't seem to fix it on my own. Here's the scoop so far:
Setup:
Server 1: Windows 2003 R2 Enterprise GC / DC
Server 2: Windows 2003 R2 w/ Exchange 2003 and all Service Packs
OWA is installed, and working on Exchange. Using a purchased certificate from Certificates for Exchange. Installed, and working correctly.
I have followed all of the steps for RPC over HTTPS that I can find. I've done and redone the registry settings, using the guide from Sembee's site, to create the registry settings and just install a .reg file. Today, I just did Split DNS to be sure. Here are the specifics:
The internal domain name is the same as what it is on the internet... domain.ca. I have a machine that I have synched internally once.. so it has a copy of the exchange mailbox.. and I am able to use it there. Some notes:
1) My client machine is running Outlook 2007.
2) I have yet to be able to connect successfully.
I've checked and re-checked the registry entries.. but hell, I'll check them again. One question: should I be making any alterations to the registry on my secondary DC?
Despite the novel above, when making suggestions.. assume nothing. I have no problem starting from the beginning, if you think it will help.
For ease of reference, here are the internal Server names (minus the domain name)
ECDC1 - Primary Domain Controller, GC
ECEXCH1- Exchange 2003 Server
ECDC2- Second Domain Controller
ASKER
The only method I have is basic authentication on the /rpc directory. Should there be anything else?
Thats fine. Which setting have you entered in to Outlook when you configured it?
Although I usually deploy RPC over HTTPS with both Integrated and Basic authentication enabled so I have both options. If you do make the change, run iisreset from a command prompt to write the changes to the IIS metabase.
Simon.
Although I usually deploy RPC over HTTPS with both Integrated and Basic authentication enabled so I have both options. If you do make the change, run iisreset from a command prompt to write the changes to the IIS metabase.
Simon.
ASKER
Ok. So, here's where I am at:
1) Even though I didn't make any changes.. I did an IIS reset on the Exchange server (since that's where OWA is running from)
2) Also, since I had to do so for updates.. I rebooted my DC / GC.
Tried again.. and I am not able to connect using Outlook. Outlook is using Basic Authentication, since the laptop is not a domain member. The username format I am using is domain\username
Some things I forgot to mention:
-The DC/ GC is running the x64 edition of Windows Server 2003 R2 Enterprise Edition
-Exchange is run on an x32 edition of Windows 2003 R2.
I'm still waiting on the reboot (I started it just as I started typing this message) and then I am going to reboot the Exchange server, and test. Will update probably tomorrow with more info.
1) Even though I didn't make any changes.. I did an IIS reset on the Exchange server (since that's where OWA is running from)
2) Also, since I had to do so for updates.. I rebooted my DC / GC.
Tried again.. and I am not able to connect using Outlook. Outlook is using Basic Authentication, since the laptop is not a domain member. The username format I am using is domain\username
Some things I forgot to mention:
-The DC/ GC is running the x64 edition of Windows Server 2003 R2 Enterprise Edition
-Exchange is run on an x32 edition of Windows 2003 R2.
I'm still waiting on the reboot (I started it just as I started typing this message) and then I am going to reboot the Exchange server, and test. Will update probably tomorrow with more info.
ASKER
OK. The reboot went.. and still the same. Seems to just time out. It initially tries HTTPS connections.. but that's about it.
I'm out of ideas... I'm reasonably certain the registry entries are correct, but I get that sinking feeling I am missing something.
Help?
I'm out of ideas... I'm reasonably certain the registry entries are correct, but I get that sinking feeling I am missing something.
Help?
ASKER
Hmm.. I wonder.
Is there a good and easy to "uninstall" RPC over HTTPS and start over, without having to take the Exchange server offline? (and the DC too). Could it be just as simple as removing the registry entries, and undoing the GUI Settings?
Is there a good and easy to "uninstall" RPC over HTTPS and start over, without having to take the Exchange server offline? (and the DC too). Could it be just as simple as removing the registry entries, and undoing the GUI Settings?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. I feel like I should know this answer.. but I want to be sure. Should RPC Proxy be installed only on the Exchange Server, the GC / DC, or both?
ASKER
OK, I feel like a special child here. I was re-reading Sembee's how to over at http://www.amset.info/exchange/rpc-http-server.asp
(very helpful BTW.. I think by far the most useful).
I found the source of my problem, and here is a quote from Sembee, on his page:
"If you are using a front-end/back-end scenario (at least two Exchange servers), then you do not need these settings, unless you are having problems with the GUI.
If you have tried to use the GUI interface then you need to change it back to "Not Part of an Exchange Managed RPC-HTTP Topology" and then use the registry keys.
Remember: GUI or Registry - not both."
It's that last line that's the most important. And once I disabled the gui portion.. presto. it works. So thanks Sembee... and man, do I feel dumb now. But it works.
(very helpful BTW.. I think by far the most useful).
I found the source of my problem, and here is a quote from Sembee, on his page:
"If you are using a front-end/back-end scenario (at least two Exchange servers), then you do not need these settings, unless you are having problems with the GUI.
If you have tried to use the GUI interface then you need to change it back to "Not Part of an Exchange Managed RPC-HTTP Topology" and then use the registry keys.
Remember: GUI or Registry - not both."
It's that last line that's the most important. And once I disabled the gui portion.. presto. it works. So thanks Sembee... and man, do I feel dumb now. But it works.
If you have, then the DC registry setting needs to be made on that machine as well. If you haven't then don't worry.
Although, it doesn't do any harm to make the change on the other DC. It doesn't affect the operation of the server in any way.
The registry settings are the common reason for problems. Also SSL certificate and authentication mismatches. Which authentication methods do you have enabled on the /rpc virtual directory in IIS manager?
Simon.
--
If your question has been answered, pleased remember to accept the answer and close the question.