[Last Call] Learn how to a build a cloud-first strategyRegister Now


Problems with Exchange 2003 RPC over HTTPS

Posted on 2007-10-05
Medium Priority
Last Modified: 2012-05-05
Hello All,

Ok. I've been fighting with this for about a month now.. and I can't seem to fix it on my own. Here's the scoop so far:


Server 1:  Windows 2003 R2 Enterprise GC / DC
Server 2:  Windows 2003 R2 w/ Exchange 2003 and all Service Packs
OWA is installed, and working on Exchange. Using a purchased certificate from Certificates for Exchange. Installed, and working correctly.

I have followed all of the steps for RPC over HTTPS that I can find. I've done and redone the registry settings, using the guide from Sembee's site, to create the registry settings and just install a .reg file. Today, I just did Split DNS to be sure. Here are the specifics:

The internal domain name is the same as what it is on the internet... domain.ca. I have a machine that I have synched internally once.. so it has a copy of the exchange mailbox.. and I am able to use it there. Some notes:

1) My client machine is running Outlook 2007.
2) I have yet to be able to connect successfully.

I've checked and re-checked the registry entries.. but hell, I'll check them again. One question: should I be making any alterations to the registry on my secondary DC?

Despite the novel above, when making suggestions.. assume nothing. I have no problem starting from the beginning, if you think it will help.

For ease of reference, here are the internal Server names (minus the domain name)

ECDC1 -  Primary Domain Controller, GC
ECEXCH1- Exchange 2003 Server
ECDC2- Second Domain Controller
Question by:tamarackcomputers
  • 6
  • 3
LVL 104

Expert Comment

ID: 20024522
Have you put the second DC in to the registry settings?
If you have, then the DC registry setting needs to be made on that machine as well. If you haven't then don't worry.
Although, it doesn't do any harm to make the change on the other DC. It doesn't affect the operation of the server in any way.

The registry settings are the common reason for problems. Also SSL certificate and authentication mismatches. Which authentication methods do you have enabled on the /rpc virtual directory in IIS manager?


If your question has been answered, pleased remember to accept the answer and close the question.

Author Comment

ID: 20024676
The only method I have is basic authentication on the /rpc directory. Should there be anything else?
LVL 104

Expert Comment

ID: 20024712
Thats fine. Which setting have you entered in to Outlook when you configured it?

Although I usually deploy RPC over HTTPS with both Integrated and Basic authentication enabled so I have both options. If you do make the change, run iisreset from a command prompt to write the changes to the IIS metabase.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.


Author Comment

ID: 20053155
Ok. So, here's where I am at:

1) Even though I didn't make any changes.. I did an IIS reset on the Exchange server (since that's where OWA is running from)
2) Also, since I had to do so for updates.. I rebooted my DC / GC.

Tried again.. and I am not able to connect using Outlook. Outlook is using Basic Authentication, since the laptop is not a domain member. The username format I am using is domain\username

Some things I forgot to mention:

-The DC/ GC is running the x64 edition of Windows Server 2003 R2 Enterprise Edition
-Exchange is run on an x32 edition of Windows 2003 R2.

I'm still waiting on the reboot (I started it just as I started typing this message) and then I am going to reboot the Exchange server, and test. Will update probably tomorrow with more info.

Author Comment

ID: 20066494
OK. The reboot went.. and still the same. Seems to just time out. It initially tries HTTPS connections.. but that's about it.

I'm out of ideas... I'm reasonably certain the registry entries are correct, but I get that sinking feeling I am missing something.


Author Comment

ID: 20095614
Hmm.. I wonder.

Is there a good and easy to "uninstall" RPC over HTTPS and start over, without having to take the Exchange server offline? (and the DC too). Could it be just as simple as removing the registry entries, and undoing the GUI Settings?
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 20096704
Remove the RPC Proxy component from Windows components and then delete the virtual directories from IIS Manager. Run an IISRESET and it is gone. You can then reinstall the RPC Proxy component and try again.


If your question has been answered, please remember to accept the answer and close the question.

Author Comment

ID: 20097475
OK. I feel like I should know this answer.. but I want to be sure. Should RPC Proxy be installed only on the Exchange Server, the GC / DC, or both?

Author Comment

ID: 20097637
OK, I feel like a special child here. I was re-reading Sembee's how to over at http://www.amset.info/exchange/rpc-http-server.asp

(very helpful BTW.. I think by far the most useful).

I found the source of my problem, and here is a quote from Sembee, on his page:

"If you are using a front-end/back-end scenario (at least two Exchange servers), then you do not need these settings, unless you are having problems with the GUI.
If you have tried to use the GUI interface then you need to change it back to "Not Part of an Exchange Managed RPC-HTTP Topology" and then use the registry keys.
Remember: GUI or Registry - not both."

It's that last line that's the most important. And once I disabled the gui portion.. presto. it works. So thanks Sembee... and man, do I feel dumb now. But it works.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question