Link to home
Avatar of xidou
xidou

asked on

outlook fail to connnect to exchange rpc over https

I have a Windows 2003 R2 server on which I have installed Exchange 2003 Std. on.
I have a SSL CA issus last month,befroe OWA  Outlook rpc over rpc both work fine.
After I renew the CA, OWA works fine and no waring with CA.
I am sure there no firewall issus, I do not change the fireware  configuration.
I follow http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
and also others instruction.
I test https://exchange.xxx.ca/rpc
HTTP Error 401.3 - Unauthorized
I test https://sv.xx.local/rpc
get a warning of Ca
then HTTP Error 401.3 - Unauthorized
run rpccdf /hd looks good.
But when I run outlook /rpcdiag
It never connect using https;
i also regedit with (ncacn_http:6004)
I also uninstall rpc over http and issreset reinstall rpc over http
but still nothing happen even in LAN
Anythingelse I need check?
SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of xidou
xidou

ASKER

I also check RPC Proxy Server Extension
Avatar of xidou

ASKER

thanks Savant reply;
With RPC over HTTPS it is usually one of three things
 - certificate
My OWA works fine without no CA waring
 - authentication type
both basic and basic
 - registry settings.
rpccfg /hd and ncacn_http:6004
what else I need check

and
Avatar of xidou

ASKER

log on iis6 loke this

2007-10-31 19:14:59 W3SVC1 192.168.4.10 RPC_OUT_DATA /rpc/rpcproxy.dll svr.dom.local:593 443 dom\xxx 204.191.0.142 MSRPC 200 0 0

After I change the 6001-6004 Do I need a full  reboot?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of xidou

ASKER

NOW  IT WORKS FOR OUTLOOK 2003, BUT STILL NOT WORKING ON OUTLOOK 2007
Avatar of xidou

ASKER

THE REASON IS :
if I put svr.dom.local it  not working
after I change to svr it working!
What a hell!
Avatar of xidou

ASKER

I almost have the same issuse as below

Thx for the great documentation for RPC over HTTPS on Ex2k3.

Other than once I can able to make OL2k3 work in WAN situation, suddenly it just don't work when I click Send/Receive in OL2K3!
Then no matter what I try on outlook/rpcdiag or remove and create back the profile, RPC over HTTPS just not work!

However, my situation seems a bit different as my EX2k3 on Win2k3 are on member server and there're another GC/DC/FSMO hold Win2k3 server internally without any access from WAN.

I've checked IIS RPC Virtual Directory's log, it got sth like:
2006-08-11 05:47:56 192.168.0.111 RPC_OUT_DATA /rpc/rpcproxy.dll ex2k3:6004 443 domain\testing 111.222.111.222 MSRPC 200 0 0

which seems to be correct, and 6001, 6002 and 6004 port are listening on the EX2K3 Server.

Is there special settings for such environment ?
Should I set "Not part of an Exchange managed RPC-HTTP topology" or "RPC-HTTP back-end server" in EX2k3's RPC-HTTP tab in System Manager ?


csklho

P.S. I've found out that when issuing "outlook.exe /rpcdiag", if you input Exchange Server NETBIOS name as , say "ex2k3", then most likely u'll try ur RPC over HTTPS using HTTPS port. If u use internal FQDN like "ex2k3.mycompany.local", it'll just use RPC to connect!

Finally get it works after doing this:

1. Set in System Manager for "RPC-HTTP back-end server"

2. Modify Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"ValidPorts" Value data
from "NetBIOS_ServerName:100-5000"
to "NETBIOS_ServerName:6001-6004;External_FQDN:6001-6004"

However, the problem that even I've set to check to use HTTP instead of TCPIP for fast and slow network, it still 1st check for TCPIP(i.e. RPC) as the Exchange Server name is always be seen as ex2k3.mycompany.local. Then after timeout for RPC TCPIP connection, it'll try for HTTPS and that will be ok working.

Is there any way that must force outlook 2003 using HTTPS only ?

Thanks
csklho
http://www.petri.co.il/forums/showthread.php?t=9323

but it just not working to me!

I think the diff is
I do set  "RPC-HTTP back-end server" in EX2k3's RPC-HTTP tab in System Manager
Avatar of xidou

ASKER

When I test with outlook 2007
the first try It do user https to find the server name and user name
after that It go to Server unavai
I believe it is the same reason (outlook 2003) when I use internal FQDN I can not connect to exchange
Avatar of xidou

ASKER

finally done!
The point is rpc-http
you must select no part of exchange mangement rpc-http\
It does matter!