exchange 2003 and rpc over http through ISA 2006

Are you using the syntax "DOMAIN\username" in the login?

i tried that way as well, still not working
we have owa that is working fine

And I guess you've also tried with both authentication types? (basic/NTLM)

yes

Now you would need to check what is actually happening on the ISA server by starting a logging session on the OWA publishing rule in the ISA system manager.

Do you have the same certificate on both the ISA and Exchange servers?
Do the PDAs trust the certificate root?
Is FBA enabled on the exchange FE?

yes, I have exported same certificate and my OWA is working very good and external users are using OWA.
let me check out my ISA server logs and will come back to you now

I can see log in ISA as saying RPC request is denied.

If some one can help me to solve this issue it will be highly appreciated

regards

Jinesh

At first thanks for your updates.
Note the following :
1. Windows 2003 SP2 standard edition where exchange 2003 is installed
2. ISA server 2006 in Windows 2003 standard edition joined into the same domain of exchange
3. No, not running small business server
4. I gone through the document, I have changed the values of registry and also added a rule in ISA to pass RPC over http

also, I am running owa before, so certificate is already installed long time back and using the same listener
Awaiting your reply

Please let me know if you require any other information from my side

If you setup a custom rule in ISA to forward port 443, without a listener, to the exchange server can you connect via rpc? This will hopefully isolate the problem to ISA or Exchange.

if you please write me the rule it will be highly appreciated

Hi,
I have put a rule as per the following
Name : Forward rpc
Action : Allow
Protocols : Selected Protocols/Exchange RPC server
From : External
To : Internal

Please let me know if this is OK or not

You want to create a publishing rule for non-web server protocol. Call it test, enter the exchange server ip, choose https server, choose external, then click finish. Lets see if you can connect. If not it could be SSL cert related. Most of the time thats what the issue is. Let me know what happens.

From the ISA 2006, I have created as per the following
Firewall policy\Mail server publishing rule\
rule name : test
Client access RPC/IMAP checked
Client Access - Outlook RPC Standard port
Server IP : 192.168.160.3
Listen for Requests for these networks : Internal/External

I done as per above and le tme know what you want to do next

I was hoping you would use the publish non-web server publishing rule and open port 443 which is https. Not rpc. In ISA management you will see firewall policy, to the right you will see tasks, please use the above rule and open the https port from external to internal. let me now if you need further clarification.

Sorry, now I found it, I have done it. Still same problem cannot connect.

You mean it is a certificate problem, but I have certificate exported to ISA and presently my owa is working fine on the same certificate.
Please advise

Yes OWA would work but we need to see if rpc is configured correctly. The best way I can think of to do that is forward port 443 (https) directly to the Exchange server. That will narrow the issue to ISA or Exchange. RPC in ISA is port 135 but RPC over Http uses port 443.

So, you want me to create another rule for the same.

Sorry getting late an my brain is slowing down. You are sure you have the ssl cert installed on the Outlook client? Also, the http proxy settings must be correct in Outlook.

Https://externaldnsname.domain.com
mutually authenticate
msstd:externaldnsname.domain.com
basic authentication

Click start run, type Outlook -rpcdiag

ok we will discuss then tomorrow

Hi,
After Installed certificate in win xp and configured as per your updates, I am able to login successfully through LAN, but connection status is showing still as tcp/ip, but when I try from remote pc, I am not able to log in.
Also, in outlook -rpcdiag on remote computer is not showing anything.
Please advise any other issues I have to check

I will do that and will come back to u
thanks

I have installed and done run scan and i got a lots of results.
Please advise which one you want to look for
awaiting your reply

All please - post them here

hi,
it is an html file, how can I upload it for you, please advise

please find the file in pdf format

isa-report-r2.pdf

Actually its not that bad - I've seen them with 30 pages plus. These need dealing with though specifically:

An access rule has an empty set of destinations
An access rule has an empty set of sources
The Concurrent TCP Connections from One IP Address Limit
The Denied Connections per Minute from One IP Address Limit
The Server Publishing Failure error alert was signaled 4 times

Following the procedures in the output to address these issues -
the others are warnings but we'll get to them later.

Is thre anything to rectify for RPC over http to pass through

Won't know for sure until you have fixed the basics. The server publishing rule is implicated as this uses the same functions - clean the basics first as per the BPA guide you uploaded, lets see what is left then we can correct it all from a clean position.

Hi,
I am happy to inform to inform you that I have resolved this issue, actually what I done I will brief you :
1. Recreated OWA RPC/HTTP rule with listener.
2. Exchange 2003 registry settings for rpc, I was not added in one place our fully qualified domain name.
After I done both these steps, It started working.
Thank a lot for both of you who spent lots of time for solving this issues, I will split the points accordingly
thanks and regards
Jinesh

Welcome :)