exchange 2003 and rpc over http through ISA 2006


Hi,
I have configured outlook rpc/http through our exchange 2003 and ISA 2006. After that configured outlook client and when loading outlook 2003, it is asking for exchange server user name and password, but even if type correct password it is not getting login in.
please advise anything else to be checked.

Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Redwulf__53Commented:
Are you using the syntax "DOMAIN\username" in the login?
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
i tried that way as well, still not working
we have owa that is working fine
0
Redwulf__53Commented:
And I guess you've also tried with both authentication types? (basic/NTLM)
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
yes
0
Redwulf__53Commented:
Now you would need to check what is actually happening on the ISA server by starting a logging session on the OWA publishing rule in the ISA system manager.
0
AndyJG247Commented:
Do you have the same certificate on both the ISA and Exchange servers?
Do the PDAs trust the certificate root?
Is FBA enabled on the exchange FE?
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
yes, I have exported same certificate and my OWA is working very good and external users are using OWA.
let me check out my ISA server logs and will come back to you now
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
I can see log in ISA as saying RPC request is denied.
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
If some one can help me to solve this issue it will be highly appreciated

regards

Jinesh
0
murgroupCommented:
I would like to help you resolve this. What Server OS are you running? Is everything on the same box? Exchange and ISA 2006. Your not running Small Business Server are you? Did you go throught the Microsoft setup for RPC over Http?
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
At first thanks for your updates.
Note the following :
1. Windows 2003 SP2 standard edition where exchange 2003 is installed
2. ISA server 2006 in Windows 2003 standard edition joined into the same domain of exchange
3. No, not running small business server
4. I gone through the document, I have changed the values of registry and also added a rule in ISA to pass RPC over http

also, I am running owa before, so certificate is already installed long time back and using the same listener
Awaiting your reply




0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
Please let me know if you require any other information from my side
0
murgroupCommented:
If you setup a custom rule in ISA to forward port 443, without a listener, to the exchange server can you connect via rpc? This will hopefully isolate the problem to ISA or Exchange.
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
if you please write me the rule it will be highly appreciated
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
Hi,
I have put a rule as per the following
Name : Forward rpc
Action : Allow
Protocols : Selected Protocols/Exchange RPC server
From : External
To : Internal

Please let me know if this is OK or not


0
murgroupCommented:
You want to create a publishing rule for non-web server protocol. Call it test, enter the exchange server ip, choose https server, choose external, then click finish. Lets see if you can connect. If not it could be SSL cert related. Most of the time thats what the issue is. Let me know what happens.
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
From the ISA 2006, I have created as per the following
Firewall policy\Mail server publishing rule\
rule name : test
Client access RPC/IMAP checked
Client Access - Outlook RPC Standard port
Server IP : 192.168.160.3
Listen for Requests for these networks : Internal/External

I done as per above and le tme know what you want to do next

0
murgroupCommented:
I was hoping you would use the publish non-web server publishing rule and open port 443 which is https. Not rpc. In ISA management you will see firewall policy, to the right you will see tasks, please use the above rule and open the https port from external to internal. let me now if you need further clarification.
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
Sorry, now I found it, I have done it. Still same problem cannot connect.

0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
You mean it is a certificate problem, but I have certificate exported to ISA and presently my owa is working fine on the same certificate.
Please advise
0
murgroupCommented:
Yes OWA would work but we need to see if rpc is configured correctly. The best way I can think of to do that is forward port 443 (https) directly to the Exchange server. That will narrow the issue to ISA or Exchange. RPC in ISA is port 135 but RPC over Http uses port 443.
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
So, you want me to create another rule for the same.
0
murgroupCommented:
Sorry getting late an my brain is slowing down. You are sure you have the ssl cert installed on the Outlook client? Also, the http proxy settings must be correct in Outlook.

Https://externaldnsname.domain.com
mutually authenticate
msstd:externaldnsname.domain.com
basic authentication

Click start run, type Outlook -rpcdiag
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
ok we will discuss then tomorrow
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
Hi,
After Installed certificate in win xp and configured as per your updates, I am able to login successfully through LAN, but connection status is showing still as tcp/ip, but when I try from remote pc, I am not able to log in.
Also, in outlook -rpcdiag on remote computer is not showing anything.
Please advise any other issues I have to check
0
Keith AlabasterEnterprise ArchitectCommented:
Install .net 1.1 on the ISA server.
Run up the BPA - anything listed ?
http://www.microsoft.com/downloads/details.aspx?FamilyID=d22ec2b9-4cd3-4bb6-91ec-0829e5f84063&DisplayLang=en
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
I will do that and will come back to u
thanks
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
I have installed and done run scan and i got a lots of results.
Please advise which one you want to look for
awaiting your reply
0
Keith AlabasterEnterprise ArchitectCommented:
All please - post them here
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
hi,
it is an html file, how can I upload it for you, please advise
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
please find the file in pdf format

isa-report-r2.pdf
0
Keith AlabasterEnterprise ArchitectCommented:
Actually its not that bad - I've seen them with 30 pages plus. These need dealing with though specifically:

An access rule has an empty set of destinations
An access rule has an empty set of sources
The Concurrent TCP Connections from One IP Address Limit
The Denied Connections per Minute from One IP Address Limit
The Server Publishing Failure error alert was signaled 4 times

Following the procedures in the output to address these issues -
the others are warnings but we'll get to them later.
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
Is thre anything to rectify for RPC over http to pass through
0
Keith AlabasterEnterprise ArchitectCommented:
Won't know for sure until you have fixed the basics. The server publishing rule is implicated as this uses the same functions - clean the basics first as per the BPA guide you uploaded, lets see what is left then we can correct it all from a clean position.
0
Jinesh Kumar KochathSr. IT Manager (Middle East & South East Asia)Author Commented:
Hi,
I am happy to inform to inform you that I have resolved this issue, actually what I done I will brief you :
1. Recreated OWA RPC/HTTP rule with listener.
2. Exchange 2003 registry settings for rpc, I was not added in one place our fully qualified domain name.
After I done both these steps, It started working.
Thank a lot for both of you who spent lots of time for solving this issues, I will split the points accordingly
thanks and regards
Jinesh
0
Keith AlabasterEnterprise ArchitectCommented:
Welcome :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.