Jinesh Kumar Kochath
asked on
exchange 2003 and rpc over http through ISA 2006
Hi,
I have configured outlook rpc/http through our exchange 2003 and ISA 2006. After that configured outlook client and when loading outlook 2003, it is asking for exchange server user name and password, but even if type correct password it is not getting login in.
please advise anything else to be checked.
Are you using the syntax "DOMAIN\username" in the login?
ASKER
i tried that way as well, still not working
we have owa that is working fine
we have owa that is working fine
And I guess you've also tried with both authentication types? (basic/NTLM)
ASKER
yes
Now you would need to check what is actually happening on the ISA server by starting a logging session on the OWA publishing rule in the ISA system manager.
Do you have the same certificate on both the ISA and Exchange servers?
Do the PDAs trust the certificate root?
Is FBA enabled on the exchange FE?
Do the PDAs trust the certificate root?
Is FBA enabled on the exchange FE?
ASKER
yes, I have exported same certificate and my OWA is working very good and external users are using OWA.
let me check out my ISA server logs and will come back to you now
let me check out my ISA server logs and will come back to you now
ASKER
I can see log in ISA as saying RPC request is denied.
ASKER
If some one can help me to solve this issue it will be highly appreciated
regards
Jinesh
regards
Jinesh
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
At first thanks for your updates.
Note the following :
1. Windows 2003 SP2 standard edition where exchange 2003 is installed
2. ISA server 2006 in Windows 2003 standard edition joined into the same domain of exchange
3. No, not running small business server
4. I gone through the document, I have changed the values of registry and also added a rule in ISA to pass RPC over http
also, I am running owa before, so certificate is already installed long time back and using the same listener
Awaiting your reply
Note the following :
1. Windows 2003 SP2 standard edition where exchange 2003 is installed
2. ISA server 2006 in Windows 2003 standard edition joined into the same domain of exchange
3. No, not running small business server
4. I gone through the document, I have changed the values of registry and also added a rule in ISA to pass RPC over http
also, I am running owa before, so certificate is already installed long time back and using the same listener
Awaiting your reply
ASKER
Please let me know if you require any other information from my side
If you setup a custom rule in ISA to forward port 443, without a listener, to the exchange server can you connect via rpc? This will hopefully isolate the problem to ISA or Exchange.
ASKER
if you please write me the rule it will be highly appreciated
ASKER
Hi,
I have put a rule as per the following
Name : Forward rpc
Action : Allow
Protocols : Selected Protocols/Exchange RPC server
From : External
To : Internal
Please let me know if this is OK or not
I have put a rule as per the following
Name : Forward rpc
Action : Allow
Protocols : Selected Protocols/Exchange RPC server
From : External
To : Internal
Please let me know if this is OK or not
You want to create a publishing rule for non-web server protocol. Call it test, enter the exchange server ip, choose https server, choose external, then click finish. Lets see if you can connect. If not it could be SSL cert related. Most of the time thats what the issue is. Let me know what happens.
ASKER
From the ISA 2006, I have created as per the following
Firewall policy\Mail server publishing rule\
rule name : test
Client access RPC/IMAP checked
Client Access - Outlook RPC Standard port
Server IP : 192.168.160.3
Listen for Requests for these networks : Internal/External
I done as per above and le tme know what you want to do next
Firewall policy\Mail server publishing rule\
rule name : test
Client access RPC/IMAP checked
Client Access - Outlook RPC Standard port
Server IP : 192.168.160.3
Listen for Requests for these networks : Internal/External
I done as per above and le tme know what you want to do next
I was hoping you would use the publish non-web server publishing rule and open port 443 which is https. Not rpc. In ISA management you will see firewall policy, to the right you will see tasks, please use the above rule and open the https port from external to internal. let me now if you need further clarification.
ASKER
Sorry, now I found it, I have done it. Still same problem cannot connect.
ASKER
You mean it is a certificate problem, but I have certificate exported to ISA and presently my owa is working fine on the same certificate.
Please advise
Please advise
Yes OWA would work but we need to see if rpc is configured correctly. The best way I can think of to do that is forward port 443 (https) directly to the Exchange server. That will narrow the issue to ISA or Exchange. RPC in ISA is port 135 but RPC over Http uses port 443.
ASKER
So, you want me to create another rule for the same.
Sorry getting late an my brain is slowing down. You are sure you have the ssl cert installed on the Outlook client? Also, the http proxy settings must be correct in Outlook.
Https://externaldnsname.domain.com
mutually authenticate
msstd:externaldnsname.doma in.com
basic authentication
Click start run, type Outlook -rpcdiag
Https://externaldnsname.domain.com
mutually authenticate
msstd:externaldnsname.doma
basic authentication
Click start run, type Outlook -rpcdiag
ASKER
ok we will discuss then tomorrow
ASKER
Hi,
After Installed certificate in win xp and configured as per your updates, I am able to login successfully through LAN, but connection status is showing still as tcp/ip, but when I try from remote pc, I am not able to log in.
Also, in outlook -rpcdiag on remote computer is not showing anything.
Please advise any other issues I have to check
After Installed certificate in win xp and configured as per your updates, I am able to login successfully through LAN, but connection status is showing still as tcp/ip, but when I try from remote pc, I am not able to log in.
Also, in outlook -rpcdiag on remote computer is not showing anything.
Please advise any other issues I have to check
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will do that and will come back to u
thanks
thanks
ASKER
I have installed and done run scan and i got a lots of results.
Please advise which one you want to look for
awaiting your reply
Please advise which one you want to look for
awaiting your reply
All please - post them here
ASKER
hi,
it is an html file, how can I upload it for you, please advise
it is an html file, how can I upload it for you, please advise
ASKER
Actually its not that bad - I've seen them with 30 pages plus. These need dealing with though specifically:
An access rule has an empty set of destinations
An access rule has an empty set of sources
The Concurrent TCP Connections from One IP Address Limit
The Denied Connections per Minute from One IP Address Limit
The Server Publishing Failure error alert was signaled 4 times
Following the procedures in the output to address these issues -
the others are warnings but we'll get to them later.
An access rule has an empty set of destinations
An access rule has an empty set of sources
The Concurrent TCP Connections from One IP Address Limit
The Denied Connections per Minute from One IP Address Limit
The Server Publishing Failure error alert was signaled 4 times
Following the procedures in the output to address these issues -
the others are warnings but we'll get to them later.
ASKER
Is thre anything to rectify for RPC over http to pass through
Won't know for sure until you have fixed the basics. The server publishing rule is implicated as this uses the same functions - clean the basics first as per the BPA guide you uploaded, lets see what is left then we can correct it all from a clean position.
ASKER
Hi,
I am happy to inform to inform you that I have resolved this issue, actually what I done I will brief you :
1. Recreated OWA RPC/HTTP rule with listener.
2. Exchange 2003 registry settings for rpc, I was not added in one place our fully qualified domain name.
After I done both these steps, It started working.
Thank a lot for both of you who spent lots of time for solving this issues, I will split the points accordingly
thanks and regards
Jinesh
I am happy to inform to inform you that I have resolved this issue, actually what I done I will brief you :
1. Recreated OWA RPC/HTTP rule with listener.
2. Exchange 2003 registry settings for rpc, I was not added in one place our fully qualified domain name.
After I done both these steps, It started working.
Thank a lot for both of you who spent lots of time for solving this issues, I will split the points accordingly
thanks and regards
Jinesh
Welcome :)