Link to home
Create AccountLog in
Avatar of matt2008
matt2008

asked on

Configure RPC over HTTPS Properly

I am trying to setup rpc over https. I followed the latest guides and did the reg inserts and so on. I just keep getting a pop up windows asking me for my username and password. over and over again. I tried everything i am stumped. I really need to get this to work for the 40 users that connect to this thing. Webmail is nice but not going to be liked for much longer.


Attached is the outlook /rpcdiag window. Please help :(

rpcdiag.JPG
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

There are three causes for this...

1. Certificate issues. If the SSL certificate is not accepted then it will fail.
2. Authentication mismatch - you have set Outlook to use Integrated (NTLM) but basic is only enabled on the /rpc virtual directory.
3. The registry settings are wrong.

That is of course presuming that you have met the requirements - Exchange 2003 on Windows 2003, with Windows XP and Outlook 2003 on the client.

Simon.
Avatar of Greg Jacknow
We need a bit more info to help.. Can you describe your infrastructure in terms of firewalls, exchange servers, and DCs.

Greg J
Why is your servername showing up as mail.yourdomain.com/exchange?
Avatar of matt2008
matt2008

ASKER

Basically its a stand alone exchange server held in my colo facilty. It belongs to its own domain. The ssl cert is from godaddy.com  i am able to log in on the web using the form based login so the ssl cert is working. currently its not behind any firewall. It will be after i finally get it working. I am using 2 types of clients all windows xp sp2 but some with office 2003 and some with 2007.
updated screen of it.  it just doesnt connect to anything.
rpcdiag.JPG
ASKER CERTIFIED SOLUTION
Avatar of isaman07
isaman07
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
yeah i do. i followed them guides step by step. i dont know whats wrong. when i just did the one all over in the pdf it tried to connect NETBIOS.domain

Not a fan of those instructions personally. You don't need to have require SSL enabled, the feature will work without that setting. I actually never use the require SSL option on any server I deploy, because I don't open port 80 it isn't required.

I suspect that the registry entries aren't correct. Have you made the domain controller registry entry, even though the machine is a standalone machine?

My instructions on the process are here: http://www.amset.info/exchange/rpc-http.asp

Simon.
i followed those instructions to a tee. i even rebooted just to make sure its all correct. reviewed my registry settings and all. does exchange 2007 require all this to work with outlook. i have the upgrade kit just never thought i would need to do it so soon.
made these 2 reg edits

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
"NSPI Interface protocol sequences"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,\
  68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00

and

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"ValidPorts"="company-web:100-5000;
company-web:6001-6002;
company-web:6004;
company-web.mydomain.local:6001-6002;
company-web.mydomain.local:6004;
mail.mydomain.com:6001-6002;
mail.mydomain.com:6004;"
What about the other two points I made above?
Authentication and SSL?

If you browse to https://host.domain.com/rpc do you get a certificate prompt? If you do then the feature will not work.

Exchange 2007 does not require anything to be done to get it to work other than installing the proxy. Once that it is installed you simply enable the option.

Simon.
when i got to that i get

You are not authorized to view this page
You do not have permission to view this directory or page due to the access control list (ACL) that is configured for this resource on the Web server.
--------------------------------------------------------------------------------

Please try the following:

Contact the Web site administrator if you believe you should be able to view this directory or page.
Click the Refresh button to try again with different credentials.
HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource.
Internet Information Services (IIS)

i have ssl enabled and also purchased a ssl cert with my mail.domain.com on it.
Not really interested in the result of the test, as it will always fail. All that is of interest is whether you get an SSL certificate prompt or not. If you didn't get a prompt then the issue is not with the SSL certificate.

Did you get an authentication prompt? If not, ensure that anonymous is NOT enabled as an authentication type on the /rpc virtual directory in IIS Manager.

Simon.
okay i installed office xp on my exchange server and ran the setup for exchange email.

i got this in the cached exchange box

netbiosname.mail.domain.com

that may be my problem. any ideas how to fix that.
You installed Office ON the Exchange server? That isn't supported and is not something I would recommend. You should remove it. Never install Outlook on the Exchange server.

Outlook XP doesn't support RPC over HTTPS. You need to use Outlook 2003 or higher.

Simon.
i installed 2003 on it. i only did it cause there is no network behind it. i plan on removing it as soon as i figure out why rpc isnt working. The problem at hand is that when i hit check name

this comes up

netbiosname.mail.domain.com

its only suppose to be mail.domain.com

where did i go wrong.
You are wrong.
That is the correct behaviour.
If you are using RPC over HTTPS then you have to add the external information in to another location in Outlook. The NETBIOS name of the server will always appear in the box for check name.

Whether you are going to have Outlook on the Exchange server for ten minutes or forever you still shouldn't do it because it will often screw up the Exchange server due to a MAPI conflict.

Simon.