Link to home
Create AccountLog in
Avatar of lrbarrios
lrbarrios

asked on

Authenticating via RPC over HTTP(s) on single/stand-alone Exchange 2003 server

I'm in the process of finalizing the setup of our new/only Exchange 2003 server.  Almost everything (i.e. Exchange/Outlook, OWA, OMA, Exchange Active-Synch) is working perfectly.  The one thing that is NOT working is RPC over HTTP.  It looks like it's setup properly.  I've seen many guides on this and I've done everything that Microsoft, Petri, and MSExchange.org have said.  I ran the rpcnofrontend.exe program.  It all seems pretty straight-forward.  The problem that I have is that I cannot authenticate.  Outlook prompts for login credentials.  After I input my username and password, it just bounces back asking for credentials again.  Every combination of username and password has been tried.  I've tried the web browser 'test' by going to http://servername/rpc.  Nope.  First I tried this whole setup without anything fancy (no SSL, Basic Authentication).  I just wanted to see it work first.  Then, in my reading, I saw passages like "If you use Basic Authentication, you must use SSL."  Was that just a strong suggestion or a real fact?  I ran the Exchange Best Practices Analyzer, but it didn't show me anything related to authentication or security issues.  I got someone who knows more about this than me to help out with creating a certificate on the server.  We setup SSL on the whole Default Web Site.  OWA seemed to respond to that change, but still worked once I provided the httpS:  Exchange Active-Synch broke.  My PDA (Dell Axim, WM5) said the certificate was invalid.  I couldn't figure out how to get around that even though the browser (PC and PDA) seemed to be able to do that.  I don't know if this is relavent or not, but I posted this in a previous question that I've not gotten much response from...  I installed POP and IMAP (to support Blackberries and iPhones).  I can't authenticate to those protocols either.  I've telnet'ed to their ports (110 for example) and tried to login with USER and PASS credentials.  All I get is an -ERR. Login failure.  Unknown username or bad password.  This is really starting to drive me crazy.  My boss is riding my back to get this resolved.  He's even offered me a $100 shopping spree if I can get it fixed before the weekend.  He's really anxious to get this going so he can use the Outlook client instead of OWA.  Please, please, please... Somebody help me out here.  Throw me a bone!!  Thanks for anything...
ASKER CERTIFIED SOLUTION
Avatar of kieran_b
kieran_b
Flag of Australia image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of lrbarrios
lrbarrios

ASKER

kieran_b, Point well taken of the $10.  Thanks for quick response!!  Yes, I did create my own certificate.  Didn't know what I was doing, just following the instruction of the person on the other end of the phone.  I'll try this tomorrow.  I was using my own login on the POP and IMAP.  I know they're good.  I don't remember if I tried the DOMAIN\Username\Alias (I think I did).  Thanks so much.  Please stay with me on this.  :)

Lonnie.
lrbarrios,

To authenticate on POP and IMAP I believe you will need to use the username of username@UPN (ie. username@domain.com) an the usual password.

The SSL Certificate is a valid point from kieran_b and it is always worth purchasing a SSL Certificate. I must also agree on your first coarse of action to be the removal of all aspects of RPC from the GC/Exchange Server and start again fresh.
You can test the imap and pop3 by creating a brand new user and doing it, it is baffling as hell when you come across it :)
kieran_b,

You were right about the POP login.  I telnet'ed to POP and logged in with DOMAIN\username\Alias successfully.  That was amazing!!  I still haven't got the IMAP one working though.  Didn't have time to investigate what's going on there.  I'm in the process of getting a certificate from certificatesforexchange.com.  Which one should I get, Standard SSL?  This will be just for my users to be able to access the Exchange server from outside (via RPC over HTTP).  Our webserver that runs our project management software sits on a hosted server in an AT&T data center.  It has a certificate, but I guess I'll need a different one for my Exchange purpose, right?  Thanks.

Lonnie.
Standard ssl is fine.  IMAP authentication is the same as POP

And yes, you really need a new cert for the mail server.
On the IMAP, when telnet'ing to it and trying to login using
? LOGIN NTDOMAIN/NTACCOUNT/ALIAS PASSWORD
I get
? NO Clear text passwords have been disabled for this protocol.
Currently, I have Simple Authentication and Security Layer/NTLM configured.

Nevermind... I changed it to Basic Authentication (and restarted the service) and now I can login.  Sweet!!  I'll update you after I get the certificate so we can continue...  Thanks for your help.

Lonnie.
kieran_b,

I just wanted to let you know that I worked through the process of getting and installing a certificate.  Once I did that, everything worked fine.  I got it working and called him at 9:30pm on Friday.  Technically it wasn't the weekend, so he owes me that $100 gift card.  :)  This week I'll run around and reconfigure everyone's Outlook for RPC over HTTP.  I'm so glad to get that behind me.  Thanks for your help!

Lonnie.
Thanks again.  I'll be posting another question concerning the certificate issue that I experienced.  I'm sure you'll be able to answer that question as well.