RPC connections stop on EBS
Posted on 2009-02-17
We've installed EBS 2008 for one of our clients.
we've configured 2 Servers:
1. Dell 2950 32GB + 2x15K 73GB SAS - aka HyperV
2. Dell 1950 4GB + 2x73GB SAS - aka GW
3. HP MSA2000i 2.4TB Storage - aka Storage
4. Hp Workstation 2GB + 1x500GB SATA - aka Backup
On the Hyper-V We've installed the Management & the Messaging servers
On the GW We've installed the security server
(on the Hyper-V we installed another TS server)
We've installed WindowsXP & a dedicated backup software on the backup so we can do a brick level and mailboxes backup on the Exchange and files.
We've installed EBS 2008 as mentioned.
We've used the name remote.domain.com as their published external name.
We've configured the ISA and I can access the OWA and users have email - so far so good.
The problem started when we wanted to add external users which should use RPC over HTTPS (Outlook Anywhere) to access the Mail using Outlook client.
The Autodiscover was always failing (even though We've added the autodiscover.domain.com DNS record to point to the external IP of the security server) - we kept getting an error.
When we accessed the Portal we kept getting error on unknown certificate.
We've purchased a valid certificate from Thawte for remote.domain.com which was ok for the remote.domain.com Portal but not for the Autodiscover.
We've decided that I have 2 options:
1. purchase another autodiscover.domain.com name certificate
2. create a new Exchange 2007 certificate which will include both names (remote & Autodiscover).
Since we only have 1 external IP address (255.255.255.252), and We've noticed that the security server is configured automatically with 1 WebListener (I need another one and another IP which I don't have) - we went with option #2:
We've issued a new Exchange07 certificate using the command:
New-ExchangeCertifiacte -GenerateRequest:$True -subjectname ......
We used the CA on the Management server for the issuing (I wanted to verify before committing another purchase at Thawte), installed the certificate on the IIS Msg and exported the chain to the WebListener on the security server.
We changed the redirect rule on the ISA to point to the Msg.
At the end, after installing the certificate on an external workstation We're able to Autodiscover it in the world and even connect using RPC over Https. But with some errors:
The errors We've encountered are:
1. The RPC stops with no valid reason. IIS service should be restarted
2. Redirect on deny doesn't work for the remote.domain.com (used to load the portal automatically) - now we need to use remote.domain.com/remote.
3. The SSO doesn't work.
The REAL problem is that the RPC stops and then the Outlook Anywhere service does not function. a restart to the IIS service on the Messaging (and sometimes a restart to all Exchange services) solves it till next time)
My questions are:
1. Did I work correctly?
2. Should EBS handle Autodiscover in a more elegant way?
3. How can I resolve my errors?
Please help as it is a major issue, the customer can not access the email from time to time when the RPC stops...