outlook 2003 rpc over http client does not connect to exchange 2007 server (but outlook 2007 does connect)

Posted on 2009-02-18
Last Modified: 2012-05-06

i have a mixed moded exchange 2003/2007 setup and in process of starting to migrate users mailboxes from 2003 to 2007 mailbox server

I have moved 1 test mailbox from 2003 to 2007 and used to be able to access it from both outlook 2003 and 2007 both using mapi and rpc over http.

i have tried to implement an ISA 2006 solution but ran into network layout issues and have abonded the project and am going back to a simple 2007 exchange setup without ISA

i have now run into the issue where outlook 2007 users with mailboxes on 2007 exchange server can connect both via map and rpc over http (from outside the LAN) but i have a 2nd laptop which i use for testing and for the same mailbox i run an outlook 2003 client and this client cannot connect to the 2007 exchange server

OWA access works fine from both laptops, the certificate is also installed correctly (else owa wouldn't work and outlook 2007 neither)

when running outlook (2003) with /rpcdiag i can see it is trying to connect, i enter the username and password but the login box just keeps popping up time and time again, when the outlook 2003 client is on the lan it connects without any problems to the 2007 exchagne server so it is a pure rpc over http issue between outlook 2003 and exchange 2007 (which used to work)

i have checked on the exchange server that:

1) all outlook client are allowed to connect
2) certificates are installed okay
3) mapiencryption is set to false
4) mapiblockoutoutlookrpcoverhttp is set to false
5) outlookanywhere authentication is set to basic

i can connect to owa using same hostname and double checked the exchange proxy settings are exactly the same on the outlook 2003 and 2007 client, when pinging the hostname it resolves to the same ip address

has anyone come accross this issue before and or know what to check to resolve this issue?

many thanks

Question by:butrousbutrous
    LVL 65

    Expert Comment

    This feature either works or it doesn't.
    Run the setup with a test account through the Microsoft test site:

    Is the certificate a commercial certificate or are you still using the self generated certificate?


    Author Comment


    it works on outlook 2007 but not 2003, that is what is bothering me too
    i ran the analyser and it seems to fail on this

    The certificate common name *, doesn't validate against Mutual Authentication string provided

    I have a wildcard certificate installed on the server, so it resolves both to the internal name and the FQDN

    the weird thing is that this used to work for outlook 2003 clients, prior before me dabbing into trying to use ISA 2006 firewall

    LVL 65

    Accepted Solution

    This is your problem: "The certificate common name *, doesn't validate against Mutual Authentication string provided"

    The MSSTD value has to match exactly with the certificate. "*" is not the same as ""

    You shouldn't use a wildcard certificate anyway. That is not the kind of certificate that Exchange 2007 requires. You aren't the first to make that mistake and you will not be the last. You need a SAN/UC certificate which contains specific names in the certificate.


    Author Comment

    do you know of an article that shows that wildcard ssl are not supported?

    I did a lot of research and looked into this and from everything that i have read you can use wildcard certificates. I don't like SAN certificates but if that is the way to go then i will create a new SAN certificate and take it from there, (reasoning behind wildcard certificate was issue with outlook 2007 when connecting on the local lan, i did not like the DNS solution so went with the wildcard solution)

    btw i just did a search and found this article and i changed the msstd settings to on outlook 2003  * and now it is connected.

    outlook 2007 still has the msstd settings and is happy as well (those settings are not like by outlook 2003)

    thanks for pointing me in the right direction, without the MSSTD suggestion i would have never found the above article


    Author Closing Comment

    Mestha pointed me into the right direction

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now