Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RPC-HTTPS Frontend server not connecting

Posted on 2009-03-30
11
Medium Priority
?
573 Views
Last Modified: 2012-08-13
I Have reconfigured my RPC-HTTP setup following Sembee's instruction:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22630640.html

But I am facing connectivity problem. when I am in LAN, the Conn status shows TCP/IP,
but when outside, if fails. Also tried with testexchangeconnectity.com, shows failed on the last stage.
I have FE-BE scenario.

The following is my setup:
Backend: Win2003 Sp2 + Exchange 2003 SP2 + RPC-HTTP (Back-end)
         NetBOIS Name: SRV
         Domain: domain.local
         FQDN: mail.domain.com

Frontend:Win2003 SP2 + Exchange 2003 SP2 + RPC Proxy setting
         NetBOIS Name: Webmail
         Domain: domain.local
         FQDN: webmail.domain.com

         HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
         the values should be entered in the below format:
         SRV:6001-6002; srv.dadholding.local:6001-6002; SRV:6004; srv.dadholding.local:6004;
         SSL Certificate from 3rd party (GeoTrust):
         CN = webmail.domain.com
         O = webmail.domain.com
         IIS Security Authenthication Method:
         Basic authenthication


Outlook Client:
         URL to connect proxy server:
         https:// webmail.domain.com
         Principal name for proxy:
         msstc:webmail.domain.com

Please point my mistake, that i have messed-up, its FE-BE scenario, suppose to be easy setup, but already took 3 days, and counting.

Thanks
0
Comment
Question by:Wrathyimp
  • 6
  • 3
9 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 375 total points
ID: 24035335
If you are in an FE/BE then you shouldn't need my instructions.
The GUI should do everything for you.

As such I would suggest that you reset everything.

Change both servers to not part of the RPC topology in ESM.
Then on any server that has the RPC Proxy installed, remove it and then delete the RPC and RPC-WITH-CERT virtual directories from IIS manager. Then run IISRESET to write the change to the IIS metabase.

Next - reinstall the RPC Proxy component. Finally set the GUI as appropriate and wait 30 minutes.

Inside the LAN you need to ensure the name on the certificate resolves to the INTERNAL IP address of the server.

-M
0
 
LVL 1

Author Comment

by:Wrathyimp
ID: 24036148
I have already tried your suggestion, as you have mentioned in another question before.
I have not done any registry changes as you have mentioned.
Well let me put the actual Domains names, that might point out the problem/conflicts if any.

BackEnd:
NetBIOS: DADSRV
Domain: Dadholding.com
FQDN: mail.dadholding.com

FrontEnd
NetBIOS: DADWEBMAIL
Domain: Dadholding.com
FQDN: webmail.dadholding.com

SSL Certificate from 3rd party (GeoTrust):
CN = webmail.dadholding.com
O = webmail.dadholding.com

Now is there any conflicts in FQDN of the SSL cert and the FE server.
Also I cannot have a HTTPS connection internally to webmail.dadholding.com
www.testexchangeconnectivity.com show a failure at the last stage, the IIS authentication, after passing the SSL certificate and the SSL port 443.

Thank you.
0
 
LVL 1

Author Comment

by:Wrathyimp
ID: 24036783
Sorry the Domain I mentioned is not correct, its the following:
dadholding.local

Backend:
dadsrv.dadholding.local

Frontend:
dadwebmail.dadholding.local

Sorry, for any confusions, little frustrated, due to the problem.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Wrathyimp
ID: 24037618
I am getting RPCPing successful

RPCPinging proxy server webmail.dadholding.com with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in 172 ms
0
 
LVL 1

Author Comment

by:Wrathyimp
ID: 24037650
but I get Failed if I ping mail.dadholding.com

C:\Program Files\Windows Resource Kits\Tools>rpcping -t ncacn_http -s mail.dadho
lding.com -o RpcProxy=mail.dadholding.com -P user,dadholding.local,* -H 1 -u 10 -
a connect -F 3 -R none -v 3 -E
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.2, Service Pack 2
Enter password for RPC/HTTP proxy:

RPCPinging proxy server mail.dadholding.com with Echo Request Packet
Sending ping to server
Error 12175 returned in the WinHttpSendRequest.
Ping failed.
0
 
LVL 1

Author Comment

by:Wrathyimp
ID: 24037945
I have successfully connected with HTTPS.
The problem was using the correct domain name.
I was using the FQDN for my authentication, but it seems to be required to add my local domain, to successfully logon to the RPC proxy.

So I my case, I used dadholding.local\username, and it authenticated me, and I can see now the HTTPS in conn.

but, Now I want to know, how can I save the pasword, so my users need not add the local domain, and username each time the connect outlook, from outside.
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 375 total points
ID: 24039938
If the machine with Outlook is a member of the domain, then change the authentication from Basic to Integrated/NTLM and change the authentication type in Outlook. Then pass through authentication is enabled.

-M
0
 
LVL 1

Author Comment

by:Wrathyimp
ID: 24046606
Yes, I tested it yesterday.
But looks like Outlook performance decreases, is it due to RPC? or just the machine itself.

thanks again Simon.

0
 
LVL 65

Expert Comment

by:Mestha
ID: 24052111
Outlook performance should be unaffected. It takes a few seconds longer to connect, but once it is connected there should be no difference.

-M
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question