chrisryhal
asked on
RPC Over HTTPS
Ok I give up. I have been on this task for 4 hours now. I have "single" exchange server 2003 with SP2 installed and configured as a backend server as instructed. I have modified the register like in the below code. I have enabled SSL and am able to able to browse to my domain using OWA using SSL just fine. http://www.ryhal.com/exchange
I have configured the IIS RPC virtual diretory's. I have tried to setup Outlook 2007 to connec to the FQDN NetBIOS names "sls-ce10p12" and "sls-ce10p12.dca2.superb.n et" and then enabled Connect Using HTTP. I have TCP ports open on the firewall 6000 thru 6004. I am prompted for credentials within outlook, but no luck when I type them in. I even ryhal DOMAINNAME\USER with nothing. Any ideas or is there an easier way? I don't want to POP the email. The domain name is RYHAL.COM
I have configured the IIS RPC virtual diretory's. I have tried to setup Outlook 2007 to connec to the FQDN NetBIOS names "sls-ce10p12" and "sls-ce10p12.dca2.superb.n
sls-ce10p12:6001-6002;sls-ce10p12.dca2.superb.net:6001-6002;ryhal.com:6001-6002;sls-ce10p12:6004;sls-ce10p12.dca2.superb.net:6004;ryhal.com:6004
The only entries that should be in the registry are the ones that match the host name on your SSL certificate. I don't know why you have those other names in there.
Is the SSL certificate a commercial one or a home grown certificate? If it is the latter it needs to be the former.
The three most common reasons for this feature to fail are
- SSL certificate trust issues
- Authentication mismatch (basic on the virtual directory, NTLM in Outlook or Integrated on the virtual directory and basic in Outlook)
- Registry settings.
Simon.
Is the SSL certificate a commercial one or a home grown certificate? If it is the latter it needs to be the former.
The three most common reasons for this feature to fail are
- SSL certificate trust issues
- Authentication mismatch (basic on the virtual directory, NTLM in Outlook or Integrated on the virtual directory and basic in Outlook)
- Registry settings.
Simon.
ASKER
Raqhuv: I am prompted for credentials, i type them in, and blank page yes.
Mestha: I have basic and integrated set on both of the virtual directory's as the articles Raqhuv suggested. I have been through every one of those. I setup a Certificate Authority on the server, and generated it myself. I know several locations where they are not commercial and it works.
Mestha: I have basic and integrated set on both of the virtual directory's as the articles Raqhuv suggested. I have been through every one of those. I setup a Certificate Authority on the server, and generated it myself. I know several locations where they are not commercial and it works.
ASKER
The reason my registry looks the way it does, is because nearly all the tutorials instructed me too do it that way.
Mine wouldn't have done.
http://www.amset.info/exchange/rpc-http.asp
I also never recommend using a self generated certificate. While it can be made to work, it can take many hours. I can get this feature to work in less than 30 minutes, including the time to get the certificate.
Simon.
http://www.amset.info/exchange/rpc-http.asp
I also never recommend using a self generated certificate. While it can be made to work, it can take many hours. I can get this feature to work in less than 30 minutes, including the time to get the certificate.
Simon.
ASKER
Ok, I think first thing is to get the SSL Cert from a trusted authority. I'll do that first. Looked at your article and its a LOT easier than the others. Will be in touch
ASKER
Any chance you could confirm what ports need open for this to work through the firewall?
ASKER
Well I did as instructed and something still is not right. I ran the test from the https://www.testexchangeconnectivity.com/ and here is the result.
Here is the registry keys I created:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Rpc\Rpc Proxy]
"ValidPorts"="sls-ce10p12: 100-5000;
sls-ce10p12:6001-6002;
sls-ce10p12:6004;
sls-ce10p12.ryhal.com:6001 -6002;
sls-ce10p12.ryhal.com:6004 ;
www.ryhal.com:6001-6002;
www.ryhal.com:6004;"
Here is the registry keys I created:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA
"ValidPorts"="sls-ce10p12:
sls-ce10p12:6001-6002;
sls-ce10p12:6004;
sls-ce10p12.ryhal.com:6001
sls-ce10p12.ryhal.com:6004
www.ryhal.com:6001-6002;
www.ryhal.com:6004;"
Attempting to Resolve the host name www.ryhal.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: 66.36.240.70
Testing TCP Port 443 on host www.ryhal.com to ensure it is listening/open.
The port was opened successfully.
Testing SSLCertificate for validity.
The certificate passed all validation requirements.
Additional Details
Subject: CN=www.ryhal.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT92215490, O=www.ryhal.com, C=US, Issuer CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Testing SSL mutual authentication with RPC Proxy server
Successfully verified Mutual Authentication
Additional Details
Certificate common name www.ryhal.com matches msstd:www.ryhal.com
Testing Http Authentication Methods for URL https://www.ryhal.com/rpc/rpcproxy.dll
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods Methods Found: Negotiate NTLM
Attempting to Ping RPC Proxy www.ryhal.com
Pinged RPC Proxy successfully
Additional Details
Completed with HTTP status 200 - OK
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server sls-ce10p12.ryhal.com
Failed to ping Endpoint
Tell me more about this issue and how to resolve it
Additional Details
RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime
ASKER
Ports 6000-6004 are open as well
You only need port 443. Any other ports that you have opened should be closed.
Is sls-ce10p12 your Exchange server? Its INTERNAL FQDN?
Simon.
Is sls-ce10p12 your Exchange server? Its INTERNAL FQDN?
Simon.
ASKER
See attached.
Doc1.doc
Doc1.doc
ASKER
Doing an IPCONFIG /ALL it displays at sls-ce10p12
Pinging sls-ce10p12 resolves to sls-ce10p12.dca2.superb.ne t
I have tried modifying the register to reflect both with no luck
Pinging sls-ce10p12 resolves to sls-ce10p12.dca2.superb.ne
I have tried modifying the register to reflect both with no luck
I don't open .doc files on this site as they can hold a payload.
The entries that you have to put in to your registry is the server's real FQDN, as shown on the properties of My Computer.
Simon.
The entries that you have to put in to your registry is the server's real FQDN, as shown on the properties of My Computer.
Simon.
ASKER
Thats what I sent, just a screenshot of the My Computer. Its sls-ce10p12.dca2.superb.ne t
Tried that with no luck
Tried that with no luck
"superb.net" seems to be a major internet hosting company. Is that what your AD name is?
Simon.
Simon.
ASKER
Correct, Superb is a hosting company, but I own a dedicated server that I terminal services into. Its my hardware so I am able to do whatever I want with it. I just host it there because I needed the bandwidth for what I do. That word contains a screenshot of the My Computer properties (I realize you stated you didn't to open it) so I made a link to it here so you could just see the .JPG file.
http://ryhal.com/Mycomputer.jpg
You don't realize HOW much I appreciate this. If I can be of ANY development or DB assistance please feel free to let me know. This RPC is something I have actually attempted in the past with no luck. Just trying to prevent the need for VPN and I REALLY would like to work with Exchange versus the POP3 function.
http://ryhal.com/Mycomputer.jpg
You don't realize HOW much I appreciate this. If I can be of ANY development or DB assistance please feel free to let me know. This RPC is something I have actually attempted in the past with no luck. Just trying to prevent the need for VPN and I REALLY would like to work with Exchange versus the POP3 function.
Is the server part of an Active Directory domain?
When you configured the AD domain what did you configure as your internal DNS?
The settings are now confusing.
The usual state for a machine is host.example.com, where host is the server's name, example.com is the WINDOWS domain.
In your example, your WINDOWS domain and the server's FQDN are completely different. I don't know how RPC over HTTPS is going to react to that, if it can cope with it.
Is this machine also a domain controller?
Simon.
When you configured the AD domain what did you configure as your internal DNS?
The settings are now confusing.
The usual state for a machine is host.example.com, where host is the server's name, example.com is the WINDOWS domain.
In your example, your WINDOWS domain and the server's FQDN are completely different. I don't know how RPC over HTTPS is going to react to that, if it can cope with it.
Is this machine also a domain controller?
Simon.
ASKER
Domain Controller: Yes
Exchange on this box: Yes
AD Domain: Ryhal.com
I did not specify the name of the machine but will request it to be changed. It should be something like <computername>.ryhal.com versus the whole sls-ce10p12.dca2.superb.ne t then I assume?
Exchange on this box: Yes
AD Domain: Ryhal.com
I did not specify the name of the machine but will request it to be changed. It should be something like <computername>.ryhal.com versus the whole sls-ce10p12.dca2.superb.ne
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just found out that the reaason for the "dca2.superb.net" was merely just a DNS suffix. I removed the dns suffix, now I the name is sls-ce10p12.ryhal.com and always was, other than that suffix the host put on there. I'm going to try again and let you know the result
ASKER
Ok, this is resolved. Simon, thanks SOOOOOOOO much for ALL the feedback. After taking your recommendations, etc, regarding the SSL cert, etc, finally got this going. Thanks again!
http://www.msexchange.org/tutorials/outlookrpchttp.html
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
http://www.petri.co.il/testing_rpc_over_http_connection.htm
http://www.msexchange.org/tutorials/Outlook_2003_Connect_Exchange_2003.html
PS: Also check if you are getting a blank page, when you try to browse the rpcproxy.dll from the computer where you have Outlook installed (https://mail.domain.com/rpc/rpcproxy.dll)