?
Solved

RPC over HTTP with wildcard certificate

Posted on 2009-04-21
17
Medium Priority
?
1,567 Views
Last Modified: 2012-05-06
I have a Windows 2003 SBS server - Premium that was running ISA as the primary firewall.  Due to several reasons, we have removed ISA from the server and are now using a firewall appliance.  The problem I'm having now is that we also re-key'd our certificate in the process.  OWA works great and recognizes the new cert.  This is a Godaddy wildcard cert for our domain.

But when using RPC over HTTP for Outlook Anywhere, if I allow NTLM Auth, I get an error stateing that the certificate is invalid and doesn't match the name.  I have tried the msstd:*.domainname.com in the proxy settings.

If I use Basic Authentication, I get an error stateing that Outlook has to be online in order to connect.

The same laptop I'm testing Outlook from can connect to RPC on a different server without issue, so this points to a prob on the server.  Ideas?

thanks ahead of time!

jf
0
Comment
Question by:dcs_thebob
  • 9
  • 7
17 Comments
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24202527
Go through this video

http://www.msexchange.org/player.asp?AfmVAZKKHQ

Rajith.
0
 

Author Comment

by:dcs_thebob
ID: 24206962
Thanks for the post.  That Video rocks....but it's for Exchange 2007, not 2003 (my SBS is 2003).  I've tried the "msstd" fix on the client side with no luck.
Anyone know if I can change the CertPrincipleName value (or something like it) in Exchange 2003 like they show happening in the 2007 console?
jf
0
 
LVL 15

Expert Comment

by:vico1
ID: 24211028
What os is the client machine?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:dcs_thebob
ID: 24216144
Currently, I'm using a Vista Ultimate with Outlook 2007 machine.  I'm about to try a new/different machine for testing.
0
 
LVL 15

Expert Comment

by:vico1
ID: 24216613
Ok you need to properly download the certificate from the server that's your problem.
to do that do the following:

Start the same way that you would on XP, Except that you have to browse to put the certificate in the correct container.
see the picture below.

Vico1
0
 
LVL 15

Expert Comment

by:vico1
ID: 24216641
Picture did not upload
I'll try again
0
 
LVL 15

Expert Comment

by:vico1
ID: 24216663
Still did not.

You need to browse your Cert to the following folder:
"Trusted Root Certification Authorities"
0
 

Author Comment

by:dcs_thebob
ID: 24216681
Thanks for trying!
Are you talking about on the server or on the workstation side?  The cert is there on the server side.  
 
0
 
LVL 15

Expert Comment

by:vico1
ID: 24216834
workstation.
Download the certificate from https://yoursbsserver.com/remote
0
 

Author Comment

by:dcs_thebob
ID: 24217183
Ah...maybe this is a clue.  I can't access /remote.  I even logged into the server and tried to access the /remote url from the server itself.  I get a standard: "the page cannot be found" error 404.
Again, OWA is working great.  I ran the Internet Connection Wizard, but no joy here.  
 
0
 
LVL 15

Expert Comment

by:vico1
ID: 24217919
Workstation side.

You need to download it from:
https://YourSBSServer.com/remote

Vico1
0
 
LVL 15

Expert Comment

by:vico1
ID: 24217935
Is the client accessing  locally or externally?
0
 

Author Comment

by:dcs_thebob
ID: 24218224
externally.  I've tried internally with the /rpcdiag, but it always connects TCP/IP even though I tell it to use HTTP on both fast and slow networks.

Externally,
0
 

Author Comment

by:dcs_thebob
ID: 24218238
externally.  I've tried internally with the /rpcdiag, but it always connects TCP/IP even though I tell it to use HTTP on both fast and slow networks.

Externally, I get the cert error (with Ntlm) or the 'outlook must be online' error using Basic Auth.
0
 
LVL 15

Expert Comment

by:vico1
ID: 24218914
You cannot use NLM externally. (Basic Password)
and the certificate must be down loaded just like I told you.
Your SBS server contain a Customized setup for RPC over HTTP, to access it do the following:

Go to https://YourSBSServer.com/Remote
Then click on Remote web work place
then click on Configure outlook via the internet.

Now to be able to do this, The following must be true:

- Port 443 from your router is fowarded to the SBSServer
- Remote web workplace must be enable. (You can enable it by running the Connect to the internet wizard located in to do list from server management)

Good luck!
0
 

Accepted Solution

by:
dcs_thebob earned 0 total points
ID: 24242627
Thanks for all the help!  I did what you suggested with no luck.  But!  I have fixed the issue (almost by accident).
There had been some additional Websites setup on this server by the end-user.  After I tinkered around in IIS some, I found that the Default site (the SBS one) was not setup like my test box.  I went in and configured the IP bindings to specific IP's (not 'all unassigned') and that did something!  
I don't know why that would have played a part in it, but it started working and is working now.  My only guess is that the other sites were somehow conflicting with the SBS functionality.  
thanks again!
tb
0
 
LVL 15

Expert Comment

by:vico1
ID: 24285793
Good!
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month17 days, 4 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question