We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

RPC/HTTP on Exchange 2003

Medium Priority
3,920 Views
Last Modified: 2012-05-07
I configured the RPC/HTTP on our Exchange 2003 server but when I perform the Exchange server remote conectivity analyzer (https://testexchangeconnectivity.com/) i am getting the following error " Attempting to Ping RPC Proxy mail.mailserver.com, Cannot ping RPC Proxy)

Please see the complete test results:

Testing RPC/HTTP connectivity
  RPC/HTTP test failed
 Test Steps
   Attempting to Resolve the host name mail.mailserver.com in DNS.
  Host successfully Resolved
 Additional Details
  IP(s) returned: 1.1.1.1
 
 Testing TCP Port 443 on host mail.mailserver.com to ensure it is listening/open.
  The port was opened successfully.
 
 Testing SSL Certificate for validity.
  The certificate passed all validation requirements.
 Test Steps
   Validating certificate name
  Successfully validated the certificate name
 Additional Details
  Found hostname mail.mailserver.com in Certificate Subject Common name  
 
 Validating certificate trust
  Certificate is trusted and all certificates are present in chain
 Additional Details
  The Certificate chain has be validated up to a trusted root. Root = OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US  
 
 Testing certificate date to ensure validity
  Date Validation passed. The certificate is not expired.
 Additional Details
  Certificate is valid: NotBefore = 12/16/2007 4:00:00 PM, NotAfter = 12/17/2011 3:59:59 PM  
 
 Testing Http Authentication Methods for URL https://mail.mailserver.com/rpc/rpcproxy.dll 
  Http Authentication Methods are correct
 Additional Details
  Found all expected authentication methods and no disallowed methods. Methods Found: Basic, Negotiate, NTLM  
 
 Testing SSL mutual authentication with RPC Proxy server
  Successfully verified Mutual Authentication
 Additional Details
  Certificate common name mail.mailserver.com matches msstd:mail.mailserver.com
 
 Attempting to Ping RPC Proxy mail.mailserver.com
  Cannot ping RPC Proxy
 Additional Details
  An HTTP 500 response was returned from Unknown  


Thanks in Advance..
 
Comment
Watch Question

CERTIFIED EXPERT

Commented:
my first question would be does your firewall allow pinging?

Author

Commented:
I am not a netwoking person eventhough I know little bit.. i dont think it alows it.. because i was trying to ping mail.mymailserver.com .. its coming as timed out so .. i am pretty sure pining is not permited..
I had this issue some time back when publishing RPC over HTTP through an ISA Server and the discussion document I created was summarised with:

To configure RPC to work correctly, the following changes were made:
  Removed RPC directory from Exchange publishing rule
Created new publishing rule specifically for RPC directory that re-directed inbound traffic as HTTP traffic to the Web-Site
Changed Web-Site RPC directory rule to allow anonymous connections (also allowed Basic Authentication)
Changed Secure Communications setting to not require SSL connection
Created a DWORD AllowAnonymous with a Value of 1 in the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\RPCProxy

 
This allows the initial connection to made using an anonymous account, with the authentication requests coming from the Exchange Backend Server once the connection is made. The communication via the Web is secure at this point as the unencrypted traffic is localised to the internal network, and the Web Traffic is sent via an encrypted SSL connection between the ISA Server and the Client p.c.
 
At this point the traffic was being received by the RPCProxy service in the prescribed manner but a HTTP return of 501 was being generated.
HTTP status code 501 is defined as function not implemented.
This was resolved by the re-installation of RPC over HTTP on the RPCProxy Server (Web Server)
Once this step was complete RPC over HTTP successfully connected
Try the above and see how you get on

Author

Commented:
My exchange is a stand-alone server , do i still have to make the registry edit?
The changes are made to the Server where the web-site is based, presumably this is the Exchange Server

Author

Commented:
how to i create a DWORD to AllowAnonymous access in regedit?
CERTIFIED EXPERT

Commented:
in regedit, go to the place that you wnt to create the key, and right click on the right windows. The option for 'new' should come up.
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
The "ping" in the error has nothing to do with an external ping. It is an RPC command inside the server.
It normally means that the registry settings haven't been setup correctly and need to be checked.

Simon.

Author

Commented:

I have this regisry key in my exchange / IIS :

servername:100-500:6001-6002;dc.corp.company.com:6001-6002;mailserver::6004;mailserver.corp.company.com:6004;dc:6004;dc.corp.company.com:6004;mail.mailserver.com:6001-6002;mail.mailserver.com:6004;pdc:593;dc.corp.company.com:593;mailserver:593;mailserver.corp.company.com:593;mail.mailserver.com:593;

Author

Commented:
Additional Details
  Exception Details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack Trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.GetSupportedHttpAuthMethods()
at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.PerformTestReally()
 
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Did you make the registry change on the domain controller as well?

Simon.

Author

Commented:
I made only this regedit/registry key on the domain controller:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
"NSPI Interface protocol sequences"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,\
  68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
This feature either works or it doesn't.
I would suggest removing the RPC Proxy from Windows Components, then removing the two RPC virtual directories from IIS manager. After doing that, run IISRESET to write the change to the IIS metabase. Then reinstall the proxy and configure the registry fresh.

Simon.

Author

Commented:
I removed RPC proxy from windows components and followed your instructions.. now i am getting this:

Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mailserver.corp.company.com
  Failed to ping Endpoint

Additional Details
  RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime  


Author

Commented:
this is the only registry key i have it on Exchange server:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"ValidPorts"="
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.local:6001-6002;
dc:6001-6002;
dc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.local:6004;
dc:6004;
dc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
dc:593;
dc.domain.local:593;
exchange-server:593;
exchange-server.domain.local:593;
mail.external.com:593;"

Author

Commented:
exchange-server = Exchange Server
dc = Domain Controller with Global Catalog
domain.local = Internal domain name
mail.external.com = External certificate/domain name
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Those look like my instructions.
http://www.amset.info/exchange/rpc-http-server.asp

The error is a registry failure or an internal firewall blocking the ports. Always is. Is the domain controller Windows 2003? Does it hold the global catalog role?

Simon.

Author

Commented:
yes its windows 2003 - I have to two domain controllers and both of them are global catlog

Author

Commented:
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server
mail.mailserver.com
  Failed to ping Endpoint
   Tell me more about this issue and how to resolve it
 
 Additional Details
  RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime  
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
That is almost always registry issues. One of the changes isn't correct. I have seen it with Exchange 2007 where the name resolution didn't work.

Do this as a test.

telnet server.example.local 6001

(where server.example.local is the server's FQDN).

You should get back

"ncacn_http/1.0"

If you get nothing then either name resolution isn't working or the proxy didn't install correctly.

Simon.

Author

Commented:
when I telnet to 6001 - i am getting back "ncacn_http/1.0"

Author

Commented:
Aslo when I telnet to ports 6002 and 6004 I am getting back the  "ncacn_http/1.0"
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
That means it is listening correctly, so it is back to the registry entries not being correct.

Simon.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.