Solved

RPC/HTTP on Exchange 2003

Posted on 2009-06-30
24
3,819 Views
Last Modified: 2012-05-07
I configured the RPC/HTTP on our Exchange 2003 server but when I perform the Exchange server remote conectivity analyzer (https://testexchangeconnectivity.com/) i am getting the following error " Attempting to Ping RPC Proxy mail.mailserver.com, Cannot ping RPC Proxy)

Please see the complete test results:

Testing RPC/HTTP connectivity
  RPC/HTTP test failed
 Test Steps
   Attempting to Resolve the host name mail.mailserver.com in DNS.
  Host successfully Resolved
 Additional Details
  IP(s) returned: 1.1.1.1
 
 Testing TCP Port 443 on host mail.mailserver.com to ensure it is listening/open.
  The port was opened successfully.
 
 Testing SSL Certificate for validity.
  The certificate passed all validation requirements.
 Test Steps
   Validating certificate name
  Successfully validated the certificate name
 Additional Details
  Found hostname mail.mailserver.com in Certificate Subject Common name  
 
 Validating certificate trust
  Certificate is trusted and all certificates are present in chain
 Additional Details
  The Certificate chain has be validated up to a trusted root. Root = OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US  
 
 Testing certificate date to ensure validity
  Date Validation passed. The certificate is not expired.
 Additional Details
  Certificate is valid: NotBefore = 12/16/2007 4:00:00 PM, NotAfter = 12/17/2011 3:59:59 PM  
 
 Testing Http Authentication Methods for URL https://mail.mailserver.com/rpc/rpcproxy.dll
  Http Authentication Methods are correct
 Additional Details
  Found all expected authentication methods and no disallowed methods. Methods Found: Basic, Negotiate, NTLM  
 
 Testing SSL mutual authentication with RPC Proxy server
  Successfully verified Mutual Authentication
 Additional Details
  Certificate common name mail.mailserver.com matches msstd:mail.mailserver.com
 
 Attempting to Ping RPC Proxy mail.mailserver.com
  Cannot ping RPC Proxy
 Additional Details
  An HTTP 500 response was returned from Unknown  


Thanks in Advance..
 
0
Comment
Question by:Abi_003
  • 14
  • 6
  • 2
  • +1
24 Comments
 
LVL 12

Expert Comment

by:ryan80
ID: 24745153
my first question would be does your firewall allow pinging?
0
 

Author Comment

by:Abi_003
ID: 24745172
I am not a netwoking person eventhough I know little bit.. i dont think it alows it.. because i was trying to ping mail.mymailserver.com .. its coming as timed out so .. i am pretty sure pining is not permited..
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24745182
I had this issue some time back when publishing RPC over HTTP through an ISA Server and the discussion document I created was summarised with:

To configure RPC to work correctly, the following changes were made:
  Removed RPC directory from Exchange publishing rule
Created new publishing rule specifically for RPC directory that re-directed inbound traffic as HTTP traffic to the Web-Site
Changed Web-Site RPC directory rule to allow anonymous connections (also allowed Basic Authentication)
Changed Secure Communications setting to not require SSL connection
Created a DWORD AllowAnonymous with a Value of 1 in the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\RPCProxy

 
This allows the initial connection to made using an anonymous account, with the authentication requests coming from the Exchange Backend Server once the connection is made. The communication via the Web is secure at this point as the unencrypted traffic is localised to the internal network, and the Web Traffic is sent via an encrypted SSL connection between the ISA Server and the Client p.c.
 
At this point the traffic was being received by the RPCProxy service in the prescribed manner but a HTTP return of 501 was being generated.
HTTP status code 501 is defined as function not implemented.
This was resolved by the re-installation of RPC over HTTP on the RPCProxy Server (Web Server)
Once this step was complete RPC over HTTP successfully connected
Try the above and see how you get on
0
 

Author Comment

by:Abi_003
ID: 24745260
My exchange is a stand-alone server , do i still have to make the registry edit?
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24745316
The changes are made to the Server where the web-site is based, presumably this is the Exchange Server
0
 

Author Comment

by:Abi_003
ID: 24745396
how to i create a DWORD to AllowAnonymous access in regedit?
0
 
LVL 12

Expert Comment

by:ryan80
ID: 24745577
in regedit, go to the place that you wnt to create the key, and right click on the right windows. The option for 'new' should come up.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24745603
The "ping" in the error has nothing to do with an external ping. It is an RPC command inside the server.
It normally means that the registry settings haven't been setup correctly and need to be checked.

Simon.
0
 

Author Comment

by:Abi_003
ID: 24745888

I have this regisry key in my exchange / IIS :

servername:100-500:6001-6002;dc.corp.company.com:6001-6002;mailserver::6004;mailserver.corp.company.com:6004;dc:6004;dc.corp.company.com:6004;mail.mailserver.com:6001-6002;mail.mailserver.com:6004;pdc:593;dc.corp.company.com:593;mailserver:593;mailserver.corp.company.com:593;mail.mailserver.com:593;
0
 

Author Comment

by:Abi_003
ID: 24746296
Additional Details
  Exception Details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack Trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.GetSupportedHttpAuthMethods()
at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.PerformTestReally()
 
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24746806
Did you make the registry change on the domain controller as well?

Simon.
0
 

Author Comment

by:Abi_003
ID: 24747252
I made only this regedit/registry key on the domain controller:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
"NSPI Interface protocol sequences"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,\
  68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 65

Expert Comment

by:Mestha
ID: 24747314
This feature either works or it doesn't.
I would suggest removing the RPC Proxy from Windows Components, then removing the two RPC virtual directories from IIS manager. After doing that, run IISRESET to write the change to the IIS metabase. Then reinstall the proxy and configure the registry fresh.

Simon.
0
 

Author Comment

by:Abi_003
ID: 24747395
I removed RPC proxy from windows components and followed your instructions.. now i am getting this:

Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mailserver.corp.company.com
  Failed to ping Endpoint

Additional Details
  RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime  


0
 

Author Comment

by:Abi_003
ID: 24747480
this is the only registry key i have it on Exchange server:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"ValidPorts"="
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.local:6001-6002;
dc:6001-6002;
dc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.local:6004;
dc:6004;
dc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
dc:593;
dc.domain.local:593;
exchange-server:593;
exchange-server.domain.local:593;
mail.external.com:593;"
0
 

Author Comment

by:Abi_003
ID: 24747485
exchange-server = Exchange Server
dc = Domain Controller with Global Catalog
domain.local = Internal domain name
mail.external.com = External certificate/domain name
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24747769
Those look like my instructions.
http://www.amset.info/exchange/rpc-http-server.asp

The error is a registry failure or an internal firewall blocking the ports. Always is. Is the domain controller Windows 2003? Does it hold the global catalog role?

Simon.
0
 

Author Comment

by:Abi_003
ID: 24747942
yes its windows 2003 - I have to two domain controllers and both of them are global catlog
0
 

Author Comment

by:Abi_003
ID: 24748301
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server
mail.mailserver.com
  Failed to ping Endpoint
   Tell me more about this issue and how to resolve it
 
 Additional Details
  RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime  
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24748579
That is almost always registry issues. One of the changes isn't correct. I have seen it with Exchange 2007 where the name resolution didn't work.

Do this as a test.

telnet server.example.local 6001

(where server.example.local is the server's FQDN).

You should get back

"ncacn_http/1.0"

If you get nothing then either name resolution isn't working or the proxy didn't install correctly.

Simon.
0
 

Author Comment

by:Abi_003
ID: 24748629
when I telnet to 6001 - i am getting back "ncacn_http/1.0"
0
 

Author Comment

by:Abi_003
ID: 24748658
Aslo when I telnet to ports 6002 and 6004 I am getting back the  "ncacn_http/1.0"
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24749145
That means it is listening correctly, so it is back to the registry entries not being correct.

Simon.
0
 

Accepted Solution

by:
Abi_003 earned 0 total points
ID: 24749170
OKAY - finally the mistry is over with the help of "rpc_over_https_tool" - some error with the registry key and the tool fixed it for me... everything is working fine...

" Instead of manually editing the registry, reader Harry Bates has most cleverly designed a small utility that will allow you to perform all these changes by pressing a couple of buttons. The tool is called RPCNoFrontEnd (19kb)."

http://www.petri.co.il/software/rpcnofrontend.zip
rpc-over-https-tool.png
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now