Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3859
  • Last Modified:

RPC/HTTP on Exchange 2003

I configured the RPC/HTTP on our Exchange 2003 server but when I perform the Exchange server remote conectivity analyzer (https://testexchangeconnectivity.com/) i am getting the following error " Attempting to Ping RPC Proxy mail.mailserver.com, Cannot ping RPC Proxy)

Please see the complete test results:

Testing RPC/HTTP connectivity
  RPC/HTTP test failed
 Test Steps
   Attempting to Resolve the host name mail.mailserver.com in DNS.
  Host successfully Resolved
 Additional Details
  IP(s) returned: 1.1.1.1
 
 Testing TCP Port 443 on host mail.mailserver.com to ensure it is listening/open.
  The port was opened successfully.
 
 Testing SSL Certificate for validity.
  The certificate passed all validation requirements.
 Test Steps
   Validating certificate name
  Successfully validated the certificate name
 Additional Details
  Found hostname mail.mailserver.com in Certificate Subject Common name  
 
 Validating certificate trust
  Certificate is trusted and all certificates are present in chain
 Additional Details
  The Certificate chain has be validated up to a trusted root. Root = OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US  
 
 Testing certificate date to ensure validity
  Date Validation passed. The certificate is not expired.
 Additional Details
  Certificate is valid: NotBefore = 12/16/2007 4:00:00 PM, NotAfter = 12/17/2011 3:59:59 PM  
 
 Testing Http Authentication Methods for URL https://mail.mailserver.com/rpc/rpcproxy.dll 
  Http Authentication Methods are correct
 Additional Details
  Found all expected authentication methods and no disallowed methods. Methods Found: Basic, Negotiate, NTLM  
 
 Testing SSL mutual authentication with RPC Proxy server
  Successfully verified Mutual Authentication
 Additional Details
  Certificate common name mail.mailserver.com matches msstd:mail.mailserver.com
 
 Attempting to Ping RPC Proxy mail.mailserver.com
  Cannot ping RPC Proxy
 Additional Details
  An HTTP 500 response was returned from Unknown  


Thanks in Advance..
 
0
Abi_003
Asked:
Abi_003
  • 14
  • 6
  • 2
  • +1
1 Solution
 
ryan80Commented:
my first question would be does your firewall allow pinging?
0
 
Abi_003Author Commented:
I am not a netwoking person eventhough I know little bit.. i dont think it alows it.. because i was trying to ping mail.mymailserver.com .. its coming as timed out so .. i am pretty sure pining is not permited..
0
 
Kieran_BurnsCommented:
I had this issue some time back when publishing RPC over HTTP through an ISA Server and the discussion document I created was summarised with:

To configure RPC to work correctly, the following changes were made:
  Removed RPC directory from Exchange publishing rule
Created new publishing rule specifically for RPC directory that re-directed inbound traffic as HTTP traffic to the Web-Site
Changed Web-Site RPC directory rule to allow anonymous connections (also allowed Basic Authentication)
Changed Secure Communications setting to not require SSL connection
Created a DWORD AllowAnonymous with a Value of 1 in the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\RPCProxy

 
This allows the initial connection to made using an anonymous account, with the authentication requests coming from the Exchange Backend Server once the connection is made. The communication via the Web is secure at this point as the unencrypted traffic is localised to the internal network, and the Web Traffic is sent via an encrypted SSL connection between the ISA Server and the Client p.c.
 
At this point the traffic was being received by the RPCProxy service in the prescribed manner but a HTTP return of 501 was being generated.
HTTP status code 501 is defined as function not implemented.
This was resolved by the re-installation of RPC over HTTP on the RPCProxy Server (Web Server)
Once this step was complete RPC over HTTP successfully connected
Try the above and see how you get on
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Abi_003Author Commented:
My exchange is a stand-alone server , do i still have to make the registry edit?
0
 
Kieran_BurnsCommented:
The changes are made to the Server where the web-site is based, presumably this is the Exchange Server
0
 
Abi_003Author Commented:
how to i create a DWORD to AllowAnonymous access in regedit?
0
 
ryan80Commented:
in regedit, go to the place that you wnt to create the key, and right click on the right windows. The option for 'new' should come up.
0
 
MesthaCommented:
The "ping" in the error has nothing to do with an external ping. It is an RPC command inside the server.
It normally means that the registry settings haven't been setup correctly and need to be checked.

Simon.
0
 
Abi_003Author Commented:

I have this regisry key in my exchange / IIS :

servername:100-500:6001-6002;dc.corp.company.com:6001-6002;mailserver::6004;mailserver.corp.company.com:6004;dc:6004;dc.corp.company.com:6004;mail.mailserver.com:6001-6002;mail.mailserver.com:6004;pdc:593;dc.corp.company.com:593;mailserver:593;mailserver.corp.company.com:593;mail.mailserver.com:593;
0
 
Abi_003Author Commented:
Additional Details
  Exception Details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack Trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.GetSupportedHttpAuthMethods()
at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.PerformTestReally()
 
0
 
MesthaCommented:
Did you make the registry change on the domain controller as well?

Simon.
0
 
Abi_003Author Commented:
I made only this regedit/registry key on the domain controller:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
"NSPI Interface protocol sequences"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,\
  68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00
0
 
MesthaCommented:
This feature either works or it doesn't.
I would suggest removing the RPC Proxy from Windows Components, then removing the two RPC virtual directories from IIS manager. After doing that, run IISRESET to write the change to the IIS metabase. Then reinstall the proxy and configure the registry fresh.

Simon.
0
 
Abi_003Author Commented:
I removed RPC proxy from windows components and followed your instructions.. now i am getting this:

Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mailserver.corp.company.com
  Failed to ping Endpoint

Additional Details
  RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime  


0
 
Abi_003Author Commented:
this is the only registry key i have it on Exchange server:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"ValidPorts"="
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.local:6001-6002;
dc:6001-6002;
dc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.local:6004;
dc:6004;
dc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
dc:593;
dc.domain.local:593;
exchange-server:593;
exchange-server.domain.local:593;
mail.external.com:593;"
0
 
Abi_003Author Commented:
exchange-server = Exchange Server
dc = Domain Controller with Global Catalog
domain.local = Internal domain name
mail.external.com = External certificate/domain name
0
 
MesthaCommented:
Those look like my instructions.
http://www.amset.info/exchange/rpc-http-server.asp

The error is a registry failure or an internal firewall blocking the ports. Always is. Is the domain controller Windows 2003? Does it hold the global catalog role?

Simon.
0
 
Abi_003Author Commented:
yes its windows 2003 - I have to two domain controllers and both of them are global catlog
0
 
Abi_003Author Commented:
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server
mail.mailserver.com
  Failed to ping Endpoint
   Tell me more about this issue and how to resolve it
 
 Additional Details
  RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime  
0
 
MesthaCommented:
That is almost always registry issues. One of the changes isn't correct. I have seen it with Exchange 2007 where the name resolution didn't work.

Do this as a test.

telnet server.example.local 6001

(where server.example.local is the server's FQDN).

You should get back

"ncacn_http/1.0"

If you get nothing then either name resolution isn't working or the proxy didn't install correctly.

Simon.
0
 
Abi_003Author Commented:
when I telnet to 6001 - i am getting back "ncacn_http/1.0"
0
 
Abi_003Author Commented:
Aslo when I telnet to ports 6002 and 6004 I am getting back the  "ncacn_http/1.0"
0
 
MesthaCommented:
That means it is listening correctly, so it is back to the registry entries not being correct.

Simon.
0
 
Abi_003Author Commented:
OKAY - finally the mistry is over with the help of "rpc_over_https_tool" - some error with the registry key and the tool fixed it for me... everything is working fine...

" Instead of manually editing the registry, reader Harry Bates has most cleverly designed a small utility that will allow you to perform all these changes by pressing a couple of buttons. The tool is called RPCNoFrontEnd (19kb)."

http://www.petri.co.il/software/rpcnofrontend.zip
rpc-over-https-tool.png
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 14
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now