Why won't Outlook over HTTPS work through ISA 2004 ?

We have set up our Exchange 2003 server to use Outlook over HTTPS.  We have went through all the required steps and then troubleshooted by verifying that we are able to browse use webmail by using HTTPS with the certificate that we purchased.

I looked at various support articles which suggested to browse to https://servername/rpc which we can do successfully and we are prompted to enter the password 3 times and then get  a message saying "HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource" which is what you are meant to get if it is configured correctly.

However the next step suggests to browse to  https://servername/rpc/rpcproxy.dll and when we do this there is no promt at all and internet explorer displays the following
"Error Code 64: Host not available
Background: The connection to the Web server was lost"

And on the ISA 2004 Server we see this:

Failed Connection Attempt SERVER 7/10/2009 1:58:28 PM
Log type: Web Proxy (Reverse)
Status: 64 The specified network name is no longer available.  
Rule: OWA
Source: External ( 88.97.161.254:0)
Destination: ( 192.168.1.100:443)
Request: GET https://servername:443/rpc/rpcproxy.dll 
Filter information: Req ID: 15ecbf98  
Protocol: https
User: anonymous

Can anyone please advise how we can resolve this ?

Many thanks in advance
PurityITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PurityITAuthor Commented:
Also, strangely in the IIS logs I can see the following:

2009-07-10 13:58:30 W3SVC1 192.168.1.100 GET /rpc/rpcproxy.dll - 443 administrator 88.97.161.254 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+yie8) 200 0 0
0
NpatangCommented:
Hey Try one thing ..
try browing the RPCproxy.dll indie teh network and see if it prompts for the credentia. and you should get a black page.
If not try the checking the AUthentication on the same it should be only basic Auth.
If still doesn't work check for the valid ports in the registry,

Also let me know the Path mentioned in the RPCproxy.dll
0
PurityITAuthor Commented:
Hi and thanks for your post,

When I browse to the rpcprox.dll internally we are prompted for a username and password then we do see a blank page.

I'm not entirely sure what you mean about the path so I have copied in a screenshot from IIS.

Thanks again for your help.
rpc-directory.JPG
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

NpatangCommented:
its good that you able to browse it ...... WHich certificate you are using .. Is it self signed or third party ....
ALso try creaing the RPC over HTTPS profileinternally to rule out the Firewall issue.

Check this link for better configuration
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
0
PurityITAuthor Commented:
Hi,

This is document I usually follow !!  When setting it up as we have done it a good few times before so I am familiar with troubleshooting etc.  The only difference from the others that there is an ISA 2004 server in this instance.

The certificate was purchased from equifax and I tried to create the profile internally but when I enter the username and password through Outlook, it keeps coming back and asking for the password repeatedly amd doesn't accept it
0
NpatangCommented:
If thats the case  make sure that you have Valid port set properly
0
NpatangCommented:
Whatever the URl you are using in the  profile should resolvable internally to internal IP of the server
0
PurityITAuthor Commented:
I ran the registry fix that was included in the link you sent so it does appear to be the correct port.

When we perform a ping to to address specified in Outlook as well as the part specified in Outlook over HTTPS part of Outlook they both reply
0
NpatangCommented:
Try NSlookup and see if it resolves to internal IP ..

If possible send the IIS logs
0
PurityITAuthor Commented:
Hi,

I tried nslookup and it did resolve to the internal IP

I have attached the IIS logs for you also

Thanks again
ex070910.log
0
NpatangCommented:
See if you are able to telnet on port 6002 on the local host and also check the permisison on RPC virtual directory ..

Make sure that we should have the Authenticated users listed in the persmission will all the Read Permisisons.
0
PurityITAuthor Commented:
Hi,

I am able to telnet to the localhost on port 6002 and it returns "ncacn_http/1.0"

For the RPC directory the Authenticated users have the following permissions "Read & Execute, List folder contents and Read"
0
NpatangCommented:
Make sure that in Outlook CLient we have Basic Auth Selected.....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.