We help IT Professionals succeed at work.

Why won't Outlook over HTTPS work through ISA 2004 ?

Medium Priority
335 Views
Last Modified: 2012-05-07
We have set up our Exchange 2003 server to use Outlook over HTTPS.  We have went through all the required steps and then troubleshooted by verifying that we are able to browse use webmail by using HTTPS with the certificate that we purchased.

I looked at various support articles which suggested to browse to https://servername/rpc which we can do successfully and we are prompted to enter the password 3 times and then get  a message saying "HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource" which is what you are meant to get if it is configured correctly.

However the next step suggests to browse to  https://servername/rpc/rpcproxy.dll and when we do this there is no promt at all and internet explorer displays the following
"Error Code 64: Host not available
Background: The connection to the Web server was lost"

And on the ISA 2004 Server we see this:

Failed Connection Attempt SERVER 7/10/2009 1:58:28 PM
Log type: Web Proxy (Reverse)
Status: 64 The specified network name is no longer available.  
Rule: OWA
Source: External ( 88.97.161.254:0)
Destination: ( 192.168.1.100:443)
Request: GET https://servername:443/rpc/rpcproxy.dll 
Filter information: Req ID: 15ecbf98  
Protocol: https
User: anonymous

Can anyone please advise how we can resolve this ?

Many thanks in advance
Comment
Watch Question

Author

Commented:
Also, strangely in the IIS logs I can see the following:

2009-07-10 13:58:30 W3SVC1 192.168.1.100 GET /rpc/rpcproxy.dll - 443 administrator 88.97.161.254 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+yie8) 200 0 0

Commented:
Hey Try one thing ..
try browing the RPCproxy.dll indie teh network and see if it prompts for the credentia. and you should get a black page.
If not try the checking the AUthentication on the same it should be only basic Auth.
If still doesn't work check for the valid ports in the registry,

Also let me know the Path mentioned in the RPCproxy.dll

Author

Commented:
Hi and thanks for your post,

When I browse to the rpcprox.dll internally we are prompted for a username and password then we do see a blank page.

I'm not entirely sure what you mean about the path so I have copied in a screenshot from IIS.

Thanks again for your help.
rpc-directory.JPG

Commented:
its good that you able to browse it ...... WHich certificate you are using .. Is it self signed or third party ....
ALso try creaing the RPC over HTTPS profileinternally to rule out the Firewall issue.

Check this link for better configuration
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

Author

Commented:
Hi,

This is document I usually follow !!  When setting it up as we have done it a good few times before so I am familiar with troubleshooting etc.  The only difference from the others that there is an ISA 2004 server in this instance.

The certificate was purchased from equifax and I tried to create the profile internally but when I enter the username and password through Outlook, it keeps coming back and asking for the password repeatedly amd doesn't accept it

Commented:
If thats the case  make sure that you have Valid port set properly

Commented:
Whatever the URl you are using in the  profile should resolvable internally to internal IP of the server

Author

Commented:
I ran the registry fix that was included in the link you sent so it does appear to be the correct port.

When we perform a ping to to address specified in Outlook as well as the part specified in Outlook over HTTPS part of Outlook they both reply

Commented:
Try NSlookup and see if it resolves to internal IP ..

If possible send the IIS logs

Author

Commented:
Hi,

I tried nslookup and it did resolve to the internal IP

I have attached the IIS logs for you also

Thanks again
ex070910.log

Commented:
See if you are able to telnet on port 6002 on the local host and also check the permisison on RPC virtual directory ..

Make sure that we should have the Authenticated users listed in the persmission will all the Read Permisisons.

Author

Commented:
Hi,

I am able to telnet to the localhost on port 6002 and it returns "ncacn_http/1.0"

For the RPC directory the Authenticated users have the following permissions "Read & Execute, List folder contents and Read"
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.