Solved

Why won't Outlook over HTTPS work through ISA 2004 ?

Posted on 2009-07-10
13
318 Views
Last Modified: 2012-05-07
We have set up our Exchange 2003 server to use Outlook over HTTPS.  We have went through all the required steps and then troubleshooted by verifying that we are able to browse use webmail by using HTTPS with the certificate that we purchased.

I looked at various support articles which suggested to browse to https://servername/rpc which we can do successfully and we are prompted to enter the password 3 times and then get  a message saying "HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource" which is what you are meant to get if it is configured correctly.

However the next step suggests to browse to  https://servername/rpc/rpcproxy.dll and when we do this there is no promt at all and internet explorer displays the following
"Error Code 64: Host not available
Background: The connection to the Web server was lost"

And on the ISA 2004 Server we see this:

Failed Connection Attempt SERVER 7/10/2009 1:58:28 PM
Log type: Web Proxy (Reverse)
Status: 64 The specified network name is no longer available.  
Rule: OWA
Source: External ( 88.97.161.254:0)
Destination: ( 192.168.1.100:443)
Request: GET https://servername:443/rpc/rpcproxy.dll 
Filter information: Req ID: 15ecbf98  
Protocol: https
User: anonymous

Can anyone please advise how we can resolve this ?

Many thanks in advance
0
Comment
Question by:PurityIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 

Author Comment

by:PurityIT
ID: 24822882
Also, strangely in the IIS logs I can see the following:

2009-07-10 13:58:30 W3SVC1 192.168.1.100 GET /rpc/rpcproxy.dll - 443 administrator 88.97.161.254 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+yie8) 200 0 0
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24822933
Hey Try one thing ..
try browing the RPCproxy.dll indie teh network and see if it prompts for the credentia. and you should get a black page.
If not try the checking the AUthentication on the same it should be only basic Auth.
If still doesn't work check for the valid ports in the registry,

Also let me know the Path mentioned in the RPCproxy.dll
0
 

Author Comment

by:PurityIT
ID: 24823177
Hi and thanks for your post,

When I browse to the rpcprox.dll internally we are prompted for a username and password then we do see a blank page.

I'm not entirely sure what you mean about the path so I have copied in a screenshot from IIS.

Thanks again for your help.
rpc-directory.JPG
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 8

Expert Comment

by:Npatang
ID: 24823268
its good that you able to browse it ...... WHich certificate you are using .. Is it self signed or third party ....
ALso try creaing the RPC over HTTPS profileinternally to rule out the Firewall issue.

Check this link for better configuration
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
0
 

Author Comment

by:PurityIT
ID: 24823652
Hi,

This is document I usually follow !!  When setting it up as we have done it a good few times before so I am familiar with troubleshooting etc.  The only difference from the others that there is an ISA 2004 server in this instance.

The certificate was purchased from equifax and I tried to create the profile internally but when I enter the username and password through Outlook, it keeps coming back and asking for the password repeatedly amd doesn't accept it
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823675
If thats the case  make sure that you have Valid port set properly
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823684
Whatever the URl you are using in the  profile should resolvable internally to internal IP of the server
0
 

Author Comment

by:PurityIT
ID: 24823745
I ran the registry fix that was included in the link you sent so it does appear to be the correct port.

When we perform a ping to to address specified in Outlook as well as the part specified in Outlook over HTTPS part of Outlook they both reply
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823796
Try NSlookup and see if it resolves to internal IP ..

If possible send the IIS logs
0
 

Author Comment

by:PurityIT
ID: 24823881
Hi,

I tried nslookup and it did resolve to the internal IP

I have attached the IIS logs for you also

Thanks again
ex070910.log
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823913
See if you are able to telnet on port 6002 on the local host and also check the permisison on RPC virtual directory ..

Make sure that we should have the Authenticated users listed in the persmission will all the Read Permisisons.
0
 

Author Comment

by:PurityIT
ID: 24824179
Hi,

I am able to telnet to the localhost on port 6002 and it returns "ncacn_http/1.0"

For the RPC directory the Authenticated users have the following permissions "Read & Execute, List folder contents and Read"
0
 
LVL 8

Accepted Solution

by:
Npatang earned 500 total points
ID: 24824259
Make sure that in Outlook CLient we have Basic Auth Selected.....
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question