Solved

Why won't Outlook over HTTPS work through ISA 2004 ?

Posted on 2009-07-10
13
313 Views
Last Modified: 2012-05-07
We have set up our Exchange 2003 server to use Outlook over HTTPS.  We have went through all the required steps and then troubleshooted by verifying that we are able to browse use webmail by using HTTPS with the certificate that we purchased.

I looked at various support articles which suggested to browse to https://servername/rpc which we can do successfully and we are prompted to enter the password 3 times and then get  a message saying "HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource" which is what you are meant to get if it is configured correctly.

However the next step suggests to browse to  https://servername/rpc/rpcproxy.dll and when we do this there is no promt at all and internet explorer displays the following
"Error Code 64: Host not available
Background: The connection to the Web server was lost"

And on the ISA 2004 Server we see this:

Failed Connection Attempt SERVER 7/10/2009 1:58:28 PM
Log type: Web Proxy (Reverse)
Status: 64 The specified network name is no longer available.  
Rule: OWA
Source: External ( 88.97.161.254:0)
Destination: ( 192.168.1.100:443)
Request: GET https://servername:443/rpc/rpcproxy.dll
Filter information: Req ID: 15ecbf98  
Protocol: https
User: anonymous

Can anyone please advise how we can resolve this ?

Many thanks in advance
0
Comment
Question by:PurityIT
  • 7
  • 6
13 Comments
 

Author Comment

by:PurityIT
ID: 24822882
Also, strangely in the IIS logs I can see the following:

2009-07-10 13:58:30 W3SVC1 192.168.1.100 GET /rpc/rpcproxy.dll - 443 administrator 88.97.161.254 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+yie8) 200 0 0
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24822933
Hey Try one thing ..
try browing the RPCproxy.dll indie teh network and see if it prompts for the credentia. and you should get a black page.
If not try the checking the AUthentication on the same it should be only basic Auth.
If still doesn't work check for the valid ports in the registry,

Also let me know the Path mentioned in the RPCproxy.dll
0
 

Author Comment

by:PurityIT
ID: 24823177
Hi and thanks for your post,

When I browse to the rpcprox.dll internally we are prompted for a username and password then we do see a blank page.

I'm not entirely sure what you mean about the path so I have copied in a screenshot from IIS.

Thanks again for your help.
rpc-directory.JPG
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823268
its good that you able to browse it ...... WHich certificate you are using .. Is it self signed or third party ....
ALso try creaing the RPC over HTTPS profileinternally to rule out the Firewall issue.

Check this link for better configuration
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
0
 

Author Comment

by:PurityIT
ID: 24823652
Hi,

This is document I usually follow !!  When setting it up as we have done it a good few times before so I am familiar with troubleshooting etc.  The only difference from the others that there is an ISA 2004 server in this instance.

The certificate was purchased from equifax and I tried to create the profile internally but when I enter the username and password through Outlook, it keeps coming back and asking for the password repeatedly amd doesn't accept it
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823675
If thats the case  make sure that you have Valid port set properly
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 8

Expert Comment

by:Npatang
ID: 24823684
Whatever the URl you are using in the  profile should resolvable internally to internal IP of the server
0
 

Author Comment

by:PurityIT
ID: 24823745
I ran the registry fix that was included in the link you sent so it does appear to be the correct port.

When we perform a ping to to address specified in Outlook as well as the part specified in Outlook over HTTPS part of Outlook they both reply
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823796
Try NSlookup and see if it resolves to internal IP ..

If possible send the IIS logs
0
 

Author Comment

by:PurityIT
ID: 24823881
Hi,

I tried nslookup and it did resolve to the internal IP

I have attached the IIS logs for you also

Thanks again
ex070910.log
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823913
See if you are able to telnet on port 6002 on the local host and also check the permisison on RPC virtual directory ..

Make sure that we should have the Authenticated users listed in the persmission will all the Read Permisisons.
0
 

Author Comment

by:PurityIT
ID: 24824179
Hi,

I am able to telnet to the localhost on port 6002 and it returns "ncacn_http/1.0"

For the RPC directory the Authenticated users have the following permissions "Read & Execute, List folder contents and Read"
0
 
LVL 8

Accepted Solution

by:
Npatang earned 500 total points
ID: 24824259
Make sure that in Outlook CLient we have Basic Auth Selected.....
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now