Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Why won't Outlook over HTTPS work through ISA 2004 ?

Posted on 2009-07-10
13
316 Views
Last Modified: 2012-05-07
We have set up our Exchange 2003 server to use Outlook over HTTPS.  We have went through all the required steps and then troubleshooted by verifying that we are able to browse use webmail by using HTTPS with the certificate that we purchased.

I looked at various support articles which suggested to browse to https://servername/rpc which we can do successfully and we are prompted to enter the password 3 times and then get  a message saying "HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource" which is what you are meant to get if it is configured correctly.

However the next step suggests to browse to  https://servername/rpc/rpcproxy.dll and when we do this there is no promt at all and internet explorer displays the following
"Error Code 64: Host not available
Background: The connection to the Web server was lost"

And on the ISA 2004 Server we see this:

Failed Connection Attempt SERVER 7/10/2009 1:58:28 PM
Log type: Web Proxy (Reverse)
Status: 64 The specified network name is no longer available.  
Rule: OWA
Source: External ( 88.97.161.254:0)
Destination: ( 192.168.1.100:443)
Request: GET https://servername:443/rpc/rpcproxy.dll 
Filter information: Req ID: 15ecbf98  
Protocol: https
User: anonymous

Can anyone please advise how we can resolve this ?

Many thanks in advance
0
Comment
Question by:PurityIT
  • 7
  • 6
13 Comments
 

Author Comment

by:PurityIT
ID: 24822882
Also, strangely in the IIS logs I can see the following:

2009-07-10 13:58:30 W3SVC1 192.168.1.100 GET /rpc/rpcproxy.dll - 443 administrator 88.97.161.254 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+yie8) 200 0 0
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24822933
Hey Try one thing ..
try browing the RPCproxy.dll indie teh network and see if it prompts for the credentia. and you should get a black page.
If not try the checking the AUthentication on the same it should be only basic Auth.
If still doesn't work check for the valid ports in the registry,

Also let me know the Path mentioned in the RPCproxy.dll
0
 

Author Comment

by:PurityIT
ID: 24823177
Hi and thanks for your post,

When I browse to the rpcprox.dll internally we are prompted for a username and password then we do see a blank page.

I'm not entirely sure what you mean about the path so I have copied in a screenshot from IIS.

Thanks again for your help.
rpc-directory.JPG
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 8

Expert Comment

by:Npatang
ID: 24823268
its good that you able to browse it ...... WHich certificate you are using .. Is it self signed or third party ....
ALso try creaing the RPC over HTTPS profileinternally to rule out the Firewall issue.

Check this link for better configuration
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
0
 

Author Comment

by:PurityIT
ID: 24823652
Hi,

This is document I usually follow !!  When setting it up as we have done it a good few times before so I am familiar with troubleshooting etc.  The only difference from the others that there is an ISA 2004 server in this instance.

The certificate was purchased from equifax and I tried to create the profile internally but when I enter the username and password through Outlook, it keeps coming back and asking for the password repeatedly amd doesn't accept it
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823675
If thats the case  make sure that you have Valid port set properly
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823684
Whatever the URl you are using in the  profile should resolvable internally to internal IP of the server
0
 

Author Comment

by:PurityIT
ID: 24823745
I ran the registry fix that was included in the link you sent so it does appear to be the correct port.

When we perform a ping to to address specified in Outlook as well as the part specified in Outlook over HTTPS part of Outlook they both reply
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823796
Try NSlookup and see if it resolves to internal IP ..

If possible send the IIS logs
0
 

Author Comment

by:PurityIT
ID: 24823881
Hi,

I tried nslookup and it did resolve to the internal IP

I have attached the IIS logs for you also

Thanks again
ex070910.log
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24823913
See if you are able to telnet on port 6002 on the local host and also check the permisison on RPC virtual directory ..

Make sure that we should have the Authenticated users listed in the persmission will all the Read Permisisons.
0
 

Author Comment

by:PurityIT
ID: 24824179
Hi,

I am able to telnet to the localhost on port 6002 and it returns "ncacn_http/1.0"

For the RPC directory the Authenticated users have the following permissions "Read & Execute, List folder contents and Read"
0
 
LVL 8

Accepted Solution

by:
Npatang earned 500 total points
ID: 24824259
Make sure that in Outlook CLient we have Basic Auth Selected.....
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question