keithxp
asked on
RPC over HTTP issue
We recently lost RPC over HTTP connectivity. I have been troubleshooting this for the last few days following the MS Troubleshooting guide but was unable to find any problems.
I have just managed to restore connectivity by ticking 'Windows Integrated Authentication' in the Directory Security tab of the rpc site Properties. All other settings left as recommended (ie Basic Authentication also ticked, anonymous access disabled). Basic Authentication is also set on the client machines.
I presume this points to some kind of security problem, but can find no issues with our certificate (GoDaddy) or other security settings.
Hopefully the fact that enabling Windows Integrated Authentication fixes the issue might give someone who understands this better a clue?
I have just managed to restore connectivity by ticking 'Windows Integrated Authentication' in the Directory Security tab of the rpc site Properties. All other settings left as recommended (ie Basic Authentication also ticked, anonymous access disabled). Basic Authentication is also set on the client machines.
I presume this points to some kind of security problem, but can find no issues with our certificate (GoDaddy) or other security settings.
Hopefully the fact that enabling Windows Integrated Authentication fixes the issue might give someone who understands this better a clue?
ASKER
Thanks for the suggestion, I should probably have mentioned that I have re-run the wizard a couple of times without luck.
Your right to tick windows authentication in rpc and make sure your domain is displayed in the default domain box. I always setup the clients thus:
https://remote.yourdoamin.com
Connect using SSL only (Ticked)
Only connect to proxy... (ticked)
msstd:remote.yourdomain.co
On fast networks... (unticked)
On Slow Networks (ticked)
Proxy Authentication set to NTLM Authencation
Additionally, I've found that occasionally the windows authentication and or basic authentication in rpc security gets unticked no idea why, but it does. Just double check your firewall on your router for the usual ports allowed (80,443)
https://remote.yourdoamin.com
Connect using SSL only (Ticked)
Only connect to proxy... (ticked)
msstd:remote.yourdomain.co
On fast networks... (unticked)
On Slow Networks (ticked)
Proxy Authentication set to NTLM Authencation
Additionally, I've found that occasionally the windows authentication and or basic authentication in rpc security gets unticked no idea why, but it does. Just double check your firewall on your router for the usual ports allowed (80,443)
ASKER
Hi,
well that configuration seems to be working for me too, but am I going mad or do most guides recommend that the RPC virtual directory security settings are that
- anonymous access is disabled
- only Basic Authentication is ticked
- SSL is enabled
??
At present clients are using Basic Authentication, but you are suggesting it is better to set it to NTLM (presumably to match to the Basic Authentication by NTLM on the virtual directory)?
well that configuration seems to be working for me too, but am I going mad or do most guides recommend that the RPC virtual directory security settings are that
- anonymous access is disabled
- only Basic Authentication is ticked
- SSL is enabled
??
At present clients are using Basic Authentication, but you are suggesting it is better to set it to NTLM (presumably to match to the Basic Authentication by NTLM on the virtual directory)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. This is great because I have lost RPC-HTTP connectivity several times in the past, never understood why (ie could not relate it to a particular change on the server etc). Hopefully I can fix it quicker in future. thank you
First thing in SBS 2003 is to re-run the CEICW wizard from Computer Management and select the proper connection OWA, RWP, etc. ( http://support.microsoft.com/kb/825763 ) That will fix 90% of all SBS 2003 connectivity issues.