Avatar of gajtguy
gajtguy
 asked on

Outlook 2003 can no longer connect to exchange 2003 - RPC/HTTP

I've had this server running for about 6 weeks without any issues. Fri nite I rebooted to check for some files on the dual boot machine (XP) and during the restart into win2003 thats when the machine decided to really crap out on me. Lots of start up issues (Services not running), that I was able to correct most of them.  My curent status is this: Webmail works, activesync to our iphones works, but outlook 2003 can not connect to the mailboxes. Note: I have a static IP for the server as well as the cable modem (Comcast business class)

I run outlook with the /RPCdiag switch and see the 'mail' item trying to connect, but it never connects. There are three directory items that say "Established' using https. But the mail flashes about 5-6times and then dissapears. Finally the error "The server is not available" comes up. By the way I'm testing this from a laptop that used to work, and happens to be located within the same network as the server (my home).

I will admit to not understanding DNS. (So any suggestions with this, please detail the steps)
My SSL certs have not been the same since the start and do list the domain and FQDN

All RPC tests, using telnet and ping work just fine.  It's just some problem with outlook connecting.
Netdiag passed all but the 'DC list test' line item.
DCDiag also passed all items.
ExchangeOutlook

Avatar of undefined
Last Comment
BarnesHawk

8/22/2022 - Mon
Sumesh BNR

is your outlook in offline mode?
gajtguy

ASKER
Now that would be pretty basic.. I wish.

Answer: no
ASKER CERTIFIED SOLUTION
Alan Hardisty

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Wouterx

I guess it might be a problem with your certificate. In that case, the connection fails without a decent error message. Do you get certificate warnings when you use webmail?
If you do, these must be fixed as RPC over HTTP does not provide the option to ignore these warnings.
Your help has saved me hundreds of hours of internet surfing.
fblack61
MegaNuk3

Also if you are trying to use it at home, then confirm that you are getting the servers internal IP address when you ping it because some routers do not allow traffic to go out and come back in the external interface.

You might have had a automatic firmware router upgrade that has now stopped your traffic from going out to the external(internet) interface on the router and coming back in.
gajtguy

ASKER
Thanks for the suggestions. I have tried the outlook anywhere test. It was failing on certain items that I could correct. But now I'm stuck with this PING error.

As per the -more info- area, I was able to telnet to port 6002 & 6004. It would respond with the 'ncacn_http/1.0' line (Is that the correct response?). But the 6001 port would not respond with anything. Although it wouldn't dump me back at the command prompt either. Does that mean anything?

The certs were unchanged and seem to work just fine.  Any other ideas?
	Testing RPC/HTTP connectivity
 	RPC/HTTP test failed
 	
	Test Steps
 	
	Attempting to resolve the host name denisco-kindler.dsstristate.net in DNS.
 	Host successfully resolved
 	
	Additional Details
 	IP(s) returned: 173.161.188.201
	Testing TCP Port 443 on host denisco-kindler.dsstristate.net to ensure it is listening and open.
 	The port was opened successfully.
	Testing SSL Certificate for validity.
 	The certificate passed all validation requirements.
 	
	Test Steps
 	
	Validating certificate name
 	Successfully validated the certificate name
 	
	Additional Details
 	Found hostname denisco-kindler.dsstristate.net in Certificate Subject Alternative Name entry
	Validating certificate trust
 	Certificate is trusted and all certificates are present in chain
 	
	Additional Details
 	The Certificate chain has be validated up to a trusted root. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
	Testing certificate date to ensure validity
 	Date Validation passed. The certificate is not expired.
 	
	Additional Details
 	Certificate is valid: NotBefore = 12/28/2009 8:40:07 AM, NotAfter = 12/22/2011 1:21:36 AM"
	Testing Http Authentication Methods for URL https://denisco-kindler.dsstristate.net/rpc/rpcproxy.dll
 	Http Authentication Methods are correct
 	
	Additional Details
 	Found all expected authentication methods and no disallowed methods. Methods Found: Basic
	Attempting to Ping RPC Proxy denisco-kindler.dsstristate.net
 	Pinged RPC Proxy successfully
 	
	Additional Details
 	Completed with HTTP status 200 - OK
	Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server denisco-kindler.dsstristate.net
 	Failed to ping Endpoint
 	 Tell me more about this issue and how to resolve it
 	
	Additional Details
 	RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime 

Open in new window

gajtguy

ASKER
Meganuk3: My firewall is a linksys router with the Tomato firmware on there. No auto updates allowed. But I did double check the ports were open. The 6001, 6002, 6004 was NOT open. But then again, I was under the impression that they do not need to be open anyway.

Doesn't the RPC come through HTTP by using port 443?

But now I'm getting away from the problem of why the PING test failed. Any ideas?

Thanks
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
MegaNuk3

What version of Exchange are you running?

And is denisco-kindler.dsstristate.net the internal name of your Exchange server? i.e. can you ping it and is that what the "Exchange Server" shows as under outlook? denisco-kindler.dsstristate.net might be the External name that matches the cert, but your internal exchange server name might be something like mailserver01.mydomain.local

yep RPC over HTTPs is just that, it comes in over 443
gajtguy

ASKER
Looks like I've got Exchange v6.5.7638.1.

The servername is denisco-kindler.  Since I'm a dummy, I made the internal domain the same as the external. Again this was working for about 7 weeks. My outside DNS is configured from godaddy, who is also hosting the website. But I have added the proper A records for the FQDN to point everyone using outlook to the exchange server location, not the website location.

MegaNuk3

Have you tried RPCPing and RPCDump from Microsoft: http://support.microsoft.com/kb/831051
To see if they pass or fail from internal and external?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
MegaNuk3

Since you appear to be on Exchange 2003, is it standard or enterprise or SBS?
If it is normal E2k3 and not SBS can you try go to ESM-->Properties on you Exchange Server-->"RPC-HTTP" Tab-->Verify "RPC-HTTP back-end server" is selected, if it was then change it to "Not part of" press Apply then change it back to "RPC-HTTP back-end" server and press Apply. Does it work now?
gajtguy

ASKER
I have Enterprise 2003 and tried what you suggested. Still the same issue.

Why do you suppose the three 'directory' items connect using HTTPS. They all say 'Established', but the 'Mail' item (and 'Public Folders') all flash up there in the RPCdiag window and just go away again?

I have a gut feeling to remove and reinstall the RPC over HTTP feature from add/remove windows components.  Do you think that will have any affect (either good or bad)?

Thanks
gajtguy

ASKER
well that RPC uninstall didn't help.  I have a feeling that a complete reinstall of {something} might be in order..  How hard is it to migrate all of my users info over to another "server". Or maybe I should just try adding another one just as a test? No/Yes/maybe?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Alan Hardisty

Can you run through either of the following articles and check your settings including your registry settings:

http://www.amset.info/exchange/rpc-http.asp

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
gajtguy

ASKER
Thanks for that suggestion.  My reinstall of RPC caused some of the Registry entries to not have all of the info that they once had. I've been through those same documents at least 20 times over the past 3 days.

But alas, this problem still exists. 'Directory' connects, but not 'Mail' and not 'Public Folders' (although I never could get public folders working).
Alan Hardisty

No probs.
What Authentication methods / SSL settings have you got for the RPC virtual Directory and the Exchange Virtual Directory?
RPC should be basic - no IP restrictions and SSL enabled.
Exchange should be the same as long as you have the exchange-oma virtual directory created.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
gajtguy

ASKER
RPC and EXCHANGE all have the same settings (as you described). Well EXCHANGE didn't have the domain listed. Just a slash, but I hit Browse and it plugged in the domain.

The OMA virtual directory has been setup since the very first config back before the new year. I do remember having to set that up manually.

The other change I made was as per the AMSET.info doc which said to set the client proxy up with the 'on fast networks' checkbox. That was not stated to check in the Petri doc. And it has made the logon appear almost instantly after starting outlook.

Should I remake the RPC virtual Directory? If so, how much other stuff would that mess up?  
Or is it working fine, because the webmail is working fine?
Alan Hardisty

Leave the recreation of the RPC virtual directory for now if you would.
What do you get if you vsit https://www.yourdomain.com/rpc/rpcproxy.dll?
You should be prompted for a logon, then once logged on, you should receive a blank page.
gajtguy

ASKER
Well that was new. Including the /rpcproxy.dll   at the end allowed my user account to actually login and get the blank screen.  And the padlock is down in the right hand corner.

I say that because I think all of the other docs talked about checking for the 401.3 error, but without using the rpcproxy.dll  at the end.  

So I guess that blank screen was a good thing?  Does it prove the Cert is good?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Alan Hardisty

Yes - that is good news. (always nice to find a different way to test things ; ) )
Have you got Ignore Client Certificates selected on the RPC virtual Directory> Directory Security> Last Edit Button?
http://social.technet.microsoft.com/Forums/en-US/exrca/thread/4cd67c54-51a3-4f2e-8994-99d7bad047d0 
MegaNuk3

Have you got "ignore client certificates" set on the "Default web site" under IIS?
gajtguy

ASKER
Yup. Both the RPC virtual and the 'Default Web Site' both show the check to 'Use SSL' and the sub check for '128bit Encryption', as well as the 'ignore client certs'.

Baffled. I'm just baffled by this issue.  And I'm flying out of town in the morning. So what should I reinstall, and what should I backup first?

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
SOLUTION
MegaNuk3

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Alan Hardisty

Backup the Default Website in IIS (right-click and choose All Tasks, Save Configuration to a file).
Then remove the RPC over HTTP proxy (Control Panel> Add/Remove Programs> Windows Components> Networking Services)
Reboot the server then re-install the RPC over HTTP proxy as per this article:
http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
Once done - re-test and report on the results.
Good luck.
gajtguy

ASKER
Actually I did not. Sorry.  :-(   That is one complicated string right there.   I'll try it again though.

Attached is the rpcping results.

myrpcping.jpg
gajtguy

ASKER
Here's one for ya..  I had a suggestion to change my hosts file on my test laptop that is located within the same network as the server. This time outlook does indeed connect to the mailbox. But it does so with TCP/IP instead of HTTPS. I should say the directory items still connect via HTTPS. But the 'Mail' items listed on the RPCDiag window shows a connection uing TCP/IP.

Does that indicate anything?

Man, this is like a 1000point question, right?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
gajtguy

ASKER
Alan, OK I did the RPC uninstall, restart and then re-set it up again.  Same results.  However, one of the tests in that link you provided offered the RPCDUMP function. This might be the issue:  I cannot find anything listening or linked to the port 6001, which is the information store (right?).  I see stuff in the dump file that links to 6002 & 6004. But using Ctrl-F to find the "6001" comes up with zero results.

So, I'm gonna do some research into that, but can anyone provide some quick items to enable this?

BTW - The ports are listed in that registry entry with all the other ports (6001-6002, 6004). You know which one I mean right? (It's getting late, and I'm getting flustered)
gajtguy

ASKER
okay. so NETSTAT does show this port listed ONE time within that long dump file. It does show it listening, but only on the netbios name:6001    It shows up no other times and I can not telnet to it. Well I can, but do not get the same results as when I telnet into port 6002 or 6004.

Anybody feel like cluing me in a little?  I feel this Information store could be the issue..

BTW-I re-ran the outlook anywhere tool and it failed again trying to ping 6001.

SOOOOO close now.
MegaNuk3

Have a look on the server under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy:
Is there are ValidPorts string that looks similar to the following?
Mailserver:593;mailserverFQDN.com:593;mailserver:6001-6002;MailServerFQDN.com:6001-6002;Mailserver:6004;MailServerFQDN.com:6004

as per http://msdn.microsoft.com/en-us/library/aa378642(VS.85).aspx
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
MegaNuk3

Also make sure you have Enabled(REG_DWORD) = 1 under there too.
gajtguy

ASKER
Guys I appreciate your help.  Looks the we're going around in a couple of circles here.  

Those registry entries have been checked and listed in just about every version of the RPC over HTTP documents that are out there. I've been over that at least a dozen times.

I think the issue is with this port 6001 thing, or I'm just F'd.  

So thanks again for trying so hard and sticking with me.
MegaNuk3

can you post your ValidPorts key (replace servername if you want)

Also have a look at this article which talks about using RPCDump to verify the Information Store is listening on 6001:
http://technet.microsoft.com/en-us/library/aa997836(EXCHG.65).aspx

It also talks about your NTDS settings on your GC
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
MegaNuk3

Have a look in the registry on your Mailbox server and confirm the following:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
There should be a DWORD there called "Rpc/HTTP Port" with a value of "1771" (hex) which is 6001
gajtguy

ASKER
This problem was a tough one and a lot of responses were very helpful in ruling out certain issues. The problem was just not a typical issue.
MegaNuk3

Thanks for the points, I take it is all working now? What was wrong with port6001?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
MegaNuk3

What was wrong with port 6001?
BarnesHawk

I am having this EXACT issue and I'm really curious if you ever found a specific fix?