asked on
Outlook 2003 can no longer connect to exchange 2003 - RPC/HTTP
I've had this server running for about 6 weeks without any issues. Fri nite I rebooted to check for some files on the dual boot machine (XP) and during the restart into win2003 thats when the machine decided to really crap out on me. Lots of start up issues (Services not running), that I was able to correct most of them. My curent status is this: Webmail works, activesync to our iphones works, but outlook 2003 can not connect to the mailboxes. Note: I have a static IP for the server as well as the cable modem (Comcast business class)
I run outlook with the /RPCdiag switch and see the 'mail' item trying to connect, but it never connects. There are three directory items that say "Established' using https. But the mail flashes about 5-6times and then dissapears. Finally the error "The server is not available" comes up. By the way I'm testing this from a laptop that used to work, and happens to be located within the same network as the server (my home).
I will admit to not understanding DNS. (So any suggestions with this, please detail the steps)
My SSL certs have not been the same since the start and do list the domain and FQDN
All RPC tests, using telnet and ping work just fine. It's just some problem with outlook connecting.
Netdiag passed all but the 'DC list test' line item.
DCDiag also passed all items.
I run outlook with the /RPCdiag switch and see the 'mail' item trying to connect, but it never connects. There are three directory items that say "Established' using https. But the mail flashes about 5-6times and then dissapears. Finally the error "The server is not available" comes up. By the way I'm testing this from a laptop that used to work, and happens to be located within the same network as the server (my home).
I will admit to not understanding DNS. (So any suggestions with this, please detail the steps)
My SSL certs have not been the same since the start and do list the domain and FQDN
All RPC tests, using telnet and ping work just fine. It's just some problem with outlook connecting.
Netdiag passed all but the 'DC list test' line item.
DCDiag also passed all items.
ExchangeOutlook
Last Comment
BarnesHawk
is your outlook in offline mode?
ASKER
Now that would be pretty basic.. I wish.
Answer: no
Answer: no
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I guess it might be a problem with your certificate. In that case, the connection fails without a decent error message. Do you get certificate warnings when you use webmail?
If you do, these must be fixed as RPC over HTTP does not provide the option to ignore these warnings.
If you do, these must be fixed as RPC over HTTP does not provide the option to ignore these warnings.
Also if you are trying to use it at home, then confirm that you are getting the servers internal IP address when you ping it because some routers do not allow traffic to go out and come back in the external interface.
You might have had a automatic firmware router upgrade that has now stopped your traffic from going out to the external(internet) interface on the router and coming back in.
You might have had a automatic firmware router upgrade that has now stopped your traffic from going out to the external(internet) interface on the router and coming back in.
ASKER
Thanks for the suggestions. I have tried the outlook anywhere test. It was failing on certain items that I could correct. But now I'm stuck with this PING error.
As per the -more info- area, I was able to telnet to port 6002 & 6004. It would respond with the 'ncacn_http/1.0' line (Is that the correct response?). But the 6001 port would not respond with anything. Although it wouldn't dump me back at the command prompt either. Does that mean anything?
The certs were unchanged and seem to work just fine. Any other ideas?
As per the -more info- area, I was able to telnet to port 6002 & 6004. It would respond with the 'ncacn_http/1.0' line (Is that the correct response?). But the 6001 port would not respond with anything. Although it wouldn't dump me back at the command prompt either. Does that mean anything?
The certs were unchanged and seem to work just fine. Any other ideas?
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to resolve the host name denisco-kindler.dsstristate.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 173.161.188.201
Testing TCP Port 443 on host denisco-kindler.dsstristate.net to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname denisco-kindler.dsstristate.net in Certificate Subject Alternative Name entry
Validating certificate trust
Certificate is trusted and all certificates are present in chain
Additional Details
The Certificate chain has be validated up to a trusted root. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 12/28/2009 8:40:07 AM, NotAfter = 12/22/2011 1:21:36 AM"
Testing Http Authentication Methods for URL https://denisco-kindler.dsstristate.net/rpc/rpcproxy.dll
Http Authentication Methods are correct
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic
Attempting to Ping RPC Proxy denisco-kindler.dsstristate.net
Pinged RPC Proxy successfully
Additional Details
Completed with HTTP status 200 - OK
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server denisco-kindler.dsstristate.net
Failed to ping Endpoint
Tell me more about this issue and how to resolve it
Additional Details
RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime
ASKER
Meganuk3: My firewall is a linksys router with the Tomato firmware on there. No auto updates allowed. But I did double check the ports were open. The 6001, 6002, 6004 was NOT open. But then again, I was under the impression that they do not need to be open anyway.
Doesn't the RPC come through HTTP by using port 443?
But now I'm getting away from the problem of why the PING test failed. Any ideas?
Thanks
Doesn't the RPC come through HTTP by using port 443?
But now I'm getting away from the problem of why the PING test failed. Any ideas?
Thanks
What version of Exchange are you running?
And is denisco-kindler.dsstristat
yep RPC over HTTPs is just that, it comes in over 443
And is denisco-kindler.dsstristat
yep RPC over HTTPs is just that, it comes in over 443
ASKER
Looks like I've got Exchange v6.5.7638.1.
The servername is denisco-kindler. Since I'm a dummy, I made the internal domain the same as the external. Again this was working for about 7 weeks. My outside DNS is configured from godaddy, who is also hosting the website. But I have added the proper A records for the FQDN to point everyone using outlook to the exchange server location, not the website location.
The servername is denisco-kindler. Since I'm a dummy, I made the internal domain the same as the external. Again this was working for about 7 weeks. My outside DNS is configured from godaddy, who is also hosting the website. But I have added the proper A records for the FQDN to point everyone using outlook to the exchange server location, not the website location.
Have you tried RPCPing and RPCDump from Microsoft: http://support.microsoft.com/kb/831051
To see if they pass or fail from internal and external?
To see if they pass or fail from internal and external?
Since you appear to be on Exchange 2003, is it standard or enterprise or SBS?
If it is normal E2k3 and not SBS can you try go to ESM-->Properties on you Exchange Server-->"RPC-HTTP" Tab-->Verify "RPC-HTTP back-end server" is selected, if it was then change it to "Not part of" press Apply then change it back to "RPC-HTTP back-end" server and press Apply. Does it work now?
If it is normal E2k3 and not SBS can you try go to ESM-->Properties on you Exchange Server-->"RPC-HTTP" Tab-->Verify "RPC-HTTP back-end server" is selected, if it was then change it to "Not part of" press Apply then change it back to "RPC-HTTP back-end" server and press Apply. Does it work now?
ASKER
I have Enterprise 2003 and tried what you suggested. Still the same issue.
Why do you suppose the three 'directory' items connect using HTTPS. They all say 'Established', but the 'Mail' item (and 'Public Folders') all flash up there in the RPCdiag window and just go away again?
I have a gut feeling to remove and reinstall the RPC over HTTP feature from add/remove windows components. Do you think that will have any affect (either good or bad)?
Thanks
Why do you suppose the three 'directory' items connect using HTTPS. They all say 'Established', but the 'Mail' item (and 'Public Folders') all flash up there in the RPCdiag window and just go away again?
I have a gut feeling to remove and reinstall the RPC over HTTP feature from add/remove windows components. Do you think that will have any affect (either good or bad)?
Thanks
ASKER
well that RPC uninstall didn't help. I have a feeling that a complete reinstall of {something} might be in order.. How hard is it to migrate all of my users info over to another "server". Or maybe I should just try adding another one just as a test? No/Yes/maybe?
Can you run through either of the following articles and check your settings including your registry settings:
http://www.amset.info/exchange/rpc-http.asp
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
http://www.amset.info/exchange/rpc-http.asp
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
ASKER
Thanks for that suggestion. My reinstall of RPC caused some of the Registry entries to not have all of the info that they once had. I've been through those same documents at least 20 times over the past 3 days.
But alas, this problem still exists. 'Directory' connects, but not 'Mail' and not 'Public Folders' (although I never could get public folders working).
But alas, this problem still exists. 'Directory' connects, but not 'Mail' and not 'Public Folders' (although I never could get public folders working).
No probs.
What Authentication methods / SSL settings have you got for the RPC virtual Directory and the Exchange Virtual Directory?
RPC should be basic - no IP restrictions and SSL enabled.
Exchange should be the same as long as you have the exchange-oma virtual directory created.
What Authentication methods / SSL settings have you got for the RPC virtual Directory and the Exchange Virtual Directory?
RPC should be basic - no IP restrictions and SSL enabled.
Exchange should be the same as long as you have the exchange-oma virtual directory created.
ASKER
RPC and EXCHANGE all have the same settings (as you described). Well EXCHANGE didn't have the domain listed. Just a slash, but I hit Browse and it plugged in the domain.
The OMA virtual directory has been setup since the very first config back before the new year. I do remember having to set that up manually.
The other change I made was as per the AMSET.info doc which said to set the client proxy up with the 'on fast networks' checkbox. That was not stated to check in the Petri doc. And it has made the logon appear almost instantly after starting outlook.
Should I remake the RPC virtual Directory? If so, how much other stuff would that mess up?
Or is it working fine, because the webmail is working fine?
The OMA virtual directory has been setup since the very first config back before the new year. I do remember having to set that up manually.
The other change I made was as per the AMSET.info doc which said to set the client proxy up with the 'on fast networks' checkbox. That was not stated to check in the Petri doc. And it has made the logon appear almost instantly after starting outlook.
Should I remake the RPC virtual Directory? If so, how much other stuff would that mess up?
Or is it working fine, because the webmail is working fine?
Leave the recreation of the RPC virtual directory for now if you would.
What do you get if you vsit https://www.yourdomain.com/rpc/rpcproxy.dll?
You should be prompted for a logon, then once logged on, you should receive a blank page.
What do you get if you vsit https://www.yourdomain.com/rpc/rpcproxy.dll?
You should be prompted for a logon, then once logged on, you should receive a blank page.
ASKER
Well that was new. Including the /rpcproxy.dll at the end allowed my user account to actually login and get the blank screen. And the padlock is down in the right hand corner.
I say that because I think all of the other docs talked about checking for the 401.3 error, but without using the rpcproxy.dll at the end.
So I guess that blank screen was a good thing? Does it prove the Cert is good?
I say that because I think all of the other docs talked about checking for the 401.3 error, but without using the rpcproxy.dll at the end.
So I guess that blank screen was a good thing? Does it prove the Cert is good?
Yes - that is good news. (always nice to find a different way to test things ; ) )
Have you got Ignore Client Certificates selected on the RPC virtual Directory> Directory Security> Last Edit Button?
http://social.technet.microsoft.com/Forums/en-US/exrca/thread/4cd67c54-51a3-4f2e-8994-99d7bad047d0
Have you got Ignore Client Certificates selected on the RPC virtual Directory> Directory Security> Last Edit Button?
http://social.technet.microsoft.com/Forums/en-US/exrca/thread/4cd67c54-51a3-4f2e-8994-99d7bad047d0
Have you got "ignore client certificates" set on the "Default web site" under IIS?
ASKER
Yup. Both the RPC virtual and the 'Default Web Site' both show the check to 'Use SSL' and the sub check for '128bit Encryption', as well as the 'ignore client certs'.
Baffled. I'm just baffled by this issue. And I'm flying out of town in the morning. So what should I reinstall, and what should I backup first?
Baffled. I'm just baffled by this issue. And I'm flying out of town in the morning. So what should I reinstall, and what should I backup first?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Backup the Default Website in IIS (right-click and choose All Tasks, Save Configuration to a file).
Then remove the RPC over HTTP proxy (Control Panel> Add/Remove Programs> Windows Components> Networking Services)
Reboot the server then re-install the RPC over HTTP proxy as per this article:
http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
Once done - re-test and report on the results.
Good luck.
Then remove the RPC over HTTP proxy (Control Panel> Add/Remove Programs> Windows Components> Networking Services)
Reboot the server then re-install the RPC over HTTP proxy as per this article:
http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
Once done - re-test and report on the results.
Good luck.
ASKER
Actually I did not. Sorry. :-( That is one complicated string right there. I'll try it again though.
Attached is the rpcping results.
myrpcping.jpg
Attached is the rpcping results.
myrpcping.jpg
ASKER
Here's one for ya.. I had a suggestion to change my hosts file on my test laptop that is located within the same network as the server. This time outlook does indeed connect to the mailbox. But it does so with TCP/IP instead of HTTPS. I should say the directory items still connect via HTTPS. But the 'Mail' items listed on the RPCDiag window shows a connection uing TCP/IP.
Does that indicate anything?
Man, this is like a 1000point question, right?
Does that indicate anything?
Man, this is like a 1000point question, right?
ASKER
Alan, OK I did the RPC uninstall, restart and then re-set it up again. Same results. However, one of the tests in that link you provided offered the RPCDUMP function. This might be the issue: I cannot find anything listening or linked to the port 6001, which is the information store (right?). I see stuff in the dump file that links to 6002 & 6004. But using Ctrl-F to find the "6001" comes up with zero results.
So, I'm gonna do some research into that, but can anyone provide some quick items to enable this?
BTW - The ports are listed in that registry entry with all the other ports (6001-6002, 6004). You know which one I mean right? (It's getting late, and I'm getting flustered)
So, I'm gonna do some research into that, but can anyone provide some quick items to enable this?
BTW - The ports are listed in that registry entry with all the other ports (6001-6002, 6004). You know which one I mean right? (It's getting late, and I'm getting flustered)
ASKER
okay. so NETSTAT does show this port listed ONE time within that long dump file. It does show it listening, but only on the netbios name:6001 It shows up no other times and I can not telnet to it. Well I can, but do not get the same results as when I telnet into port 6002 or 6004.
Anybody feel like cluing me in a little? I feel this Information store could be the issue..
BTW-I re-ran the outlook anywhere tool and it failed again trying to ping 6001.
SOOOOO close now.
Anybody feel like cluing me in a little? I feel this Information store could be the issue..
BTW-I re-ran the outlook anywhere tool and it failed again trying to ping 6001.
SOOOOO close now.
Have a look on the server under HKEY_LOCAL_MACHINE\SOFTWAR
Is there are ValidPorts string that looks similar to the following?
Mailserver:593;mailserverF
as per http://msdn.microsoft.com/en-us/library/aa378642(VS.85).aspx
Is there are ValidPorts string that looks similar to the following?
Mailserver:593;mailserverF
as per http://msdn.microsoft.com/en-us/library/aa378642(VS.85).aspx
Also make sure you have Enabled(REG_DWORD) = 1 under there too.
ASKER
Guys I appreciate your help. Looks the we're going around in a couple of circles here.
Those registry entries have been checked and listed in just about every version of the RPC over HTTP documents that are out there. I've been over that at least a dozen times.
I think the issue is with this port 6001 thing, or I'm just F'd.
So thanks again for trying so hard and sticking with me.
Those registry entries have been checked and listed in just about every version of the RPC over HTTP documents that are out there. I've been over that at least a dozen times.
I think the issue is with this port 6001 thing, or I'm just F'd.
So thanks again for trying so hard and sticking with me.
can you post your ValidPorts key (replace servername if you want)
Also have a look at this article which talks about using RPCDump to verify the Information Store is listening on 6001:
http://technet.microsoft.com/en-us/library/aa997836(EXCHG.65).aspx
It also talks about your NTDS settings on your GC
Also have a look at this article which talks about using RPCDump to verify the Information Store is listening on 6001:
http://technet.microsoft.com/en-us/library/aa997836(EXCHG.65).aspx
It also talks about your NTDS settings on your GC
Have a look in the registry on your Mailbox server and confirm the following:
HKEY_LOCAL_MACHINE\SYSTEM\
There should be a DWORD there called "Rpc/HTTP Port" with a value of "1771" (hex) which is 6001
HKEY_LOCAL_MACHINE\SYSTEM\
There should be a DWORD there called "Rpc/HTTP Port" with a value of "1771" (hex) which is 6001
ASKER
This problem was a tough one and a lot of responses were very helpful in ruling out certain issues. The problem was just not a typical issue.
Thanks for the points, I take it is all working now? What was wrong with port6001?
What was wrong with port 6001?
I am having this EXACT issue and I'm really curious if you ever found a specific fix?