Exchange Outlook Anywhere 2010 fails RPC test

Testing RPC/HTTP connectivity
  RPC/HTTP test failed
   Test Steps
   Attempting to resolve the host name mail.tomtcscomputers.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 65.78.53.166  
 
 Testing TCP Port 443 on host mail.tomtcscomputers.com to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The certificate passed all validation requirements.
   Test Steps
   Validating certificate name
  Successfully validated the certificate name
   Additional Details
  Found hostname mail.tomtcscomputers.com in Certificate Subject Common name  
 
 Validating certificate trust
  The test passed with some warnings encountered. Please expand additional details.
   Additional Details
  Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information.  
 
 Testing certificate date to ensure validity
  Date Validation passed. The certificate is not expired.
   Additional Details
  Certificate is valid: NotBefore = 4/6/2010 5:12:43 PM, NotAfter = 4/6/2013 5:12:43 PM"  
 
 
 
 Testing Http Authentication Methods for URL https://mail.tomtcscomputers.com/rpc/rpcproxy.dll 
  Http Authentication Methods are correct
   Additional Details
  Found all expected authentication methods and no disallowed methods. Methods Found: Negotiate, NTLM  
 
 Testing SSL mutual authentication with RPC Proxy server
  Successfully verified Mutual Authentication
   Additional Details
  Certificate common name mail.tomtcscomputers.com matches msstd:mail.tomtcscomputers.com  
 
 Attempting to Ping RPC Proxy mail.tomtcscomputers.com
  Cannot ping RPC Proxy
   Additional Details
  A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown  

Any idea how to get the RPC connector portion working???
tomtcsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkhaterCommented:
HTTP 401 - Unauthorized response was received from Unknown  

how are you connected to the internet ?

do you have ISA or a firewall ?
0
tomtcsAuthor Commented:
I have a Cisco 1811 configured to NAT port 80 and 443 to my exchange server.  Connected to the internet via Cable Modem with Static IP Address.
0
AkhaterCommented:
OK then did you enable outlook anywhere on your exchange ?

do you have rpc proxy installed ?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

tomtcsAuthor Commented:
Outlook anywhere is enabled and RPC proxy is installed.  Outlook anywhere has a Single SSL certificate bound to the server for all services at mail.tomtcscomputers.com
0
AkhaterCommented:
did you try it with many users ? is the users ur testing with member of domain admins?
0
tomtcsAuthor Commented:
I'm simply testing with just my account - a domain admin account.  I've now got past the RPC Proxy ping.  Now it fails on the next step:
 Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mail.tomtcscomputers.com
  Failed to ping Endpoint
   Tell me more about this issue and how to resolve it
   Additional Details
  RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime  
 

0
AkhaterCommented:
try with a dummy account you create that is not domain admin

how did you get through the first error ?
0
AkhaterCommented:
also how many servers do you have ?
0
tomtcsAuthor Commented:
Got past the error the first time by disabling and re-enabling the nic card...didn't hold though.  Now im back to the cannot ping rpc proxy error again.  Just tried to reinstall the RPC over HTTP feature...that didn't fix it either.  Treid with a dummy account and no go.

Ive got 2 servers, one server as the domain controller, the other as the exchange server as a member of the domain.
0
AkhaterCommented:
any firewall / antivirus running on the exchange server?

are you on virtual environment ?

can you run ExBPA ?

0
tomtcsAuthor Commented:
running this on a virtual environment - VMWare Server Edition on a Windows 7 Professional box (x64) with 24GB ram.  No firewall or antivirus on any of the systems at this point.  Will deploy AV once everything is tested and functional.

Download Exchange Best Practices Analyzer now.. will post the results once i run it.
0
tomtcsAuthor Commented:
Apparently theres no best practices analyzer for Exchange 2010 at this time.  Atleast none that i can see.
0
AkhaterCommented:
EXBpa is included inside EMS toolbox
0
AkhaterCommented:
I meant EMC of course
0
tomtcsAuthor Commented:
Unrecognized Exchange Signature ... Please run domain prep.
0
AkhaterCommented:
do you have RU2 installed ?
0
tomtcsAuthor Commented:
What is RU2?
0
tomtcsAuthor Commented:
Installed, restarted and still no luck...
I even tried a completely fresh install on a physical server and still no go... Something i need to open on the firewall?
0
AkhaterCommented:
all you need to open on your firewall is port 443 I guess it is already opened right ?
0
tomtcsAuthor Commented:
That's right...anything else i'm missing?
0
AkhaterCommented:
no nothing!

Can I suggest you disable and enable OutlookAnywhere again ?

"  Found all expected authentication methods and no disallowed methods. Methods Found: Negotiate, NTLM  "

make sure you enable basic authentication
0
tomtcsAuthor Commented:
Tried to enable and disable Outlook Anywhere with no change.  Also went to enable Basic Authentication, but it only gives me the option of one or the other, not both.

I'm thinking now that maybe it has something to do with my router config if thats possible.

Building configuration...

Current configuration : 4427 bytes
!
! Last configuration change at 02:57:21 UTC Tue Apr 13 2010 by tomtcs
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
crypto pki trustpoint TP-self-signed-3702721925
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3702721925
 revocation-check none
 rsakeypair TP-self-signed-3702721925
!
!
crypto pki certificate chain TP-self-signed-3702721925
 certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33373032 37323139 3235301E 170D3130 30343133 30323439
  31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37303237
  32313932 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C7ED 20B15EAB 4C986A5E 3DC6B7B6 5DD0C3FB EA770D37 A2079381 952D98AF
  A54B022D D9E95F69 69B6234E 1A5CAA74 033A5A79 B3E28B00 FF40BE73 F6282756
  A8E44B77 2DD9E517 FEDDB209 13CA3B48 FA376E2C D04341A1 AC90D0BB 47114DE2
  0C80F5C2 7EB038DF E45F5E1D 1617C745 F21476F4 8A1814BA 3244936A 21BAAE71
  86D50203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
  551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 02F9E1DA
  58D70365 FF902E69 9575311E 25AEB551 301D0603 551D0E04 16041402 F9E1DA58
  D70365FF 902E6995 75311E25 AEB55130 0D06092A 864886F7 0D010104 05000381
  810089BD 3CC94B2D 3252FD32 66772E27 AC5EF579 B8C31269 97AF778E CE148CB9
  0C9C89EF 6583100D D4776BCF 93898663 F17A0A1B 7F24C9A7 3CC53A95 5C1F1233
  162B2650 04783003 1020897E F4C89B11 9D2D8B56 FC59BEF1 6C31AE9C E407DCF1
  03EC40AD 4C63963B 631C5B62 46D067E7 D3C51AC5 1FE48E0D 38D36ECE 6E6FE924 DB9A
        quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.50.1 192.168.50.10
!
ip dhcp pool default
   network 192.168.50.0 255.255.255.0
   update dns
   domain-name tomtcscomputers.local
   dns-server 192.168.50.1 208.67.222.222 208.67.220.220
   default-router 192.168.50.2
   update arp
!
!
ip cef
ip name-server 208.59.247.45
ip name-server 192.168.50.3
ip name-server 208.59.247.46
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1811/K9 sn FTX132182NU
username tomtcs privilege 15 view root password 0 <removed>
!
!
crypto ikev2 diagnose error 50
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 description $ETH-WAN$
 ip address dhcp client-id FastEthernet0 hostname tomtcscomputers
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 ip address 192.168.50.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 no ip address
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat pool FTPServer_Qnap 192.168.50.15 192.168.50.15 netmask 255.255.255.0 type rotary
ip nat pool ExchangeServer 192.168.50.4 192.168.50.4 netmask 255.255.255.0 type rotary
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.50.6 3389 interface FastEthernet0 3389
ip nat inside source static tcp 192.168.50.3 9001 interface FastEthernet0 9001
ip nat inside destination list Downloads pool FTPServer_Qnap
ip nat inside destination list MailServer pool ExchangeServer
!
ip access-list extended Downloads
 permit tcp any any eq ftp
 permit tcp any any range 55536 56559
 permit tcp any any eq 8080
 permit udp any any range 55536 56559
ip access-list extended MailServer
 permit tcp any any eq smtp
 permit tcp any any eq 143
 permit tcp any any eq www
 permit tcp any any eq 443
 permit tcp any any eq pop3
 permit icmp any any
!
access-list 1 permit 192.168.50.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 transport input all
!
end

Open in new window

0
tomtcsAuthor Commented:
I finally got it working.  First - my stupidity.  The main problem was caused by the fact that I had created a master image of a flat Windows 2008 server on my ESXi server.  I forgot about problems with conflicting SSIDs.  Once I created a new copy of my master 2008 image, I ran sysprep and created a new SSID.  This resolved most of the problems.  The biggest of which was getting correct authentication to the Active Directory.  I didn't realize this wasn't working until I realized that even though I would login as a Domain Admin, I still didn't have administrator rights.  Once I re-installed Exchange, I tested the RPCProxy.dll independently and it seemed to work.  Little by little i started passing all the tests, until i got to the port 6001 problem.  This one I remembered from my 2003 exchange server install.  Change the valid ports in the registry to reflect your Domain Controller on a seperate PC, and give it the external DNS names as well.   Once that was done, here are the results:

 Testing RPC/HTTP connectivity
  RPC/HTTP test completed successfully.
   Test Steps
   Attempting to resolve the host name mail.tomtcscomputers.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 65.78.53.166  
 
 Testing TCP Port 443 on host mail.tomtcscomputers.com to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The certificate passed all validation requirements.
   Test Steps
   Validating certificate name
  Successfully validated the certificate name
   Additional Details
  Found hostname mail.tomtcscomputers.com in Certificate Subject Common name  
 
 Validating certificate trust
  The test passed with some warnings encountered. Please expand additional details.
   Additional Details
  Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information.  
 
 Testing certificate date to ensure validity
  Date Validation passed. The certificate is not expired.
   Additional Details
  Certificate is valid: NotBefore = 4/22/2010 1:52:42 AM, NotAfter = 4/6/2013 5:12:43 PM"  
 
 
 
 Testing Http Authentication Methods for URL https://mail.tomtcscomputers.com/rpc/rpcproxy.dll 
  Http Authentication Methods are correct
   Additional Details
  Found all expected authentication methods and no disallowed methods. Methods Found: Negotiate, NTLM  
 
 Testing SSL mutual authentication with RPC Proxy server
  Successfully verified Mutual Authentication
   Additional Details
  Certificate common name mail.tomtcscomputers.com matches msstd:mail.tomtcscomputers.com  
 
 Attempting to Ping RPC Proxy mail.tomtcscomputers.com
  Pinged RPC Proxy successfully
   Additional Details
  Completed with HTTP status 200 - OK  
 
 Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server jester.topgun.local
  Pinged Endpoint successfully
   Additional Details
  RPC Status Ok (0) returned in 203 ms.  
 
 Testing NSPI Interface on Exchange Mailbox Server
  Successfully tested NSPI Interface.
   Test Steps
   Attempting to ping RPC Endpoint 6004 (NSPI Proxy Interface) on server jester.topgun.local
  Pinged Endpoint successfully
   Additional Details
  RPC Status Ok (0) returned in 171 ms.  
 
 Testing NSPI "Check Name" for user tomtcs@tomtcscomputers.com against server jester.topgun.local
  The test passed with some warnings encountered. Please expand additional details.
   Tell me more about this issue and how to resolve it
   Additional Details
  NspiBind returned ecNotSupported. This typically indicates that your server requires RPC encryption. ExRCA will attempt the NSPI test again with encryption.  
 
 Testing NSPI "Check Name" for user tomtcs@tomtcscomputers.com against server jester.topgun.local
  Check Name succeeded
   Additional Details
  DisplayName: Thomas Kay, LegDN: /o=ToMTcSComputers/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Thomas Kay  
 
 
 
 Testing the Referral Service on Exchange Mailbox Server
  Successfully tested the Referral Service
   Test Steps
   Attempting to ping RPC Endpoint 6002 (Referral Interface) on server jester.topgun.local
  Pinged Endpoint successfully
   Additional Details
  RPC Status Ok (0) returned in 437 ms.  
 
 Attempting to perform Referral for user /o=ToMTcSComputers/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Thomas Kay on Server jester.topgun.local
  Succeeded getting Referral
   Additional Details
  Server returned by Referral Service: Jester.topgun.local  
 
 
 
 Testing the Exchange Information Store on Mailbox Server
  Successfully tested the Information Store
   Test Steps
   Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server jester.topgun.local
  Pinged Endpoint successfully
   Additional Details
  RPC Status Ok (0) returned in 93 ms.  
 
 Testing Logon to the Exchange Information Store
  Successfully logged on to the Information Store
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AkhaterCommented:
wow! that was a tough call.

thank you for the update
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.