gunschee
asked on
RPC with Exchange 2003 - Outlook 2003 - Client Issues
Our network is configured to use RPC with Outlook. My particular setup works fine. I'm noticing that for some people though I'm having a problem getting them to authenticate. It just keeps asking for the password. I know I'm not providing much information, but assuming I'm setting up the clients the exact same way on each person's laptop, what could be going on locally that would screw up the setup? Is some cert missing, etc? No errors pop up, it just keeps on asking for the password.
???
???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry, but I didn't set this up. It's been handed to me, and I've been rolling out as needed. Sometimes it works for clients, sometimes it doesn't. Authentication is set to basic. All the clients are in the same simple domain structure.
Results of Connectivity Analyzer for a failed setup: (I changed our domain name to "domain" below)
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to resolve the host name webmail.domain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 67.152.119.89
Testing TCP Port 443 on host webmail.domain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname webmail.domain.com in Certificate Subject Common name
Validating certificate trust
Certificate is trusted and all certificates are present in chain
Additional Details
The Certificate chain has be validated up to a trusted root. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 7/6/2009 2:04:12 AM, NotAfter = 7/6/2014 2:04:12 AM"
Testing Http Authentication Methods for URL https://webmail.domain.com/rpc/rpcproxy.dll
Http Authentication Test failed
Additional Details
Exception Details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack Trace:
at System.Net.HttpWebRequest.
at Microsoft.Exchange.Tools.E
at Microsoft.Exchange.Tools.E
Results of Connectivity Analyzer for a failed setup: (I changed our domain name to "domain" below)
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to resolve the host name webmail.domain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 67.152.119.89
Testing TCP Port 443 on host webmail.domain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname webmail.domain.com in Certificate Subject Common name
Validating certificate trust
Certificate is trusted and all certificates are present in chain
Additional Details
The Certificate chain has be validated up to a trusted root. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 7/6/2009 2:04:12 AM, NotAfter = 7/6/2014 2:04:12 AM"
Testing Http Authentication Methods for URL https://webmail.domain.com/rpc/rpcproxy.dll
Http Authentication Test failed
Additional Details
Exception Details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack Trace:
at System.Net.HttpWebRequest.
at Microsoft.Exchange.Tools.E
at Microsoft.Exchange.Tools.E
Hi Gunchee,
It looks like the authentication methods allowed by the web service are not allowing people to authenticate. Check that anonymous access is removed within IIS and that either digest or windows integrated is enabled (with integrated preferred).
You could check that the permissions and ACLs for the web components have not deviated from a standard install as that could manifest itself as this problem. One way of doing this is to enable auditing (ask if you need help to do this) and assign some blanket audit control lists to the web components. A quick check in the security event log will tell you what objects are being accessed and failing. The rights on these objects may have been changed from standard.
Good luck and keep us posted.
Thanks
Al.
It looks like the authentication methods allowed by the web service are not allowing people to authenticate. Check that anonymous access is removed within IIS and that either digest or windows integrated is enabled (with integrated preferred).
You could check that the permissions and ACLs for the web components have not deviated from a standard install as that could manifest itself as this problem. One way of doing this is to enable auditing (ask if you need help to do this) and assign some blanket audit control lists to the web components. A quick check in the security event log will tell you what objects are being accessed and failing. The rights on these objects may have been changed from standard.
Good luck and keep us posted.
Thanks
Al.
ASKER
I'll check IIS, but why would some users be able to get in while others cannot? Shouldn't it be getting in the way of everyone?
ASKER
Are we talking about IIS running on the Exchange server?
This is a vastly underated and underused tool IMO
Please heed the advice is recommends to create a test account for the purpose of testing, as you need to give it a username and password that is live on your exchange server for it to work.
Worth a try. It may do the hard work for you :-)
Let us know how you get on.
Thanks
Al.