Solved

RPC over HTTP connectivity report

Posted on 2010-08-24
19
1,123 Views
Last Modified: 2012-05-10
So I have  Exchange 2003 running on a W2K3 server. I have users that need to access/edit their mails and tasks through Outlook. I've been told that FULL versions of exchange can not run both exchange service and POP3. I started to read up on the Outlook anywhere and am having issues with this as well. I ran this through testexchangeconnectivity.com and this was the results. Any info would be helpful!!!

Thanks!!!

ExRCA is testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to test Autodiscover for user@company.com
       Testing Autodiscover failed.
       
      Test Steps
       
      ExRCA is attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential AutoDiscover URL https://company.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name company.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 173.12.*.*
      Testing TCP Port 443 on host company.com to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
       
      The certificate name is being validated.
       Successfully validated the certificate name
       
      Additional Details
       Found hostname company.com in Certificate Subject Alternative Name entry
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Additional Details
       The Certificate chain has be validated up to a trusted root. Root = OU=Equifax Secure Certificate Authority, O=Equifax, C=US
      The certificate date is being confirmed to ensure the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       Certificate is valid: NotBefore = 6/13/2010 4:08:13 PM, NotAfter = 6/15/2012 1:28:11 PM"
      The IIS configuration is being checked for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       Accept/Require Client Certificates not configured.
      ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Test Steps
       
      Attempting to Retrieve XML AutoDiscover Response from url https://company.com/AutoDiscover/AutoDiscover.xml for user user@company.com
       Failed to obtain AutoDiscover XML response.
       
      Additional Details
       A Web Exception occurred because an HTTP 404 - NotFound response was received from IIS6
      Attempting to test potential AutoDiscover URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.company.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 173.12.*.*
      Testing TCP Port 443 on host autodiscover.company.com to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
       
      The certificate name is being validated.
       Successfully validated the certificate name
       
      Additional Details
       Found hostname autodiscover.company.com is a Wildcard Certificate match for Common name: *.company.com
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Additional Details
       The Certificate chain has be validated up to a trusted root. Root = OU=Equifax Secure Certificate Authority, O=Equifax, C=US
      The certificate date is being confirmed to ensure the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       Certificate is valid: NotBefore = 6/13/2010 4:08:13 PM, NotAfter = 6/15/2012 1:28:11 PM"
      The IIS configuration is being checked for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       Accept/Require Client Certificates not configured.
      ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Test Steps
       
      Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml for user user@company.com
       Failed to obtain AutoDiscover XML response.
       
      Additional Details
       A Web Exception occurred because an HTTP 404 - NotFound response was received from IIS6
      ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.company.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 173.12.*.*
      Testing TCP Port 80 on host autodiscover.company.com to ensure it is listening and open.
       The port was opened successfully.
      Checking Host autodiscover.company.com for an HTTP redirect to AutoDiscover
       ExRCA failed to get an HTTP redirect response for Autodiscover.
       
      Additional Details
       A Web Exception occurred because an HTTP 404 - NotFound response was received from IIS6
      ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
       Failed to contact AutoDiscover using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.company.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        
0
Comment
Question by:cwest420
  • 10
  • 7
  • 2
19 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33515061
That test checks for RPC over HTTPS for Exchange 2007/2010 and assumes a lot of configuration changes which are not present in 2003.

You can check your RPC/HTTPs settings from here
http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html

And configure outlook like this.
http://www.msexchange.org/tutorials/outlookrpchttp.html

to test rpc over https, run this from a workstation outside the network.
rpcping -t ncacn_http -o RpcProxy=cas1.contoso.com -P "user,domain,password" -H 1 -F 3 -a connect -u 9 -v 3 -s mailbox.contoso.com -I " user,domain,password " -e 6004


More here
http://support.microsoft.com/kb/831051
http://msexchangeteam.com/archive/2008/06/20/449053.aspx
0
 
LVL 5

Expert Comment

by:kpoochi
ID: 33515127
You have run the test with Autodiscover, which is a feature not available in Exchange 2003.

So, run the test with the other option Outlook Anywhere (RPC over HTTP) for Exchange 2003.

To configure RPC over Http for Exchange 2003, refer
support.microsoft.com/kb/833401
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
0
 

Author Comment

by:cwest420
ID: 33515979
@kpoochi.

This test wasran under Outlook anywhere. Another thing I would like to add.....

I dont see the reg key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters"

Whats up with that?
0
 
LVL 5

Expert Comment

by:kpoochi
ID: 33516052
We can ignore the above registry if we have Exchange Server 2003 SP2
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33516060
cwest420 - let me know your thoughts on my post.

thanks
0
 

Author Comment

by:cwest420
ID: 33525317
A few other questions Id like to add..... In IIS; do i need to modify RPC or RPCwithCert virtual directories? Also, my global catalog also resides on a windows 2000 server. Is this still possible to do this or do I have to demote this machine and promote one of my W2K3 machines?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33525546
Global catalog resides on windows 2000 server.
>> That's fine as far as getting OWA / RPC / HTTPS. But you might want to consider moving things to 2003 atleast, since Windows 2000 Server EOL'd (end of life.

IIS RPC RPCwithCert
>> I think if you setup your RPC/HTTPS using this guide, you will be good to go.
http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33525579
Also verify if rpcproxy.dll is present here

c:/windows/system32/rpcproxy
0
 

Author Comment

by:cwest420
ID: 33526346
Ok. So I've verified that exchange DOES have the rpcproxy.dll in the specified folder. I also added a registry file in my Global Catalog with the data ncacn_http:6004.       I reran the test exchange website and it responded with.

The certificate common name *.company.com, doesn't validate against Mutual Authentication string provided msstd:company.company.com

I have a wildcard SSL and when I go to digicert they are able to verify the SSL certificate as valid. I'm getting closer... I can feel it....
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:cwest420
ID: 33535445
Just an update. This is where I am at now....

      Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server company.com
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33536136
In your outlook

In this box
http://www.msexchange.org/img/upl/image0031148285945718.jpg
use
msstd:*.company.com
instead of msstd:company.company.com

Guide here
http://www.msexchange.org/tutorials/outlookrpchttp.html

Close outlook

type
outlook /rpcdiag

see the status of connections in connections monitor.
0
 

Author Comment

by:cwest420
ID: 33536753
No dice. Just says connecting..... Its not even trying to authenticate. I put my password in and it flashes back to my login screen.....Frustrating......    Does this mean something to you?

Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server company.com
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime

I read somewhere that you might need to change a reg string to 0 to prevent RPC from polling... Not to sure how much truth there is in that tho.....

Thanks again for your help!!!!
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33536769
from outlook machine try this

rpcping -t ncacn_http -o RpcProxy=cas1.contoso.com -P "user,domain,password" -H 1 -F 3 -a connect -u 9 -v 3 -s mailbox.contoso.com -I " user,domain,password " -e 6004

replace destails with yours.
0
 

Author Comment

by:cwest420
ID: 33537493
I couldn't run that command from my outlook machine. If you by chance meant from exchange.. then here ya go
rcpping.txt
0
 

Author Comment

by:cwest420
ID: 33537526
I am also able to telnet into the specified ports.. 6001 6002 and 6004.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33537547
i think you are supposed to rpcping from outlook - so that we can test if the *RPC* part of RPC/HTTPS works :)

rpcping from exchange to itself will work always - unless there is something wrong with RPC configuration itself.

I think in your case rpcping has to be modified to this:

rpcping -t ncacn_http -o RpcProxy=*.contoso.com -P "user,domain,password" -H 1 -F 3 -a connect -u 9 -v 3 -s mailbox.contoso.com -I " user,domain,password " -e 6004

let me know if this works.
0
 

Author Comment

by:cwest420
ID: 33537801
Let me know what I did wrong. I tried it using the wild card and without it.... Still no luck...
0
 

Author Comment

by:cwest420
ID: 33537802
Let me know what I did wrong. I tried it using the wild card and without it.... Still no luck...
rcpping.txt
0
 

Accepted Solution

by:
cwest420 earned 0 total points
ID: 33582885
I upgraded my domain controller/global catalog to server 2K3. Also I had to fill in the RPC server and mail servers FQDN and the wild card was only valid on the MSSTD.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

If you don't know how to downgrade, my instructions below should be helpful.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now