Solved

RPC over HTTPS fails for external computers only

Posted on 2011-03-07
11
1,244 Views
Last Modified: 2012-06-27
Problem: configuring an outlook 2007 client to connect to our Exchange server via RPC over

We have RPC over HTTP set up on our exchange 2007 server. Outlook anywhere is set to use Basic authentication. We have a valid public certificate. Logging in at

https://mail.ourdomain.com/owa works fine, with no certificate errors. https://mail.ourdomain.com/rpc asks for credentials, but no credentials seem to work. I don't know if that's

normal.

https://testexchangeconnectivity.com/ gives "The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process."

I can telnet to the mail server port 6001 and 6002, and get the following response: "ncacn_http/1.0". Telnetting to 6004 gives a connection but no response. Our exchange server is

not a domain controller, and not hosting the global catalog.

Clients trying to use Outlook 2007 are asked for credentials, and then get "The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete

this action."

outlook /rpcdiag shows entries like

name: ---
Type: Directory
Status: Connecting
RPC: ---

Name: mail.ourdomain.com
Type: Referral
Status: Connecting
RPC: ---

Doing the same thing on the LAN works fine. Any ideas?
0
Comment
Question by:kzsigo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35068290
What names are included in your SSL Certificate and is it a 3rd party one or the self-issued one that Exchange installs?
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 35071513
RPC over HTTPS fails for external computers only

What is the result on the internal computers.
Mostly Yes.
But the catch is, do we have a directory getting connected using tcp\ip or the HTTPs?

On the CAS server
Ping CAS-server-netbios --> results in the IPV4 or IPV6 address?

If we are receiving the "Ping CAS-server-netbios" to IPv6
Can you add the entry
CAS-server-netbios <---> IPv4 IP-address of the same cas-server

then test the telnet .... 6004?
0
 

Author Comment

by:kzsigo
ID: 35082928
Thanks for the replies. It seems that a reboot fixed the problem for the most part. We still have one exchange 2003 user who can't seem to get connected. Everything works for everyone else.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35082968
Do you mean Outlook 2003 user or Exchange 2003?
0
 

Author Comment

by:kzsigo
ID: 35083051
The user has outlook 2003, and we have an exchange 2007 server.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35083506
Okay - so all bar the one Outlook 2003 user is working and it used to work happily?

Are you using a self-issued certificate or a 3rd party purchased one?
0
 

Author Comment

by:kzsigo
ID: 35085699
We have 3rd party certificates.

Opening a telnet session to the exchange server's port 6004 did not cause any reply before rebooting. Now we get "ncacn_http/1.0" like we should. The outlook 2003 user is set to use HTTP first.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35088968
Okay - please test on the test site https://testexchangeconnectivity.com for the problem user using the Outlook Anywhere (RPC over HTTPS) test, specify manual server settings and then run the test.

What result do you get?

If you try different credentials - do the results change?
0
 

Accepted Solution

by:
kzsigo earned 0 total points
ID: 35094316
To fix the 6004 RPC_S_SERVER_UNAVAILABLE problem from testexchangeconnectivity.com:
A reboot of the server solved my problem.

To fix the 2003 client:
I had to specify the internal host name for the microsoft exchange server, and the external host name for the proxy, and everything worked out. That is odd because I have to specify the external host name for exchange server in both fields on 2007 clients.

Thanks for everyone helping out, we are 100%
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35101231
The internal exchange server is normal on all version of Outlook because that is the exchange server name and on the Proxy - you always specify the external FQDN as that is what Outlook uses to connect from externally.

If you have been using different settings - then you have been doing it incorrectly.
0
 

Author Closing Comment

by:kzsigo
ID: 35170940
We were able to fix this ourselves.  None of the other comments fixed the problems.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question