kzsigo
asked on
RPC over HTTPS fails for external computers only
Problem: configuring an outlook 2007 client to connect to our Exchange server via RPC over
We have RPC over HTTP set up on our exchange 2007 server. Outlook anywhere is set to use Basic authentication. We have a valid public certificate. Logging in at
https://mail.ourdomain.com/owa works fine, with no certificate errors. https://mail.ourdomain.com/rpc asks for credentials, but no credentials seem to work. I don't know if that's
normal.
https://testexchangeconnectivity.com/ gives "The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process."
I can telnet to the mail server port 6001 and 6002, and get the following response: "ncacn_http/1.0". Telnetting to 6004 gives a connection but no response. Our exchange server is
not a domain controller, and not hosting the global catalog.
Clients trying to use Outlook 2007 are asked for credentials, and then get "The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete
this action."
outlook /rpcdiag shows entries like
name: ---
Type: Directory
Status: Connecting
RPC: ---
Name: mail.ourdomain.com
Type: Referral
Status: Connecting
RPC: ---
Doing the same thing on the LAN works fine. Any ideas?
We have RPC over HTTP set up on our exchange 2007 server. Outlook anywhere is set to use Basic authentication. We have a valid public certificate. Logging in at
https://mail.ourdomain.com/owa works fine, with no certificate errors. https://mail.ourdomain.com/rpc asks for credentials, but no credentials seem to work. I don't know if that's
normal.
https://testexchangeconnectivity.com/ gives "The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process."
I can telnet to the mail server port 6001 and 6002, and get the following response: "ncacn_http/1.0". Telnetting to 6004 gives a connection but no response. Our exchange server is
not a domain controller, and not hosting the global catalog.
Clients trying to use Outlook 2007 are asked for credentials, and then get "The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete
this action."
outlook /rpcdiag shows entries like
name: ---
Type: Directory
Status: Connecting
RPC: ---
Name: mail.ourdomain.com
Type: Referral
Status: Connecting
RPC: ---
Doing the same thing on the LAN works fine. Any ideas?
What names are included in your SSL Certificate and is it a 3rd party one or the self-issued one that Exchange installs?
RPC over HTTPS fails for external computers only
What is the result on the internal computers.
Mostly Yes.
But the catch is, do we have a directory getting connected using tcp\ip or the HTTPs?
On the CAS server
Ping CAS-server-netbios --> results in the IPV4 or IPV6 address?
If we are receiving the "Ping CAS-server-netbios" to IPv6
Can you add the entry
CAS-server-netbios <---> IPv4 IP-address of the same cas-server
then test the telnet .... 6004?
What is the result on the internal computers.
Mostly Yes.
But the catch is, do we have a directory getting connected using tcp\ip or the HTTPs?
On the CAS server
Ping CAS-server-netbios --> results in the IPV4 or IPV6 address?
If we are receiving the "Ping CAS-server-netbios" to IPv6
Can you add the entry
CAS-server-netbios <---> IPv4 IP-address of the same cas-server
then test the telnet .... 6004?
ASKER
Thanks for the replies. It seems that a reboot fixed the problem for the most part. We still have one exchange 2003 user who can't seem to get connected. Everything works for everyone else.
Do you mean Outlook 2003 user or Exchange 2003?
ASKER
The user has outlook 2003, and we have an exchange 2007 server.
Okay - so all bar the one Outlook 2003 user is working and it used to work happily?
Are you using a self-issued certificate or a 3rd party purchased one?
Are you using a self-issued certificate or a 3rd party purchased one?
ASKER
We have 3rd party certificates.
Opening a telnet session to the exchange server's port 6004 did not cause any reply before rebooting. Now we get "ncacn_http/1.0" like we should. The outlook 2003 user is set to use HTTP first.
Opening a telnet session to the exchange server's port 6004 did not cause any reply before rebooting. Now we get "ncacn_http/1.0" like we should. The outlook 2003 user is set to use HTTP first.
Okay - please test on the test site https://testexchangeconnectivity.com for the problem user using the Outlook Anywhere (RPC over HTTPS) test, specify manual server settings and then run the test.
What result do you get?
If you try different credentials - do the results change?
What result do you get?
If you try different credentials - do the results change?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The internal exchange server is normal on all version of Outlook because that is the exchange server name and on the Proxy - you always specify the external FQDN as that is what Outlook uses to connect from externally.
If you have been using different settings - then you have been doing it incorrectly.
If you have been using different settings - then you have been doing it incorrectly.
ASKER
We were able to fix this ourselves. None of the other comments fixed the problems.