Solved

RPC over HTTPS fails for external computers only

Posted on 2011-03-07
11
1,223 Views
Last Modified: 2012-06-27
Problem: configuring an outlook 2007 client to connect to our Exchange server via RPC over

We have RPC over HTTP set up on our exchange 2007 server. Outlook anywhere is set to use Basic authentication. We have a valid public certificate. Logging in at

https://mail.ourdomain.com/owa works fine, with no certificate errors. https://mail.ourdomain.com/rpc asks for credentials, but no credentials seem to work. I don't know if that's

normal.

https://testexchangeconnectivity.com/ gives "The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process."

I can telnet to the mail server port 6001 and 6002, and get the following response: "ncacn_http/1.0". Telnetting to 6004 gives a connection but no response. Our exchange server is

not a domain controller, and not hosting the global catalog.

Clients trying to use Outlook 2007 are asked for credentials, and then get "The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete

this action."

outlook /rpcdiag shows entries like

name: ---
Type: Directory
Status: Connecting
RPC: ---

Name: mail.ourdomain.com
Type: Referral
Status: Connecting
RPC: ---

Doing the same thing on the LAN works fine. Any ideas?
0
Comment
Question by:kzsigo
  • 5
  • 5
11 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35068290
What names are included in your SSL Certificate and is it a 3rd party one or the self-issued one that Exchange installs?
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 35071513
RPC over HTTPS fails for external computers only

What is the result on the internal computers.
Mostly Yes.
But the catch is, do we have a directory getting connected using tcp\ip or the HTTPs?

On the CAS server
Ping CAS-server-netbios --> results in the IPV4 or IPV6 address?

If we are receiving the "Ping CAS-server-netbios" to IPv6
Can you add the entry
CAS-server-netbios <---> IPv4 IP-address of the same cas-server

then test the telnet .... 6004?
0
 

Author Comment

by:kzsigo
ID: 35082928
Thanks for the replies. It seems that a reboot fixed the problem for the most part. We still have one exchange 2003 user who can't seem to get connected. Everything works for everyone else.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35082968
Do you mean Outlook 2003 user or Exchange 2003?
0
 

Author Comment

by:kzsigo
ID: 35083051
The user has outlook 2003, and we have an exchange 2007 server.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35083506
Okay - so all bar the one Outlook 2003 user is working and it used to work happily?

Are you using a self-issued certificate or a 3rd party purchased one?
0
 

Author Comment

by:kzsigo
ID: 35085699
We have 3rd party certificates.

Opening a telnet session to the exchange server's port 6004 did not cause any reply before rebooting. Now we get "ncacn_http/1.0" like we should. The outlook 2003 user is set to use HTTP first.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35088968
Okay - please test on the test site https://testexchangeconnectivity.com for the problem user using the Outlook Anywhere (RPC over HTTPS) test, specify manual server settings and then run the test.

What result do you get?

If you try different credentials - do the results change?
0
 

Accepted Solution

by:
kzsigo earned 0 total points
ID: 35094316
To fix the 6004 RPC_S_SERVER_UNAVAILABLE problem from testexchangeconnectivity.com:
A reboot of the server solved my problem.

To fix the 2003 client:
I had to specify the internal host name for the microsoft exchange server, and the external host name for the proxy, and everything worked out. That is odd because I have to specify the external host name for exchange server in both fields on 2007 clients.

Thanks for everyone helping out, we are 100%
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35101231
The internal exchange server is normal on all version of Outlook because that is the exchange server name and on the Proxy - you always specify the external FQDN as that is what Outlook uses to connect from externally.

If you have been using different settings - then you have been doing it incorrectly.
0
 

Author Closing Comment

by:kzsigo
ID: 35170940
We were able to fix this ourselves.  None of the other comments fixed the problems.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2016 update stuck at 0% 9 33
exchange2010 test connectivity error 4 32
Doubt. 2 58
Move mailbox to new database 9 12
Utilizing an array to gracefully append to a list of EmailAddresses
Read this checklist to learn more about the 15 things you should never include in an email signature.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now