Solved

RPC over HTTPS fails for external computers only

Posted on 2011-03-07
11
1,222 Views
Last Modified: 2012-06-27
Problem: configuring an outlook 2007 client to connect to our Exchange server via RPC over

We have RPC over HTTP set up on our exchange 2007 server. Outlook anywhere is set to use Basic authentication. We have a valid public certificate. Logging in at

https://mail.ourdomain.com/owa works fine, with no certificate errors. https://mail.ourdomain.com/rpc asks for credentials, but no credentials seem to work. I don't know if that's

normal.

https://testexchangeconnectivity.com/ gives "The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process."

I can telnet to the mail server port 6001 and 6002, and get the following response: "ncacn_http/1.0". Telnetting to 6004 gives a connection but no response. Our exchange server is

not a domain controller, and not hosting the global catalog.

Clients trying to use Outlook 2007 are asked for credentials, and then get "The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete

this action."

outlook /rpcdiag shows entries like

name: ---
Type: Directory
Status: Connecting
RPC: ---

Name: mail.ourdomain.com
Type: Referral
Status: Connecting
RPC: ---

Doing the same thing on the LAN works fine. Any ideas?
0
Comment
Question by:kzsigo
  • 5
  • 5
11 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What names are included in your SSL Certificate and is it a 3rd party one or the self-issued one that Exchange installs?
0
 
LVL 26

Expert Comment

by:e_aravind
Comment Utility
RPC over HTTPS fails for external computers only

What is the result on the internal computers.
Mostly Yes.
But the catch is, do we have a directory getting connected using tcp\ip or the HTTPs?

On the CAS server
Ping CAS-server-netbios --> results in the IPV4 or IPV6 address?

If we are receiving the "Ping CAS-server-netbios" to IPv6
Can you add the entry
CAS-server-netbios <---> IPv4 IP-address of the same cas-server

then test the telnet .... 6004?
0
 

Author Comment

by:kzsigo
Comment Utility
Thanks for the replies. It seems that a reboot fixed the problem for the most part. We still have one exchange 2003 user who can't seem to get connected. Everything works for everyone else.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Do you mean Outlook 2003 user or Exchange 2003?
0
 

Author Comment

by:kzsigo
Comment Utility
The user has outlook 2003, and we have an exchange 2007 server.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - so all bar the one Outlook 2003 user is working and it used to work happily?

Are you using a self-issued certificate or a 3rd party purchased one?
0
 

Author Comment

by:kzsigo
Comment Utility
We have 3rd party certificates.

Opening a telnet session to the exchange server's port 6004 did not cause any reply before rebooting. Now we get "ncacn_http/1.0" like we should. The outlook 2003 user is set to use HTTP first.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - please test on the test site https://testexchangeconnectivity.com for the problem user using the Outlook Anywhere (RPC over HTTPS) test, specify manual server settings and then run the test.

What result do you get?

If you try different credentials - do the results change?
0
 

Accepted Solution

by:
kzsigo earned 0 total points
Comment Utility
To fix the 6004 RPC_S_SERVER_UNAVAILABLE problem from testexchangeconnectivity.com:
A reboot of the server solved my problem.

To fix the 2003 client:
I had to specify the internal host name for the microsoft exchange server, and the external host name for the proxy, and everything worked out. That is odd because I have to specify the external host name for exchange server in both fields on 2007 clients.

Thanks for everyone helping out, we are 100%
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
The internal exchange server is normal on all version of Outlook because that is the exchange server name and on the Proxy - you always specify the external FQDN as that is what Outlook uses to connect from externally.

If you have been using different settings - then you have been doing it incorrectly.
0
 

Author Closing Comment

by:kzsigo
Comment Utility
We were able to fix this ourselves.  None of the other comments fixed the problems.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now