Solved

Outlook Anywhere Failure - RPC Proxy can't be pinged.

Posted on 2011-03-09
16
14,867 Views
Last Modified: 2012-05-11
Hello, I am trying to set up Outlook Anywhere on Exchange 2010 SP1 x64, Server 2008 R2 x64, Outlook 2010 x86 (on Windows 7). The Exchange server is the DC and runs all affiliated servers (CAS, Mail etc). 80 and 443 are open to the Exchange Server. Whenever I run "testexchangeconnectivity.com" I get this:

NOTE: I have substituted in contoso for the actual name of the domain.

      Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.contoso.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 12.34.56.789
      Testing TCP port 443 on host mail.contoso.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
       
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       Host name mail.contoso.com was found in the Certificate Subject Common name.
      Certificate trust is being validated.
       The test passed with some warnings encountered. Please expand the additional details.
       
      Additional Details
       ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       The certificate is valid. NotBefore = 8/18/2009 4:36:08 PM, NotAfter = 8/18/2011 4:36:08 PM
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       Accept/Require Client Certificates isn't configured.
      Testing HTTP Authentication Methods for URL https://mail.contoso.com/rpc/rpcproxy.dll.
       The HTTP authentication methods are correct.
       
      Additional Details
       ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLM
      Testing SSL mutual authentication with the RPC proxy server.
       Mutual authentication was verified successfully.
       
      Additional Details
       Certificate common name mail.contoso.com matches msstd:mail.contoso.com.
      Attempting to ping RPC proxy mail.contoso.com.
       RPC Proxy can't be pinged.
       
      Additional Details
       A Web exception occurred because an HTTP 401 - Unauthorized response was received from Unknown.

And I have spent several hours trying to fix it including reinstalling the RPC feature several times and resetting IIS. I've also gone into the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy (as I've read on some forums) and made sure the registry is correct. (I also have another setup, identical, Ex2010 etc which is working perfectly and have compared registry keys and they all are identical).

ValidPorts: MAIL:593;MAIL:49152-65535;MAIL:6001-6004;mail.contoso.com:6001-6004;mail.contoso.local:6001-6004
ValidPorts_AutoConfig_Exchange: mail:6001-6002;mail:6004;mail.contoso.local:6001-6002;mail.contoso.local:6004

I can also navigate to the .dll at "https://mail.contoso.com/rpc/rpcproxy.dll". It just displays a blank page.
0
Comment
Question by:liamdye
  • 7
  • 6
  • 3
16 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35092518
Can internal outlook clients ping mail.contoso.com internally and does it resolve to the internal IP address of your CAS server?
Have you tried RPCPING ?
Have you tested an internal Outlook Anywhere client?
0
 

Author Comment

by:liamdye
ID: 35092735
When clients ping mail.contoso.com it resolves to the public IP, when they ping mail.contoso.local it resolves to the internal IP of the CAS.

I just did try RPCPING, to no avail.

rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none

And the response was:
"Response from server received: 200
Pinging successfully completed in 280ms"

I'm not exactly sure how I would test an internal Outlook Anywhere client because wouldn't Outlook simply use MAPI in that case?
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 35092991
Setup an internal contoso.com DNS zone
Add (A) record for mail in internal contoso.com and point it at the internal IP address of your CAS server.
Test www.testexchangeconnectivity.com outlook anywhere test again as the above may have resolved your issue

Then go into the internal Outlook HTTP settings and tell it connect over HTTP on fast networks. Fire up outlook with /rpcdiag and you should see it attempting to connect over HTTP if it can't make the connection it will fail back to TCP/IP
0
 

Author Comment

by:liamdye
ID: 35097230
So I created the internal A record. Went to DNS manager, setup a new zone for contoso.com then created a A record for mail.contoso.com to point to 192.168.1.11. However, it didn't resolve my issue, the test still fails.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35097598
Ok , which test failed www.testexchangeconnectivity.com or the Outlook one or both?
0
 

Author Comment

by:liamdye
ID: 35101546
The www.testexchangeconnectivity.com failed, however, when I went into an Outlook inside the organization and configured it to connect using HTTP on fast and slow networks and configured Outlook Anywhere it connected fine. The rpcdiag said that the directory and mail had connected via HTTPS. So that appears good.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35103200
awesome news do we have a ISA or any other firewall between ur cas and the Outlook Anywhere users ?
0
 

Author Comment

by:liamdye
ID: 35104965
No hardware firewall, no anti-virus etc, and windows firewall is off.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35105914
what is the error with OA failed in  www.testexchangeconnectivity.com?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35106203
When you navigate to https://mail.contoso.com/rpc/rpcproxy.dll you said it shows you a blank page. Does it prompt you for authentication first?

Have you tried going to that URL from an Internet machine?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35106235
Or even better, try Outlook Anywhere externally now and see what happens.
0
 

Author Comment

by:liamdye
ID: 35108410
Wow, I just tried Outlook Anywhere from my PC and I was able to connect to the mail server. However when I run the testexchangeconnectivity.com it gives the error: A Web exception occurred because an HTTP 401 - Unauthorized response was received from Unknown.

When I navigate to https://mail.contoso.com/rpc/rpcproxy.dll externally it does prompt for authentication then delivers the blank page, which is good I guess. Same thing happens internally.

Now before I declare it solved just let I have to make sure my client is connected to Microsoft Exchange, so I'll know in a few hours. I still am curious why the testexchangeconnectivity.com gives an error.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35109129
ok this happens in testexchangeconnectivity.com  as it does all the checks

even i dont use testexchangeconnectivity.com  as the deciding factor :)

i am sure internally also it will work
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35109150
I use outlook as the deciding factor
0
 

Author Comment

by:liamdye
ID: 35114565
Thanks very much for the help guys. Problem solved, connectivity to Exchange has been restored. :)
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35114996
No problem, thanks for the points
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now