WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!
Solved
Outlook Anywhere Failure - RPC Proxy can't be pinged.
Posted on 2011-03-09
Hello, I am trying to set up Outlook Anywhere on Exchange 2010 SP1 x64, Server 2008 R2 x64, Outlook 2010 x86 (on Windows 7). The Exchange server is the DC and runs all affiliated servers (CAS, Mail etc). 80 and 443 are open to the Exchange Server. Whenever I run "testexchangeconnectivity.
NOTE: I have substituted in contoso for the actual name of the domain.
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
Attempting to resolve the host name mail.contoso.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 12.34.56.789
Testing TCP port 443 on host mail.contoso.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.contoso.com was found in the Certificate Subject Common name.
Certificate trust is being validated.
The test passed with some warnings encountered. Please expand the additional details.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 8/18/2009 4:36:08 PM, NotAfter = 8/18/2011 4:36:08 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://mail.contoso.com/rpc/rpcproxy.dll.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLM
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Certificate common name mail.contoso.com matches msstd:mail.contoso.com.
Attempting to ping RPC proxy mail.contoso.com.
RPC Proxy can't be pinged.
Additional Details
A Web exception occurred because an HTTP 401 - Unauthorized response was received from Unknown.
And I have spent several hours trying to fix it including reinstalling the RPC feature several times and resetting IIS. I've also gone into the registry: HKEY_LOCAL_MACHINE\SOFTWAR
ValidPorts: MAIL:593;MAIL:49152-65535;
ValidPorts_AutoConfig_Exch
I can also navigate to the .dll at "https://mail.contoso.com/rpc/rpcproxy.dll". It just displays a blank page.
NOTE: I have substituted in contoso for the actual name of the domain.
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
Attempting to resolve the host name mail.contoso.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 12.34.56.789
Testing TCP port 443 on host mail.contoso.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.contoso.com was found in the Certificate Subject Common name.
Certificate trust is being validated.
The test passed with some warnings encountered. Please expand the additional details.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 8/18/2009 4:36:08 PM, NotAfter = 8/18/2011 4:36:08 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://mail.contoso.com/rpc/rpcproxy.dll.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLM
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Certificate common name mail.contoso.com matches msstd:mail.contoso.com.
Attempting to ping RPC proxy mail.contoso.com.
RPC Proxy can't be pinged.
Additional Details
A Web exception occurred because an HTTP 401 - Unauthorized response was received from Unknown.
And I have spent several hours trying to fix it including reinstalling the RPC feature several times and resetting IIS. I've also gone into the registry: HKEY_LOCAL_MACHINE\SOFTWAR
ValidPorts: MAIL:593;MAIL:49152-65535;
ValidPorts_AutoConfig_Exch
I can also navigate to the .dll at "https://mail.contoso.com/rpc/rpcproxy.dll". It just displays a blank page.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
7-
6
3
16 Comments
Can internal outlook clients ping mail.contoso.com internally and does it resolve to the internal IP address of your CAS server?
Have you tried RPCPING ?
Have you tested an internal Outlook Anywhere client?
Have you tried RPCPING ?
Have you tested an internal Outlook Anywhere client?
When clients ping mail.contoso.com it resolves to the public IP, when they ping mail.contoso.local it resolves to the internal IP of the CAS.
I just did try RPCPING, to no avail.
rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
And the response was:
"Response from server received: 200
Pinging successfully completed in 280ms"
I'm not exactly sure how I would test an internal Outlook Anywhere client because wouldn't Outlook simply use MAPI in that case?
I just did try RPCPING, to no avail.
rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
And the response was:
"Response from server received: 200
Pinging successfully completed in 280ms"
I'm not exactly sure how I would test an internal Outlook Anywhere client because wouldn't Outlook simply use MAPI in that case?
Setup an internal contoso.com DNS zone
Add (A) record for mail in internal contoso.com and point it at the internal IP address of your CAS server.
Test www.testexchangeconnectivity.com outlook anywhere test again as the above may have resolved your issue
Then go into the internal Outlook HTTP settings and tell it connect over HTTP on fast networks. Fire up outlook with /rpcdiag and you should see it attempting to connect over HTTP if it can't make the connection it will fail back to TCP/IP
Add (A) record for mail in internal contoso.com and point it at the internal IP address of your CAS server.
Test www.testexchangeconnectivity.com outlook anywhere test again as the above may have resolved your issue
Then go into the internal Outlook HTTP settings and tell it connect over HTTP on fast networks. Fire up outlook with /rpcdiag and you should see it attempting to connect over HTTP if it can't make the connection it will fail back to TCP/IP
So I created the internal A record. Went to DNS manager, setup a new zone for contoso.com then created a A record for mail.contoso.com to point to 192.168.1.11. However, it didn't resolve my issue, the test still fails.
Ok , which test failed www.testexchangeconnectivity.com or the Outlook one or both?
The www.testexchangeconnectivity.com failed, however, when I went into an Outlook inside the organization and configured it to connect using HTTP on fast and slow networks and configured Outlook Anywhere it connected fine. The rpcdiag said that the directory and mail had connected via HTTPS. So that appears good.
what is the error with OA failed in www.testexchangeconnectivity.com?
When you navigate to https://mail.contoso.com/rpc/rpcproxy.dll you said it shows you a blank page. Does it prompt you for authentication first?
Have you tried going to that URL from an Internet machine?
Have you tried going to that URL from an Internet machine?
Wow, I just tried Outlook Anywhere from my PC and I was able to connect to the mail server. However when I run the testexchangeconnectivity.c
When I navigate to https://mail.contoso.com/rpc/rpcproxy.dll externally it does prompt for authentication then delivers the blank page, which is good I guess. Same thing happens internally.
Now before I declare it solved just let I have to make sure my client is connected to Microsoft Exchange, so I'll know in a few hours. I still am curious why the testexchangeconnectivity.c
When I navigate to https://mail.contoso.com/rpc/rpcproxy.dll externally it does prompt for authentication then delivers the blank page, which is good I guess. Same thing happens internally.
Now before I declare it solved just let I have to make sure my client is connected to Microsoft Exchange, so I'll know in a few hours. I still am curious why the testexchangeconnectivity.c
ok this happens in testexchangeconnectivity.c
even i dont use testexchangeconnectivity.c
i am sure internally also it will work
even i dont use testexchangeconnectivity.c
i am sure internally also it will work
Featured Post
Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article will help to fix the below errors for MS Exchange Server 2013
I. Certificate error "name on the security certificate is invalid or does not match the name of the site"
II. Out of Office not working
III. Make Internal URLs and Externa…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.
Suggested Courses
Course of the Month7 days, 6 hours left to enroll
715 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.