• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1406
  • Last Modified:

rpc ssl setting changing on its own

this is a new server that was migrated from sbs2003.
sbs 2008  IIS 6 sp2
rpc over http "outlook anywhwere"

for the clients to connect the ssl setting in rpc under web applications in IIS services manager need to have the client "Ignore" the client certificate. it randomly (ever 15-60 min) changes to accept.
we have a  purchased certificate, everything works great with regards to that. OWA rpc over http (when the settings are at ignore)

Im under alot of pressure here all the users are remote!

Thanks in advance
Dave
0
nexicomnetsol
Asked:
nexicomnetsol
  • 8
  • 5
  • 4
1 Solution
 
Glen KnightCommented:
You don't make changes in IIS with Exchange 2007, the configuration should be done using the Exchange Management Console.

What is it you are trying to change and why?
0
 
nexicomnetsolAuthor Commented:
Thanks demazter

i need to change the ssl setting in rpc to "ignore client certificates"

i found that i needed this setting changed through either a best practices wizard or another wizard, (im very tired) and then tested with website testexchangeconnectivity.
once i made the change in ii6 everyone connected.

so where in the exchange management should i be looking into this issue
0
 
Glen KnightCommented:
Why are you trying to change this setting?

Do you have a valid SSL certificate?
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
nexicomnetsolAuthor Commented:
yes we are using a comodo certificate
 but for some reason its the only way to get the  outlook to connect.

the testexchangeconnectivity site passed the  certificate portion of the test, thats what lead me to the "ignore client certificates" setting

owa works fine using cert
remote web workplace works fine with cert.

i read an article and it suggested running the fix my network wizard, and certificate passed there.

any suggestions or things to try?
0
 
Glen KnightCommented:
How did you request the certificate? Did you use the SBS Console wizard?
0
 
nexicomnetsolAuthor Commented:
We had it on the old server, subdomain hasn't changed and the cert is compatible with IIs 6

we ran the web server certificate wizard from the sbs console and imported it there
current status is trusted
0
 
Glen KnightCommented:
I would suggest you re-key it.  The requirements for Exchange 2007 are different to that of Exhange 2003.
0
 
Cliff GaliherCommented:
I suspect your iisauthenticationmethod setting has gotten corrupted. This is easy to fix, but to be safe, can you post the results from the following EMS command?

Get-outlookanywhere | fl
0
 
nexicomnetsolAuthor Commented:
ok here it is


[PS] C:\Windows\system32>Get-outlookanywhere | fl
WARNING: IIS://GPSERVER1.gileadpower.local/W3SVC/1/ROOT/Rpc was not found.
Please make sure you have typed it correctly.


ServerName                 : GPSERVER1
SSLOffloading              : False
ExternalHostname           : remote.gileadpower.com
ClientAuthenticationMethod : Basic
IISAuthenticationMethods   : {Basic}
MetabasePath               : IIS://GPSERVER1.gileadpower.local/W3SVC/1/ROOT/Rpc
Path                       :
Server                     : GPSERVER1
AdminDisplayName           :
ExchangeVersion            : 0.1 (8.0.535.0)
Name                       : Rpc (Default Web Site)
DistinguishedName          : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=
                             GPSERVER1,CN=Servers,CN=Exchange Administrative Gr
                             oup (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=
                             First Organization,CN=Microsoft Exchange,CN=Servic
                             es,CN=Configuration,DC=gileadpower,DC=local
Identity                   : GPSERVER1\Rpc (Default Web Site)
Guid                       : 6f3ccd06-c8ae-4bbe-b5a7-a0bc57de50c4
ObjectCategory             : gileadpower.local/Configuration/Schema/ms-Exch-Rpc
                             -Http-Virtual-Directory
ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtual
                             Directory}
WhenChanged                : 02/04/2011 3:45:33 PM
WhenCreated                : 02/04/2011 3:45:33 PM
OriginatingServer          : GPSERVER1.gileadpower.local
IsValid                    : True



[PS] C:\Windows\system32>
0
 
Cliff GaliherCommented:
Good, everything looks right there. You only have one and both items are set to Basic, so let's rewrite that data to enure we overwrite any corruption. The following two commands should do just that.

get-outlookanywhere | set-outlookanywhere -DefaultAuthenticationMethod NTLM
get-outlookanywhere | set-outlookanywhere -DefaultAuthenticationMethod Basic

0
 
Cliff GaliherCommented:
On second thought, you said this was SBS 2008? The rpc directory is being reported as being in the "Default Web site" which is incorrect. It should be in the "SBS Web Apps" instead. It probably *is* there, but Exchange is misconfigured and Get-Outlookanywhere is showing that. It won't hurt to run the commands above, but I'm half-expecting them to fail. Let's verify that before I go too much further...

-Cliff
0
 
nexicomnetsolAuthor Commented:
Ok so here are the results

And yes its sbs 2008 and the rpc is located in sbs web apps

       


[PS] C:\Windows\system32>get-outlookanywhere | set-outlookanywhere -DefaultAuthe
nticationMethod NTLM
WARNING: IIS://GPSERVER1.gileadpower.local/W3SVC/1/ROOT/Rpc was not found.
Please make sure you have typed it correctly.

[PS] C:\Windows\system32>get-outlookanywhere | set-outlookanywhere -DefaultAuthe
nticationMethod Basic
WARNING: IIS://GPSERVER1.gileadpower.local/W3SVC/1/ROOT/Rpc was not found.
Please make sure you have typed it correctly.
[PS] C:\Windows\system32>

0
 
Cliff GaliherCommented:
Yeah, that warning about the default tells me that something (usually a 3rd-party app that expects components to be in the default web site) has gone and clobbered most of our settings.

Start with this (WITH A BACKUP!!!) and lets get your Exchange components working as expected.

http://microsofttoolbox.com/2009/12/how-to-recreate-exchange-virtual-directories/

0
 
nexicomnetsolAuthor Commented:
So before i continue couple of questions

can i narrow this down or do i have to perform the whole list? remove all then recreate all?

if i perform the task will i have reconfiguring of other features that are working ie: web outlook, and rww?

i will most likely have to wait and do this tomorrow night after employees have gone home, pretty risky doing it remotely or during business hours.

I really appreciate this
stay tuned
0
 
Cliff GaliherCommented:
As long as you used the wizards to configure OWA and RWW, then this process (as documented, you rerun the IAMW) will put things back in a standard working state. If you did any changes OUTSIDE of the wizards then you will have to repeat those changes.

As far as narrowing down the list, being something has stomped on IIS, I would recommend against it. Chances are it touched all of the Exchange directories and dependencies, so each will have to be set up to ensure consistency.

This is the less drastic process, which is why I'm starting with it. It is possible that the metadata related to the RPC proxy service (a windows service, not an exchange service) has itself been tampered with, in which case, a more invasive repair will be required, so I haven't posted that yet.

So yes, the process above has the potential to break things, but a good backup and a careful progress should minimize or eliminate the risk.

-Cliff
0
 
nexicomnetsolAuthor Commented:
Sorry for the delay in my reply, cgaliher it seems you were partially correct. client insisted we call microsoft so after 30 hours of online support, they discovered that the autodiscover connector was corrupted at some deep level.
0
 
nexicomnetsolAuthor Commented:
I want to thank everyone that responded! its members like you that help those of us that are learning!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now