RPC Over HTTPS work intermittently from some external locations

OK this one has me stumped and i need some fresh ideas or even back to basic steps.
I have  a SBS 2008 server which is configured for RPC over HTTPS.
External customers connect to this daily and it works both internal and external of the network.
I can connect to the exchange server by using internet explorer and I have the certificate installed for mail. All works great from Home Internet connection all of the time.
At one site in particular my outlook says trying to connect. at the same time I could have another latop next to me which connects without a problem. 3 hours later mine may connect but someone else's doesn't, they could all work or they could all not work. This has got me confused as I have been chasing this issue for 2 weeks.
Originally I thought it could be the ISP's issue but why may it work sometimes and not others?.
I have replaced the Firewall/ADSL modem with no change.
Has anyone got any suggestions for fault finding or testing the connection when it isn't working.
if I go outlook.exe /rpcdiag  the screen just says connecting but nothing seems to be happening.
Is their a manual way to test this rpc connection?

Who is Participating?
hold ctrol+right click on the outlook tray icon
click test auto config.
Shabarinath RamadasanInfrastructure ArchitectCommented:
Two chances I see here is

* Your hits are not reaching the exchange server. Before that, its getting denied. May be an issue with the ISP you are connected.

* The ISA/firewall sits in front the exchange may have a limit set on the number of concurrent connection. ie from one particular IP, it will accept only n number of connections. If multiple users are connected from a different location which is having a proxy address, all communication will be having the same source IP. Check the ISA/Firewall logs to see if thats the case.

Good luck.
CSSROSSAuthor Commented:
setasoujiro, I have tried your sugestion will the autoconfigure work when I am external to the network.
Also something else which seems wierd is that sometimes when I open outlook the password box pops up straight away and other times the password baox may not pop-up at all.
Could licensing on my sbs 2008 server be a possible cause?
doesn't answer why it works at home except that it is after hours and most people have gone home
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Shabarinath RamadasanInfrastructure ArchitectCommented:
As multiple are impacted, better invlove the network team and trace the traffic from your public ip.

Also, you could try from a different ISP at the same time you are facing issues from your laptop.

CSSROSSAuthor Commented:
When running the exchange connectivity I get the following error .connected and also one which isn't connected
Now I get this from a machine which is

Testing RPC/HTTP connectivity.
  The RPC/HTTP test failed.
   Test Steps
   Attempting to resolve the host name mail.hsvisiongroup.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: xxx.xxx.xxx.xxx
 Testing TCP port 443 on host xxxx.xxxxxxxxxxx.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.hsvisiongroup.com was found in the Certificate Subject Common name.
 Certificate trust is being validated.
  Certificate trust validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=xxxx.xxxxxxxxx.com, CN=companyweb, CN=SBSSVR01, CN=localhost, CN=SBSSVR01.xxxxxxxxxxxx.local

The Strange thing here is that the CN=SBSSVR01  is the name of my old SBS 2003 server and I now have a SBS 2008 server with a different name  sbs2008.

When i use Internet explorer to open web mail ( HTTPS://XXX.XXXX.XXX/owa) the site shows that the certificate is installed and I have never had a user have an issue connecting.
The Telco I am using is TELSTRA (Biggest Australian Telco).

Any ideas. Since this always works from my home address and other users home Internet should I be looking at isp or maybe this is coninsidence and the issue could be todo with my RPC over HTTP setup in the office.
Maybe creating an external certificate may help rather than the internal certificate we currently use?


why are there localhost and .local names in you certif?
is this i valid certificate from a CA?(digicert/or other?)

for rpc to work you MUST have a bought certificate from a CA
when you say this works from home. do you use rpc or vpn or something?

CSSROSSAuthor Commented:
The certificate is created locally using certificate services on sbs server.
I don't use VPN just RPC overt HTTP.
One other very strange thing is that it is 8pm and I am working in the location which generally causes problems and the computers are connecting great.
4 hours ago the computers wouldn't connect (I have mad no changes in this time).
What licensing does RPC over HTTPS use? where can I check the licenses?
The only 3 things I can point this down too now are;
1) Server licensing
2) During working hours ISP has traffic restrictionshing on the local network is effecting connections during the day.
what do you think?
3) Somet
i've never heard of isp blocking rpc (this is just ssl traffic.)
i find it hard to believe that rpc would work without a valid certificate
rpc just uses normal exchange cals, which are not "required" for exchange to work(by this i mean you don't need to import them ; you just need to have them somewhere in case of a business raid by MS ;-)

what do you mean with the ISP has traffic restrictions on the local network? what does the isp have to do with your LAN?
also, rpc does not use that much resources, one thing you could try, in the config. pane for the mail account in outlook, unmark the thick that says "use cahced mode"
CSSROSSAuthor Commented:
sorry using laptop and messed the typing

2)During working hours ISP has traffic restriction
3)something in the network during office hours is limiting the connection.
I have no policy for this on the firewall at this site or the main office firewall which is where the sbs server resides.  The  limiting must be locally if this is the case

What do you think?
i doubt that isp would have traffic res. if it has, then find another :)
it could be the case that you have a REAL lame connection at the office, but that would also be doubtful.

when the rpc doesn't work, can you reconfigure the outlook (delete profile and reconfigure) to check if you still have connectivity to the server???

CSSROSSAuthor Commented:
When I create a new profile and use this is still doesn't work.
I have a new second fast internet connection on site now and it still does the same,
connects sometimes and not others.
I thought it could be licensing but SBS2008 works on an honor system apparantly.
The Internet connection doesn't always make a difference just the time of day.
Could the certificate cause the intermittant issue?
as i previously said, i find it rather strange/hard to believe since a valid certificate is a MUST:
please read the following guide.

CSSROSSAuthor Commented:
Any one with further ideas.
I have added a trusted certificate and still no luck.
connect sometimes and not others. This has got me stumped
please check if your firewall is not blocking the ips for some reason?
and check windows event log on the exchange server and client
CSSROSSAuthor Commented:
Well this was a very interesting fault.
Thanks for all of the ideas but this was just one of those bizarre IT faults we get sometimes.
In the end it was a process of elimination.
I tried an alternate Internet connection (Same provider).
created a new self signed certificate.
 checked all permissions etc.
I did the above with a two day gap between each change just to see if the change fixed the fault.
The final change I did was to purchase a trusted certificate and install it into the SBS2008 server. Amazingly enough and to my surprise this seemed to fix the issue.
I can't explain why this rectified the problem and what caused the existing certificate to be so intermittant from the one location.
Can't explain this one but all good now.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.