Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

RPC Over HTTPS work intermittently from some external locations

Posted on 2011-05-11
16
Medium Priority
?
807 Views
Last Modified: 2012-05-11
OK this one has me stumped and i need some fresh ideas or even back to basic steps.
I have  a SBS 2008 server which is configured for RPC over HTTPS.
External customers connect to this daily and it works both internal and external of the network.
I can connect to the exchange server by using internet explorer and I have the certificate installed for mail. All works great from Home Internet connection all of the time.
At one site in particular my outlook says trying to connect. at the same time I could have another latop next to me which connects without a problem. 3 hours later mine may connect but someone else's doesn't, they could all work or they could all not work. This has got me confused as I have been chasing this issue for 2 weeks.
Originally I thought it could be the ISP's issue but why may it work sometimes and not others?.
I have replaced the Firewall/ADSL modem with no change.
Has anyone got any suggestions for fault finding or testing the connection when it isn't working.
if I go outlook.exe /rpcdiag  the screen just says connecting but nothing seems to be happening.
Is their a manual way to test this rpc connection?

0
Comment
Question by:CSSROSS
  • 7
  • 7
  • 2
16 Comments
 
LVL 14

Accepted Solution

by:
setasoujiro earned 2000 total points
ID: 35736829
hold ctrol+right click on the outlook tray icon
click test auto config.
0
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 35737195
Two chances I see here is

* Your hits are not reaching the exchange server. Before that, its getting denied. May be an issue with the ISP you are connected.

* The ISA/firewall sits in front the exchange may have a limit set on the number of concurrent connection. ie from one particular IP, it will accept only n number of connections. If multiple users are connected from a different location which is having a proxy address, all communication will be having the same source IP. Check the ISA/Firewall logs to see if thats the case.

Good luck.
Shaba
0
 

Author Comment

by:CSSROSS
ID: 35751385
setasoujiro, I have tried your sugestion will the autoconfigure work when I am external to the network.
Also something else which seems wierd is that sometimes when I open outlook the password box pops up straight away and other times the password baox may not pop-up at all.
Could licensing on my sbs 2008 server be a possible cause?
doesn't answer why it works at home except that it is after hours and most people have gone home
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 35751457
As multiple are impacted, better invlove the network team and trace the traffic from your public ip.

Also, you could try from a different ISP at the same time you are facing issues from your laptop.

Shaba
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35751983
0
 

Author Comment

by:CSSROSS
ID: 35752268
When running the exchange connectivity I get the following error .connected and also one which isn't connected
Now I get this from a machine which is

Testing RPC/HTTP connectivity.
  The RPC/HTTP test failed.
   Test Steps
   Attempting to resolve the host name mail.hsvisiongroup.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: xxx.xxx.xxx.xxx
 
 Testing TCP port 443 on host xxxx.xxxxxxxxxxx.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.hsvisiongroup.com was found in the Certificate Subject Common name.
 
 Certificate trust is being validated.
  Certificate trust validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=xxxx.xxxxxxxxx.com, CN=companyweb, CN=SBSSVR01, CN=localhost, CN=SBSSVR01.xxxxxxxxxxxx.local

 
The Strange thing here is that the CN=SBSSVR01  is the name of my old SBS 2003 server and I now have a SBS 2008 server with a different name  sbs2008.

When i use Internet explorer to open web mail ( HTTPS://XXX.XXXX.XXX/owa) the site shows that the certificate is installed and I have never had a user have an issue connecting.
The Telco I am using is TELSTRA (Biggest Australian Telco).

Any ideas. Since this always works from my home address and other users home Internet should I be looking at isp or maybe this is coninsidence and the issue could be todo with my RPC over HTTP setup in the office.
Maybe creating an external certificate may help rather than the internal certificate we currently use?

 

 
 
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35752806
why are there localhost and .local names in you certif?
is this i valid certificate from a CA?(digicert/or other?)

for rpc to work you MUST have a bought certificate from a CA
when you say this works from home. do you use rpc or vpn or something?

0
 

Author Comment

by:CSSROSS
ID: 35753044
The certificate is created locally using certificate services on sbs server.
I don't use VPN just RPC overt HTTP.
One other very strange thing is that it is 8pm and I am working in the location which generally causes problems and the computers are connecting great.
4 hours ago the computers wouldn't connect (I have mad no changes in this time).
What licensing does RPC over HTTPS use? where can I check the licenses?
The only 3 things I can point this down too now are;
1) Server licensing
2) During working hours ISP has traffic restrictionshing on the local network is effecting connections during the day.
what do you think?
3) Somet
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35753061
i've never heard of isp blocking rpc (this is just ssl traffic.)
i find it hard to believe that rpc would work without a valid certificate
rpc just uses normal exchange cals, which are not "required" for exchange to work(by this i mean you don't need to import them ; you just need to have them somewhere in case of a business raid by MS ;-)

what do you mean with the ISP has traffic restrictions on the local network? what does the isp have to do with your LAN?
also, rpc does not use that much resources, one thing you could try, in the config. pane for the mail account in outlook, unmark the thick that says "use cahced mode"
0
 

Author Comment

by:CSSROSS
ID: 35753071
sorry using laptop and messed the typing

2)During working hours ISP has traffic restriction
3)something in the network during office hours is limiting the connection.
I have no policy for this on the firewall at this site or the main office firewall which is where the sbs server resides.  The  limiting must be locally if this is the case

What do you think?
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35753102
i doubt that isp would have traffic res. if it has, then find another :)
it could be the case that you have a REAL lame connection at the office, but that would also be doubtful.

when the rpc doesn't work, can you reconfigure the outlook (delete profile and reconfigure) to check if you still have connectivity to the server???

0
 

Author Comment

by:CSSROSS
ID: 35766447
When I create a new profile and use this is still doesn't work.
I have a new second fast internet connection on site now and it still does the same,
connects sometimes and not others.
I thought it could be licensing but SBS2008 works on an honor system apparantly.
The Internet connection doesn't always make a difference just the time of day.
Could the certificate cause the intermittant issue?
0
 
LVL 14

Assisted Solution

by:setasoujiro
setasoujiro earned 2000 total points
ID: 35766844
as i previously said, i find it rather strange/hard to believe since a valid certificate is a MUST:
http://www.eggheadcafe.com/microsoft/Exchange-Setup/29817540/articles-on-setting-up-rpc-over-https-for-exchange-2007.aspx
please read the following guide.



0
 

Author Comment

by:CSSROSS
ID: 35775236
Any one with further ideas.
I have added a trusted certificate and still no luck.
connect sometimes and not others. This has got me stumped
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35775288
please check if your firewall is not blocking the ips for some reason?
and check windows event log on the exchange server and client
0
 

Author Comment

by:CSSROSS
ID: 35882925
Well this was a very interesting fault.
Thanks for all of the ideas but this was just one of those bizarre IT faults we get sometimes.
In the end it was a process of elimination.
I tried an alternate Internet connection (Same provider).
created a new self signed certificate.
 checked all permissions etc.
I did the above with a two day gap between each change just to see if the change fixed the fault.
The final change I did was to purchase a trusted certificate and install it into the SBS2008 server. Amazingly enough and to my surprise this seemed to fix the issue.
I can't explain why this rectified the problem and what caused the existing certificate to be so intermittant from the one location.
Can't explain this one but all good now.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
As a matter of fact, Outlook OST files are of much importance in relation to Exchange mailbox. OST files are independent as they are simply copy of data of a user’s mailbox on Exchange Server. Though, if the server’s status is changed or it is dama…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses
Course of the Month15 days, 20 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question