[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

RPC - HTTP Stopped working on SBS2003 Exchange Server Again!

RPC over HTTP stopped working for all remote users using outlook.
OWA works just fine.

I previously opened a case here on Experts Exchange and the issue was resolved by enabling Integrated Authentication in IIS Manager on the RPC Virtual Directory of the Default Website.

Now the issue is occurring again, but only for Outlook 2010 remote users. Everyone using outlook 2003 or outlook 2007 is fine. Please help.
0
MIT-Techs
Asked:
MIT-Techs
  • 11
  • 6
  • 4
1 Solution
 
murgroupCommented:
Are you using a self signed SSL cert?
0
 
Alan HardistyCommented:
What authentication do you have set for the Outlook 2010 users in the proxy settings in Outlook and what settings have you got in Outlook 2003/2007?

Are they different?
0
 
MIT-TechsAuthor Commented:
@murgroup: In administrative tools under CA I see a valid Self Signed cert for identity.
Is there another place I look for an SSl cert?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
MIT-TechsAuthor Commented:
@alanhardisty:

On the outlook 2003 and 2007 clients they are set to connect using SSL only and it works. I have tried connecting with and without SSL on 2010 with no luck.
0
 
murgroupCommented:
Go to administrative tools, IIS manager. Right click the default website and go to properties. Click the directory security tab and click view certificate. That will give you the info of who issued the cert.
Outlook 2010 doesn't like self signed certificates and I've found the best way to resolve this is to install a valid SSL cert from GoDaddy or others. If you don't want to do that you will have to manually install it on each machine running Outlook 2010 using the mmc and certificate snap-in.

Alanhardisty could be on to something. In the http proxy settings are you using basic authentication?
0
 
murgroupCommented:
Can Outlook 2010 clients connect interally?
0
 
MIT-TechsAuthor Commented:
@murgroup: There is a Go Daddy cert that is valid until 2012. The Outlook 2010 clients are currently set to NTLM with SSL, but I have also tried Basic authentication.

Note: When using basic authentication the client connects, but none of the inbox items download. It just sits there.
0
 
MIT-TechsAuthor Commented:
Forgot to mention, all users are remote and none actually work inside the LAN. No way of knowing if the users with 2010 can connect on the local LAN.
0
 
murgroupCommented:
Ok have you tried using this site to troubleshoot connectivity issues? Don't use the administrator account just a user account.

https://www.testexchangeconnectivity.com/#
0
 
MIT-TechsAuthor Commented:
@murgroup: I just ran the test. Everything passed.

      Connectivity Test Successful
 
Test Details
      Testing RPC/HTTP connectivity.
       The RPC/HTTP test completed successfully.
       
      Test Steps
       
      Attempting to resolve the host name dci.crowell.cc in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host dci.crowell.cc to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
      Testing HTTP Authentication Methods for URL https://dci.crowell.cc/rpc/rpcproxy.dll.
       The HTTP authentication methods are correct.
       
      Additional Details
      Testing SSL mutual authentication with the RPC proxy server.
       Mutual authentication was verified successfully.
       
      Additional Details
      Attempting to ping RPC proxy dci.crowell.cc.
       RPC Proxy was pinged successfully.
       
      Additional Details
      Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server dci.crowellfinehomes.com.
       The endpoint was pinged successfully.
       
      Additional Details
      Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
       The NSPI interface was tested successfully.
       
      Test Steps
      Testing the Referral service on the Exchange Mailbox server.
       The Referral service was tested successfully.
       
      Test Steps
      Testing the Exchange Information Store on the Mailbox server.
       ExRCA successfully tested the Information Store.
0
 
Alan HardistyCommented:
Please screen dump your proxy settings on a client (Outlook) that isn't working and hide the domain part.
0
 
MIT-TechsAuthor Commented:
@ alanhardisty How do I screen dump proxy settings on outlook and hide the domain?
0
 
MIT-TechsAuthor Commented:
New information: I discovered that e-mail on phones will not work inside the network. E-mail on cell phones will only work when outside the network.

I also set up a remote user on a VPN connection. Outlook 2010 does work inside the LAN.
This just gets more odd.
0
 
Alan HardistyCommented:
Alt + Prt Scrn, then paste into Paintbrush, save as a .png file and upload to EE.

Please read the following article re the lack of Activesync on your WiFi:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html
0
 
MIT-TechsAuthor Commented:
Here is a screen shot of the settings on Outlook 2010.

proxy settings
0
 
Alan HardistyCommented:
Was the "https://" field and the "Only connect to proxy server that have......" filled out with the correct information?

If so - what format were you using for both fields?
0
 
MIT-TechsAuthor Commented:
It looks like the firewall was the issue. All sorts of strange things stopped working. As soon as the firewall was upgraded everything started working.
0
 
MIT-TechsAuthor Commented:
Thank you for helping Alan. This was a very odd issue that resolve by something totally unexpected.
0
 
Alan HardistyCommented:
Glad you got it sorted.  Out of interest - what firewall do you have?

Alan
0
 
MIT-TechsAuthor Commented:
The firewall with issues was a Cisco Small Business RV120W. It was the issue. It was replaced with a Sonicwall TZ100.
0
 
Alan HardistyCommented:
And you would think the Cisco would be better!
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 11
  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now