MIT-Techs
asked on
RPC - HTTP Stopped working on SBS2003 Exchange Server Again!
RPC over HTTP stopped working for all remote users using outlook.
OWA works just fine.
I previously opened a case here on Experts Exchange and the issue was resolved by enabling Integrated Authentication in IIS Manager on the RPC Virtual Directory of the Default Website.
Now the issue is occurring again, but only for Outlook 2010 remote users. Everyone using outlook 2003 or outlook 2007 is fine. Please help.
OWA works just fine.
I previously opened a case here on Experts Exchange and the issue was resolved by enabling Integrated Authentication in IIS Manager on the RPC Virtual Directory of the Default Website.
Now the issue is occurring again, but only for Outlook 2010 remote users. Everyone using outlook 2003 or outlook 2007 is fine. Please help.
Are you using a self signed SSL cert?
What authentication do you have set for the Outlook 2010 users in the proxy settings in Outlook and what settings have you got in Outlook 2003/2007?
Are they different?
Are they different?
ASKER
@murgroup: In administrative tools under CA I see a valid Self Signed cert for identity.
Is there another place I look for an SSl cert?
Is there another place I look for an SSl cert?
ASKER
@alanhardisty:
On the outlook 2003 and 2007 clients they are set to connect using SSL only and it works. I have tried connecting with and without SSL on 2010 with no luck.
On the outlook 2003 and 2007 clients they are set to connect using SSL only and it works. I have tried connecting with and without SSL on 2010 with no luck.
Go to administrative tools, IIS manager. Right click the default website and go to properties. Click the directory security tab and click view certificate. That will give you the info of who issued the cert.
Outlook 2010 doesn't like self signed certificates and I've found the best way to resolve this is to install a valid SSL cert from GoDaddy or others. If you don't want to do that you will have to manually install it on each machine running Outlook 2010 using the mmc and certificate snap-in.
Alanhardisty could be on to something. In the http proxy settings are you using basic authentication?
Outlook 2010 doesn't like self signed certificates and I've found the best way to resolve this is to install a valid SSL cert from GoDaddy or others. If you don't want to do that you will have to manually install it on each machine running Outlook 2010 using the mmc and certificate snap-in.
Alanhardisty could be on to something. In the http proxy settings are you using basic authentication?
Can Outlook 2010 clients connect interally?
ASKER
@murgroup: There is a Go Daddy cert that is valid until 2012. The Outlook 2010 clients are currently set to NTLM with SSL, but I have also tried Basic authentication.
Note: When using basic authentication the client connects, but none of the inbox items download. It just sits there.
Note: When using basic authentication the client connects, but none of the inbox items download. It just sits there.
ASKER
Forgot to mention, all users are remote and none actually work inside the LAN. No way of knowing if the users with 2010 can connect on the local LAN.
Ok have you tried using this site to troubleshoot connectivity issues? Don't use the administrator account just a user account.
https://www.testexchangeconnectivity.com/#
https://www.testexchangeconnectivity.com/#
ASKER
@murgroup: I just ran the test. Everything passed.
Connectivity Test Successful
Test Details
Testing RPC/HTTP connectivity.
The RPC/HTTP test completed successfully.
Test Steps
Attempting to resolve the host name dci.crowell.cc in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host dci.crowell.cc to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://dci.crowell.cc/rpc/rpcproxy.dll.
The HTTP authentication methods are correct.
Additional Details
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Attempting to ping RPC proxy dci.crowell.cc.
RPC Proxy was pinged successfully.
Additional Details
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server dci.crowellfinehomes.com.
The endpoint was pinged successfully.
Additional Details
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
The NSPI interface was tested successfully.
Test Steps
Testing the Referral service on the Exchange Mailbox server.
The Referral service was tested successfully.
Test Steps
Testing the Exchange Information Store on the Mailbox server.
ExRCA successfully tested the Information Store.
Connectivity Test Successful
Test Details
Testing RPC/HTTP connectivity.
The RPC/HTTP test completed successfully.
Test Steps
Attempting to resolve the host name dci.crowell.cc in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host dci.crowell.cc to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://dci.crowell.cc/rpc/rpcproxy.dll.
The HTTP authentication methods are correct.
Additional Details
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Attempting to ping RPC proxy dci.crowell.cc.
RPC Proxy was pinged successfully.
Additional Details
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server dci.crowellfinehomes.com.
The endpoint was pinged successfully.
Additional Details
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
The NSPI interface was tested successfully.
Test Steps
Testing the Referral service on the Exchange Mailbox server.
The Referral service was tested successfully.
Test Steps
Testing the Exchange Information Store on the Mailbox server.
ExRCA successfully tested the Information Store.
Please screen dump your proxy settings on a client (Outlook) that isn't working and hide the domain part.
ASKER
@ alanhardisty How do I screen dump proxy settings on outlook and hide the domain?
ASKER
New information: I discovered that e-mail on phones will not work inside the network. E-mail on cell phones will only work when outside the network.
I also set up a remote user on a VPN connection. Outlook 2010 does work inside the LAN.
This just gets more odd.
I also set up a remote user on a VPN connection. Outlook 2010 does work inside the LAN.
This just gets more odd.
Alt + Prt Scrn, then paste into Paintbrush, save as a .png file and upload to EE.
Please read the following article re the lack of Activesync on your WiFi:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html
Please read the following article re the lack of Activesync on your WiFi:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html
Was the "https://" field and the "Only connect to proxy server that have......" filled out with the correct information?
If so - what format were you using for both fields?
If so - what format were you using for both fields?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for helping Alan. This was a very odd issue that resolve by something totally unexpected.
Glad you got it sorted. Out of interest - what firewall do you have?
Alan
Alan
ASKER
The firewall with issues was a Cisco Small Business RV120W. It was the issue. It was replaced with a Sonicwall TZ100.
And you would think the Cisco would be better!