Solved

Exchange 2010 RPC over Http

Posted on 2012-03-19
6
3,026 Views
Last Modified: 2012-03-23
For some reason outlook clients configured for rpc/http are getting prompted for their password. What am I missing?

The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.schulershook.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.schulershook.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
      Testing HTTP Authentication Methods for URL https://mail.schulershook.com/rpc/rpcproxy.dll.
       The HTTP authentication methods are correct.
       
      Additional Details
      Testing SSL mutual authentication with the RPC proxy server.
       Mutual authentication was verified successfully.
       
      Additional Details
      Attempting to ping RPC proxy mail.schulershook.com.
       RPC Proxy can't be pinged.
       
      Additional Details
       An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
0
Comment
Question by:Darth_mark67
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 37740827
Is internal autodiscover working? How to you do the testing? Are you using this linkhttps://www.testexchangeconnectivity.com/?
0
 
LVL 20

Accepted Solution

by:
Hendrik Wiese earned 500 total points
ID: 37740975
Just a couple of things

1. You are using the correct format for your username right? Domain\username
2. Run command Get-ExchangeCertificate |FL *Domains  and ensure that mail.schulershook.com and autodiscover.schulershook.com is part of the domains
3. Also try to set-outlookprovider expr -cerprincipalName msstd:domain.com (Note: domain.com should be the external host name.)
4. Set-OutlookProvider: http://technet.microsoft.com/en-us/library/bb123683(EXCHG.80).aspx

Reference: http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/59f1f100-119a-41c6-a6e1-53df4857070f/

Also have a look at http://social.technet.microsoft.com/Forums/en-US/exrca/thread/175f9334-f4d2-4b64-aed2-883c6bdaba95/
0
 

Author Comment

by:Darth_mark67
ID: 37741833
auto discover is not listed.


         Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List

Tip of the day #37:

Want to remove an ActiveSync device from a user's device list? Type:

 Remove-ActiveSyncDevice

This cmdlet can be helpful for troubleshooting devices that don't synchronize successfully with the server.

VERBOSE: Connecting to MSG.schulershook.net
VERBOSE: Connected to MSG.schulershook.net.
[PS] C:\Windows\system32>cd..
[PS] C:\Windows>cd..
[PS] C:\>Get-ExchangeCertificate |fl *domains


CertificateDomains : {mail.schulershook.com}



[PS] C:\>
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Darth_mark67
ID: 37741871
ExRCA is attempting to test Autodiscover for rshook@schulershook.com.
       Testing Autodiscover failed.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://schulershook.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name schulershook.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host schulershook.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
      Attempting to test potential Autodiscover URL https://autodiscover.schulershook.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.schulershook.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 206.188.193.210
      Testing TCP port 443 on host autodiscover.schulershook.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.schulershook.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 80 on host autodiscover.schulershook.com to ensure it's listening and open.
       The port was opened successfully.
      ExRCA is checking the host autodiscover.schulershook.com for an HTTP redirect to the Autodiscover service.
       ExRCA failed to get an HTTP redirect response for Autodiscover.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A response other than a redirect was received. HTTP status: OK
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.schulershook.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
0
 

Author Comment

by:Darth_mark67
ID: 37743020
This is the only error I'm getting now:

Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.schulershook.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.schulershook.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
      Testing HTTP Authentication Methods for URL https://mail.schulershook.com/rpc/rpcproxy.dll.
       The HTTP authentication methods are correct.
       
      Additional Details
      Testing SSL mutual authentication with the RPC proxy server.
       Mutual authentication was verified successfully.
       
      Additional Details
      Attempting to ping RPC proxy mail.schulershook.com.
       RPC Proxy was pinged successfully.
       
      Additional Details
      Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server mail.schulershook.com.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 37743219
You need to buy a UCC certificate from a 3rd Certificate Authority like http://www.digicert.com/ and include at least the following domains:

autodiscover.domain.com
client.domain.com
CASSERVERNAME.com / CASSERVERNAME.local
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now