markbenham
asked on
RPC over HTTPS
Hi,
Here is what I have:
Windows 2003 Enterprise Server SP2
Exchange server 2003 Enterprise SP2
I'm trying to set up RPC over HTTPS and I have a proper SAN SSL certificate.
The problem I have is that, although Outlook Web Access is working fine,
RPC over HTTPS is not.
I have all the required ports opened 6001,6002 and 6004 and of course 443 to no avail.
When I run Microsoft Remote Connectivity Analyser, it comes back with an error:
========================== ===
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for mbenham@coeliac.org.uk.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://coeliac.org.uk/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name coeliac.org.uk in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 80.87.0.34
Testing TCP port 443 on host coeliac.org.uk to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server coeliac.org.uk on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Attempting to test potential Autodiscover URL https://autodiscover.coeliac.org.uk/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.coeliac.org.u k in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 80.4.186.131
Testing TCP port 443 on host autodiscover.coeliac.org.u k to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.coeliac.org.u k on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.coeliac.org.uk, OU=Domain Control Validated, O=webmail.coeliac.org.uk, Issuer: SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.coeliac.org.u k was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=webmail.coeliac.org.uk, OU=Domain Control Validated, O=webmail.coeliac.org.uk.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 12/31/2012 2:34:07 PM, NotAfter = 12/31/2014 2:34:07 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.coeliac.org.uk/AutoDiscover/AutoDiscover.xml for user mbenham@coeliac.org.uk.
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from IIS6.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.coeliac.org.u k in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 80.4.186.131
Testing TCP port 80 on host autodiscover.coeliac.org.u k to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.coeliac.org.u k for an HTTP redirect to the Autodiscover service.
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 401 Unauthorized response was received from the remote IIS6 server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.coeliac .org.uk in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
========================== ========
I'm not sure what is wrong? How can I get this resolved?
If there is anymore information you need please let me know.
Many Thanks
Here is what I have:
Windows 2003 Enterprise Server SP2
Exchange server 2003 Enterprise SP2
I'm trying to set up RPC over HTTPS and I have a proper SAN SSL certificate.
The problem I have is that, although Outlook Web Access is working fine,
RPC over HTTPS is not.
I have all the required ports opened 6001,6002 and 6004 and of course 443 to no avail.
When I run Microsoft Remote Connectivity Analyser, it comes back with an error:
==========================
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for mbenham@coeliac.org.uk.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://coeliac.org.uk/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name coeliac.org.uk in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 80.87.0.34
Testing TCP port 443 on host coeliac.org.uk to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server coeliac.org.uk on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Attempting to test potential Autodiscover URL https://autodiscover.coeliac.org.uk/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.coeliac.org.u
The host name resolved successfully.
Additional Details
IP addresses returned: 80.4.186.131
Testing TCP port 443 on host autodiscover.coeliac.org.u
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.coeliac.org.u
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.coeliac.org.uk,
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.coeliac.org.u
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=webmail.coeliac.org.uk,
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 12/31/2012 2:34:07 PM, NotAfter = 12/31/2014 2:34:07 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.coeliac.org.uk/AutoDiscover/AutoDiscover.xml for user mbenham@coeliac.org.uk.
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from IIS6.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.coeliac.org.u
The host name resolved successfully.
Additional Details
IP addresses returned: 80.4.186.131
Testing TCP port 80 on host autodiscover.coeliac.org.u
The port was opened successfully.
ExRCA is checking the host autodiscover.coeliac.org.u
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 401 Unauthorized response was received from the remote IIS6 server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.coeliac
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
==========================
I'm not sure what is wrong? How can I get this resolved?
If there is anymore information you need please let me know.
Many Thanks
ASKER
Hi Alan,
Thanks for your prompt reply. However I've already done this.
We have however decided to ignore the errors from the Microsoft Remote Connectivity Analyser and carry on with Outlook and RPC over HTTPS. So far all appears to be working fine.
Many Thanks for your response though
Thanks for your prompt reply. However I've already done this.
We have however decided to ignore the errors from the Microsoft Remote Connectivity Analyser and carry on with Outlook and RPC over HTTPS. So far all appears to be working fine.
Many Thanks for your response though
No problems. If you run the test again but specify the server rather than let Autodiscover detect it, do you still get the errors?
ASKER
Hi Alan,
Don't mind running the test again but in order to run the test I will need to enter an email address, account and password. It doesn't allow me to specify the server unless of course
there is another way to do this? Is there?
Many Thanks
Don't mind running the test again but in order to run the test I will need to enter an email address, account and password. It doesn't allow me to specify the server unless of course
there is another way to do this? Is there?
Many Thanks
No - but the site is safe to use. It is written / developed by Microsoft and I have used it with numerous credentials and never had a problem.
You can always setup a test account for the test site, then delete the account.
You can always setup a test account for the test site, then delete the account.
ASKER
Hi Alan,
Sorry for the delay in replay. I think you may have misunderstood.
>> No problems. If you run the test again but specify the server rather than let
Autodiscover
>> detect it, do you still get the errors?
I can do this with the test accounts that I've created, but it doesn't allow me to specify just the sever itself.
All appears to be working fine at the moment (RPC over HTTPS, OWA and mobile phones).
However it is still displaying an error when I perform the test above.
Bizarrely it all works though...
Many Thanks
Sorry for the delay in replay. I think you may have misunderstood.
>> No problems. If you run the test again but specify the server rather than let
Autodiscover
>> detect it, do you still get the errors?
I can do this with the test accounts that I've created, but it doesn't allow me to specify just the sever itself.
All appears to be working fine at the moment (RPC over HTTPS, OWA and mobile phones).
However it is still displaying an error when I perform the test above.
Bizarrely it all works though...
Many Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
run iisreset after changing the permissions and test again.
Alan