Solved

Exchange 2003 Outook Anywhere setup issues - RPC Endpoint 6002 failed

Posted on 2013-07-01
20
2,180 Views
Last Modified: 2013-07-10
Hi,

I am attempting to get a Windows Server 2003 SR2 machine w/ Exchange 2003 SP2 machine ready for a staged migration to Office 365.  I am having issues w/ Outlook Anywhere not testing out correctly on the Microsoft Remote Connectivity Analyzer site.  Here is what I get:

      Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.domain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
      Testing HTTP Authentication Methods for URL https://mail.domain.com/rpc/rpcproxy.dll?servername5:6002.
       The HTTP authentication methods are correct.
       
      Additional Details
      Testing SSL mutual authentication with the RPC proxy server.
       Mutual authentication was verified successfully.
       
      Additional Details
      Attempting to ping RPC proxy mail.domain.com.
       RPC Proxy was pinged successfully.
       
      Additional Details
      Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server servername5.
       The endpoint was pinged successfully.
       
      Additional Details
      Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
       The NSPI interface was tested successfully.
       
      Test Steps
      Testing the Referral service on the Exchange Mailbox server.
       An error occurred while the Referral service was being tested.
       
      Test Steps
       
      Attempting to ping RPC endpoint 6002 (Referral Interface) on server servername5.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.

I changed the servername and host name above in this post as you will see.  I have tried several items but can't seem to get it working the rest of the way.  Any additional help is appreciated.
0
Comment
Question by:ggoble
  • 11
  • 9
20 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39292305
Looks like port 6002 is not available through the firewall.
0
 

Author Comment

by:ggoble
ID: 39292308
With RPC over HTTP I thought it only used port 80 or 443 through the firewall
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39292320
Ports 6001, 6002 and 6004 are used in addition to 443 between the cas servers and mailbox servers. As you are using Office 365 as your front/cas servers you need the additional ports to allow it to talk to your mailbox servers.

http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx
0
 

Author Comment

by:ggoble
ID: 39292338
We have only 1 onsite Windows 2003 R2 server w/ exchange 2003 installed.  So there would be no firewall issue there.  It also holds all the FSMO Roles.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39292614
Are you entering the correct details in the connectivity analyzer. Are you specifying server settings manually on the second page.


RPC proxy serer: your public dns record for your exchange (as in your SSL cert)
Exchange server: Internal name of your mailbox server
Mutual auth principal name: msstd: public cert name

Auth must be set to basic
0
 

Author Comment

by:ggoble
ID: 39293355
Details are being entered correctly in connectivity analyzer like you listed, I am specifying server settings manually, and auth is basic.
0
 
LVL 14

Assisted Solution

by:Raj-GT
Raj-GT earned 500 total points
ID: 39293565
Can you double check that RPC over HTTP is enabled in your environment as per the guides below.

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

http://support.microsoft.com/kb/833401
0
 

Author Comment

by:ggoble
ID: 39293962
I just reviewed all of them and they are correct.  Only thing that also may be an issue is that some guides I used said I needed to match the RpcWithCert settings to the Rpc settings in the IIS Manager.  This one said to leave it alone.  I tried to put those back to defaults from memory but it didn't help  What should they be set to?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39294545
I beleive both Rpcwithcert and rpc virtual directories should have the same settings.

http://technet.microsoft.com/en-us/library/gg263433(v=exchg.80).aspx
0
 

Author Comment

by:ggoble
ID: 39295449
I tried setting the same, tried setting to match the 2008 settings in that article, etc... didn't change anything so I don't think that is the problem.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Expert Comment

by:Raj-GT
ID: 39295847
Make sure your firewall is pointing to the right server (try OWA from outside to confirm). I would also recommend using the guides below to verify the settings yet again. The authentication setting should be set to basic for both PRC and RPCwithCERT virtual directories.

http://www.techrepublic.com/article/step-by-step-proper-setup-of-the-exchange-rpc-server/5166366

http://technet.microsoft.com/en-us/library/aa998950%28EXCHG.65%29.aspx

Can you try browsing the rpc site from inside the network. (https://servername/rpc)

If the above doesn't work, I would recommend uninstalling RPC-HTTP from Windows, delete both RPC virtual directories and start the configuration from the beginning.
0
 

Author Comment

by:ggoble
ID: 39296743
OWA Site is working fine, firewall is pointing correctly.

Auth setting is set correctly.

I tried browsing to the https://mail.domain.com/RPC site from a PC and get a login prompt, but it fails to login after 3 attempts each time with known good credentials.
However, since I am using Exch 2k3 SP2 I seen that I should use
https://mail.domain.com/rpc/rpcproxy.dll  and that logs in and brings up a blank screen.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39296825
Have you tried connecting w
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39296843
Have you tried connecting with Outlook over HTTP from inside the network? Looks like it should work.
0
 

Author Comment

by:ggoble
ID: 39296867
I just ran rpcdump.exe /v and don't see port 6002 listening on there, just 6001 and 6004 That has to be part of the problem.
0
 

Author Comment

by:ggoble
ID: 39296975
OK, I ran -
netstat -ano |findstr 6002
 to get the PID of the task running on 6002

Then Ran
tasklist /fi "PID eq ####"
  #'s being the result in the first command and found out that I have spnsrvnt.exe running on port 6002.  It is a Safenet Sentenial Service probably for our software keys plugged into the server.  

Not sure if I can move those yet or not or if I can run the RPC that requires 6002 on a different port?
0
 

Accepted Solution

by:
ggoble earned 0 total points
ID: 39296995
This is my exact problem, looks like I need to remove the sentenial app from the server and put it somewhere else:

http://forums.msexchange.org/m_1800496597/mpage_1/key_Rpc%2cOver%2cHttp/tm.htm#1800497445
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39297702
Do'h. You didn't mention anything about using that server for something else. :-)

Anyway, you can always use the HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\RpcProxy registry key to move the RPC ports.
0
 

Author Comment

by:ggoble
ID: 39302240
Ya, well small businesses don't get to have a server dedicated for everything.  I didn't even know this app was on there until I found it listening on that port.

After we moved the sentenial driver and keys to another machine it worked.
0
 

Author Closing Comment

by:ggoble
ID: 39313542
I found the problem myself after troublshooting through all the steps again.  The guides provided helped point me in the right direction.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now