Solved

Why rpc over https failed on exchange server 2k3?

Posted on 2014-01-18
16
474 Views
Last Modified: 2014-02-01
This is using a single MS Exchange server 2003, in MS Windows 2003 R2 AD domain. I tried to setup rpc over https. After that, I browse to testconnectivity.microsoft.com to check, and it failed with NSPI port 6004 with error message:

  Testing the Name Service Provider Interface (NSPI) on exchange mailbox server
   An error occurred while testing the NSPI RPC endpoint

  Test steps:
  Attempting to ping NSPI RPC Endpoint 6004 (NSPI proxy interface) on server exch1.internal.local. The attempt to ping the endpoint failed.
  Additional details:
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by RPC runtime process.


Please help!
0
Comment
Question by:MichaelBalack
16 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 350 total points
ID: 39791276
Please work through the following guide and use the tool to setup your server registry to make sure it is configured properly:

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

If you get stuck, please shout.

Alan
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39791727
Hi Alan Hardisty,

On the exchange server, I can't find the registry  - NTDS for NSPI, shall I add a new one?

As for the valid ports, does it mean only have to key in exchange server in "exchange7, exchange7.abc.com, mail.abc.com" for all 6001-6002, and 6004?

    Internal ad domain - abc.com
    registered external mx record - mail.abc.com

Last question, this configuration is means for 1 server as DC and exchange, with GC. My environment consists of 2 DCs with GC, 1 exchange; Shall I include the DCs as well in the registry?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39791877
No - it should be there if you installed the RPC proxy element properly.

Did you addit via control panel> add / remove programs as per the guide?

If you did, have you rebooted the server since adding it?

Alan
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39791888
Yes, the rpc proxy was added and the server eas rebooted. The ntds registry czn only be found on dc.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39791890
I'd probably uninstall the RPC component, reboot and then re-install it then just to make sure.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39792064
Hi All,

I did so, still can not see the NTDS registry.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39793082
Found that the both DCs are using Windows 2000 with SP4, would this be the root cause?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 1

Author Comment

by:MichaelBalack
ID: 39793136
Hi Alan,

I found this article - http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21875225.html, especially the ones wrote by Kanewong. So, the NTDS registry is only can be found in DC?

It looks like I have to setup a new w2k3 DC, takes over most of the FSMOs. On Exchange, in ESM > Directory Access, change the GC to only this w2k3 DC. Secondly, on the Validports, only include w2k3 DC for the selective port numbers.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39798356
Why are you still running Windows 2000 DC's?

I'm not at all familiar with the config on a Windows 2000 Domain with Exchange 2003 I'm afraid, but upgrading the DC's to Windows 2003 does sound like a very good move.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39798917
Hi Alan,

We do not intend to upgrade the 2 existing DCs to W2K3 is due to the political issue. They are "untouchable". So, the only way is to setup a new W2K3 R2 DC. After that, how to get the Exchange server work exclusively with this new DC? Please enlighten if I may miss out anything.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 39802013
to modify domain controllers, you have to go to the properties of the exchange server in ESM and on the directory access tab, select the drop down items and uncheck "automatically discover servers"

then you can add manually
keep in mind if that manually added server goes down or otherwise not available, exchange will vomit.  it needs to keep in contact with a global catalog - especially when processing mail.  if you need to make such a change, try to keep as short as possible; not good for a long-term solution
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39802022
You can't even open a support case with Microsoft as support for Windows 2000 ended July 13, 2010. Support for Windows 2003 ends July 14, 2015. You may want to advise the geniuses that you should be planning to get off Windows 2003 right now.
http://support.microsoft.com/gp/lifean36

Sorry that this doesn't directly help solve your problem, but you are in a pretty poor spot dealing with such legacy domain controllers.
0
 
LVL 1

Assisted Solution

by:MichaelBalack
MichaelBalack earned 0 total points
ID: 39810863
Hi all,

Please see few activities I did:

a. Promote one w2k3 (w/sp2) member server as DC with GC. Disable GC on the 2 existing DCs.
    Ensure in ESM > Exch server > Directory Access, with this new dc is updated as GC.

b. On Exch server, update the registry > HKLM>Software>Microsoft>RPC>ValidPorts, change to configure this new DC with port 593, 6001-6002, and 6004.

c. On Exch > IIS > Default Web site >RPC with Cert, browse to Directory Security; revert all the settings for auth back to default (refer to link recommended by Alan)

After that, I tested testconnectivity for the Rpc-OVer-HTTP, and big surprise, all the tests passed.
0
 
LVL 1

Assisted Solution

by:MichaelBalack
MichaelBalack earned 0 total points
ID: 39810865
Hi all,

Miss out one setting on the new DC as follows:

d. On new DC, add the registry HKLM > CurrentControlSet > Services > NTDS; create a registry key - NSPI interface protocol sequences, with value - ncacn_http:6004
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39826129
It works
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now