[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

Why rpc over https failed on exchange server 2k3?

This is using a single MS Exchange server 2003, in MS Windows 2003 R2 AD domain. I tried to setup rpc over https. After that, I browse to testconnectivity.microsoft.com to check, and it failed with NSPI port 6004 with error message:

  Testing the Name Service Provider Interface (NSPI) on exchange mailbox server
   An error occurred while testing the NSPI RPC endpoint

  Test steps:
  Attempting to ping NSPI RPC Endpoint 6004 (NSPI proxy interface) on server exch1.internal.local. The attempt to ping the endpoint failed.
  Additional details:
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by RPC runtime process.


Please help!
0
MichaelBalack
Asked:
MichaelBalack
3 Solutions
 
Alan HardistyCommented:
Please work through the following guide and use the tool to setup your server registry to make sure it is configured properly:

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

If you get stuck, please shout.

Alan
0
 
MichaelBalackAuthor Commented:
Hi Alan Hardisty,

On the exchange server, I can't find the registry  - NTDS for NSPI, shall I add a new one?

As for the valid ports, does it mean only have to key in exchange server in "exchange7, exchange7.abc.com, mail.abc.com" for all 6001-6002, and 6004?

    Internal ad domain - abc.com
    registered external mx record - mail.abc.com

Last question, this configuration is means for 1 server as DC and exchange, with GC. My environment consists of 2 DCs with GC, 1 exchange; Shall I include the DCs as well in the registry?
0
 
Alan HardistyCommented:
No - it should be there if you installed the RPC proxy element properly.

Did you addit via control panel> add / remove programs as per the guide?

If you did, have you rebooted the server since adding it?

Alan
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
MichaelBalackAuthor Commented:
Yes, the rpc proxy was added and the server eas rebooted. The ntds registry czn only be found on dc.
0
 
Alan HardistyCommented:
I'd probably uninstall the RPC component, reboot and then re-install it then just to make sure.
0
 
MichaelBalackAuthor Commented:
Hi All,

I did so, still can not see the NTDS registry.
0
 
MichaelBalackAuthor Commented:
Found that the both DCs are using Windows 2000 with SP4, would this be the root cause?
0
 
MichaelBalackAuthor Commented:
Hi Alan,

I found this article - http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21875225.html, especially the ones wrote by Kanewong. So, the NTDS registry is only can be found in DC?

It looks like I have to setup a new w2k3 DC, takes over most of the FSMOs. On Exchange, in ESM > Directory Access, change the GC to only this w2k3 DC. Secondly, on the Validports, only include w2k3 DC for the selective port numbers.
0
 
Alan HardistyCommented:
Why are you still running Windows 2000 DC's?

I'm not at all familiar with the config on a Windows 2000 Domain with Exchange 2003 I'm afraid, but upgrading the DC's to Windows 2003 does sound like a very good move.
0
 
MichaelBalackAuthor Commented:
Hi Alan,

We do not intend to upgrade the 2 existing DCs to W2K3 is due to the political issue. They are "untouchable". So, the only way is to setup a new W2K3 R2 DC. After that, how to get the Exchange server work exclusively with this new DC? Please enlighten if I may miss out anything.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
to modify domain controllers, you have to go to the properties of the exchange server in ESM and on the directory access tab, select the drop down items and uncheck "automatically discover servers"

then you can add manually
keep in mind if that manually added server goes down or otherwise not available, exchange will vomit.  it needs to keep in contact with a global catalog - especially when processing mail.  if you need to make such a change, try to keep as short as possible; not good for a long-term solution
0
 
kevinhsiehCommented:
You can't even open a support case with Microsoft as support for Windows 2000 ended July 13, 2010. Support for Windows 2003 ends July 14, 2015. You may want to advise the geniuses that you should be planning to get off Windows 2003 right now.
http://support.microsoft.com/gp/lifean36

Sorry that this doesn't directly help solve your problem, but you are in a pretty poor spot dealing with such legacy domain controllers.
0
 
MichaelBalackAuthor Commented:
Hi all,

Please see few activities I did:

a. Promote one w2k3 (w/sp2) member server as DC with GC. Disable GC on the 2 existing DCs.
    Ensure in ESM > Exch server > Directory Access, with this new dc is updated as GC.

b. On Exch server, update the registry > HKLM>Software>Microsoft>RPC>ValidPorts, change to configure this new DC with port 593, 6001-6002, and 6004.

c. On Exch > IIS > Default Web site >RPC with Cert, browse to Directory Security; revert all the settings for auth back to default (refer to link recommended by Alan)

After that, I tested testconnectivity for the Rpc-OVer-HTTP, and big surprise, all the tests passed.
0
 
MichaelBalackAuthor Commented:
Hi all,

Miss out one setting on the new DC as follows:

d. On new DC, add the registry HKLM > CurrentControlSet > Services > NTDS; create a registry key - NSPI interface protocol sequences, with value - ncacn_http:6004
0
 
MichaelBalackAuthor Commented:
It works
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now