Solved

Why rpc over https failed on exchange server 2k3?

Posted on 2014-01-18
16
472 Views
Last Modified: 2014-02-01
This is using a single MS Exchange server 2003, in MS Windows 2003 R2 AD domain. I tried to setup rpc over https. After that, I browse to testconnectivity.microsoft.com to check, and it failed with NSPI port 6004 with error message:

  Testing the Name Service Provider Interface (NSPI) on exchange mailbox server
   An error occurred while testing the NSPI RPC endpoint

  Test steps:
  Attempting to ping NSPI RPC Endpoint 6004 (NSPI proxy interface) on server exch1.internal.local. The attempt to ping the endpoint failed.
  Additional details:
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by RPC runtime process.


Please help!
0
Comment
Question by:MichaelBalack
16 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 350 total points
Comment Utility
Please work through the following guide and use the tool to setup your server registry to make sure it is configured properly:

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

If you get stuck, please shout.

Alan
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi Alan Hardisty,

On the exchange server, I can't find the registry  - NTDS for NSPI, shall I add a new one?

As for the valid ports, does it mean only have to key in exchange server in "exchange7, exchange7.abc.com, mail.abc.com" for all 6001-6002, and 6004?

    Internal ad domain - abc.com
    registered external mx record - mail.abc.com

Last question, this configuration is means for 1 server as DC and exchange, with GC. My environment consists of 2 DCs with GC, 1 exchange; Shall I include the DCs as well in the registry?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No - it should be there if you installed the RPC proxy element properly.

Did you addit via control panel> add / remove programs as per the guide?

If you did, have you rebooted the server since adding it?

Alan
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Yes, the rpc proxy was added and the server eas rebooted. The ntds registry czn only be found on dc.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
I'd probably uninstall the RPC component, reboot and then re-install it then just to make sure.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi All,

I did so, still can not see the NTDS registry.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Found that the both DCs are using Windows 2000 with SP4, would this be the root cause?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi Alan,

I found this article - http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21875225.html, especially the ones wrote by Kanewong. So, the NTDS registry is only can be found in DC?

It looks like I have to setup a new w2k3 DC, takes over most of the FSMOs. On Exchange, in ESM > Directory Access, change the GC to only this w2k3 DC. Secondly, on the Validports, only include w2k3 DC for the selective port numbers.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Why are you still running Windows 2000 DC's?

I'm not at all familiar with the config on a Windows 2000 Domain with Exchange 2003 I'm afraid, but upgrading the DC's to Windows 2003 does sound like a very good move.
0
 
LVL 1

Author Comment

by:MichaelBalack
Comment Utility
Hi Alan,

We do not intend to upgrade the 2 existing DCs to W2K3 is due to the political issue. They are "untouchable". So, the only way is to setup a new W2K3 R2 DC. After that, how to get the Exchange server work exclusively with this new DC? Please enlighten if I may miss out anything.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
to modify domain controllers, you have to go to the properties of the exchange server in ESM and on the directory access tab, select the drop down items and uncheck "automatically discover servers"

then you can add manually
keep in mind if that manually added server goes down or otherwise not available, exchange will vomit.  it needs to keep in contact with a global catalog - especially when processing mail.  if you need to make such a change, try to keep as short as possible; not good for a long-term solution
0
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
You can't even open a support case with Microsoft as support for Windows 2000 ended July 13, 2010. Support for Windows 2003 ends July 14, 2015. You may want to advise the geniuses that you should be planning to get off Windows 2003 right now.
http://support.microsoft.com/gp/lifean36

Sorry that this doesn't directly help solve your problem, but you are in a pretty poor spot dealing with such legacy domain controllers.
0
 
LVL 1

Assisted Solution

by:MichaelBalack
MichaelBalack earned 0 total points
Comment Utility
Hi all,

Please see few activities I did:

a. Promote one w2k3 (w/sp2) member server as DC with GC. Disable GC on the 2 existing DCs.
    Ensure in ESM > Exch server > Directory Access, with this new dc is updated as GC.

b. On Exch server, update the registry > HKLM>Software>Microsoft>RPC>ValidPorts, change to configure this new DC with port 593, 6001-6002, and 6004.

c. On Exch > IIS > Default Web site >RPC with Cert, browse to Directory Security; revert all the settings for auth back to default (refer to link recommended by Alan)

After that, I tested testconnectivity for the Rpc-OVer-HTTP, and big surprise, all the tests passed.
0
 
LVL 1

Assisted Solution

by:MichaelBalack
MichaelBalack earned 0 total points
Comment Utility
Hi all,

Miss out one setting on the new DC as follows:

d. On new DC, add the registry HKLM > CurrentControlSet > Services > NTDS; create a registry key - NSPI interface protocol sequences, with value - ncacn_http:6004
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
Comment Utility
It works
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now