[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Why rpc over https failed on exchange server 2k3?

Posted on 2014-01-18
16
Medium Priority
?
489 Views
Last Modified: 2014-02-01
This is using a single MS Exchange server 2003, in MS Windows 2003 R2 AD domain. I tried to setup rpc over https. After that, I browse to testconnectivity.microsoft.com to check, and it failed with NSPI port 6004 with error message:

  Testing the Name Service Provider Interface (NSPI) on exchange mailbox server
   An error occurred while testing the NSPI RPC endpoint

  Test steps:
  Attempting to ping NSPI RPC Endpoint 6004 (NSPI proxy interface) on server exch1.internal.local. The attempt to ping the endpoint failed.
  Additional details:
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by RPC runtime process.


Please help!
0
Comment
Question by:MichaelBalack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1400 total points
ID: 39791276
Please work through the following guide and use the tool to setup your server registry to make sure it is configured properly:

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

If you get stuck, please shout.

Alan
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39791727
Hi Alan Hardisty,

On the exchange server, I can't find the registry  - NTDS for NSPI, shall I add a new one?

As for the valid ports, does it mean only have to key in exchange server in "exchange7, exchange7.abc.com, mail.abc.com" for all 6001-6002, and 6004?

    Internal ad domain - abc.com
    registered external mx record - mail.abc.com

Last question, this configuration is means for 1 server as DC and exchange, with GC. My environment consists of 2 DCs with GC, 1 exchange; Shall I include the DCs as well in the registry?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39791877
No - it should be there if you installed the RPC proxy element properly.

Did you addit via control panel> add / remove programs as per the guide?

If you did, have you rebooted the server since adding it?

Alan
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:MichaelBalack
ID: 39791888
Yes, the rpc proxy was added and the server eas rebooted. The ntds registry czn only be found on dc.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39791890
I'd probably uninstall the RPC component, reboot and then re-install it then just to make sure.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39792064
Hi All,

I did so, still can not see the NTDS registry.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39793082
Found that the both DCs are using Windows 2000 with SP4, would this be the root cause?
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39793136
Hi Alan,

I found this article - http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21875225.html, especially the ones wrote by Kanewong. So, the NTDS registry is only can be found in DC?

It looks like I have to setup a new w2k3 DC, takes over most of the FSMOs. On Exchange, in ESM > Directory Access, change the GC to only this w2k3 DC. Secondly, on the Validports, only include w2k3 DC for the selective port numbers.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39798356
Why are you still running Windows 2000 DC's?

I'm not at all familiar with the config on a Windows 2000 Domain with Exchange 2003 I'm afraid, but upgrading the DC's to Windows 2003 does sound like a very good move.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39798917
Hi Alan,

We do not intend to upgrade the 2 existing DCs to W2K3 is due to the political issue. They are "untouchable". So, the only way is to setup a new W2K3 R2 DC. After that, how to get the Exchange server work exclusively with this new DC? Please enlighten if I may miss out anything.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39802013
to modify domain controllers, you have to go to the properties of the exchange server in ESM and on the directory access tab, select the drop down items and uncheck "automatically discover servers"

then you can add manually
keep in mind if that manually added server goes down or otherwise not available, exchange will vomit.  it needs to keep in contact with a global catalog - especially when processing mail.  if you need to make such a change, try to keep as short as possible; not good for a long-term solution
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39802022
You can't even open a support case with Microsoft as support for Windows 2000 ended July 13, 2010. Support for Windows 2003 ends July 14, 2015. You may want to advise the geniuses that you should be planning to get off Windows 2003 right now.
http://support.microsoft.com/gp/lifean36

Sorry that this doesn't directly help solve your problem, but you are in a pretty poor spot dealing with such legacy domain controllers.
0
 
LVL 1

Assisted Solution

by:MichaelBalack
MichaelBalack earned 0 total points
ID: 39810863
Hi all,

Please see few activities I did:

a. Promote one w2k3 (w/sp2) member server as DC with GC. Disable GC on the 2 existing DCs.
    Ensure in ESM > Exch server > Directory Access, with this new dc is updated as GC.

b. On Exch server, update the registry > HKLM>Software>Microsoft>RPC>ValidPorts, change to configure this new DC with port 593, 6001-6002, and 6004.

c. On Exch > IIS > Default Web site >RPC with Cert, browse to Directory Security; revert all the settings for auth back to default (refer to link recommended by Alan)

After that, I tested testconnectivity for the Rpc-OVer-HTTP, and big surprise, all the tests passed.
0
 
LVL 1

Assisted Solution

by:MichaelBalack
MichaelBalack earned 0 total points
ID: 39810865
Hi all,

Miss out one setting on the new DC as follows:

d. On new DC, add the registry HKLM > CurrentControlSet > Services > NTDS; create a registry key - NSPI interface protocol sequences, with value - ncacn_http:6004
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39826129
It works
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question