Solved

Exchange 2013 RPC Can't Be Pinged

Posted on 2014-01-23
16
4,918 Views
Last Modified: 2014-02-07
So, I have an Exchange 2013 server which I'm having a really difficult time setting up RPC over HTTP.

testconnectivity.microsoft.com tells me the following:


Attempting to ping RPC proxy ex1.domain.com.
 	RPC Proxy can't be pinged.
 	
	Additional Details
 	
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Headers received:
request-id: 4065cd00-7187-4982-93a8-38d005724f98
X-CasErrorCode: EndpointNotFound
X-FEServer: EX1
Content-Length: 0
Cache-Control: private
Date: Thu, 23 Jan 2014 16:48:31 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 86 ms.

Open in new window



Here is a dump of get-outlookanywhere

RunspaceId                         : 32e9a446-1d08-4313-a568-ce6c028b6059
ServerName                         : EX1
SSLOffloading                      : True
ExternalHostname                   : ex1.domain.com
InternalHostname                   : ex1.domain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://ex1.domain.int/W3SVC/1/ROOT/Rpc
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 516.32)
Server                             : EX1
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=EX1,CN=Servers,CN=Exchange
                                     Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=int
Identity                           : EX1\Rpc (Default Web Site)
Guid                               : 250a8b59-b607-40d9-a48b-258a2fb0a757
ObjectCategory                     : domain.int/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 1/23/2014 9:59:05 AM
WhenCreated                        : 12/10/2013 7:09:19 PM
WhenChangedUTC                     : 1/23/2014 3:59:05 PM
WhenCreatedUTC                     : 12/11/2013 1:09:19 AM
OrganizationId                     :
OriginatingServer                  : dc1.domain.int
IsValid                            : True
ObjectState                        : Changed

Open in new window


get-outlookprovider dumps the following (I have a wildcard cert).

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                        msstd:*.domain.com         1
EXPR                                                        msstd:*.domain.com          1
WEB                                                                                       1

Open in new window


That's about it.  I can't get RPC to do what I want, when I want it to so I'm stuck until this is fixed.
0
Comment
Question by:deltaend
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 3
16 Comments
 

Author Comment

by:deltaend
ID: 39803743
I should also note that I have a DNS system internally that routes things locally as if they were externally, so ex1.domain.com should work no matter where the location is.  Ex1.domain.com has been setup in both external and internal DNS records, as well as punching holes in the hardware firewall.  Right now, the internal firewall is completely off and I have the server sitting in a DMZ because I've had so many issues with it.
0
 
LVL 14

Expert Comment

by:Andy M
ID: 39803806
From a basic starting point if you do an nslookup on both an internal and external computer does the Exchange server resolve to the correct IP addresses?

Are the relevant ports (25 & 443) forwarded to the server correctly on the firewall?

Does webmail/OWA work both internally and externally?
0
 

Author Comment

by:deltaend
ID: 39803840
Yes to all questions.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:deltaend
ID: 39803869
Here is a dump from the test site:

	Test Steps
 	
	Attempting to resolve the host name ex1.domain.com in DNS.
 	The host name resolved successfully.
 	
	Additional Details
	Testing TCP port 443 on host ex1.domain.com to ensure it's listening and open.
 	The port was opened successfully.
 	
	Additional Details
	Testing the SSL certificate to make sure it's valid.
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
	Test Steps
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.
 	
	Additional Details
	Testing HTTP Authentication Methods for URL https://ex1.domain.com/rpc/rpcproxy.dll?ex1.domain.com:6002.
 	The HTTP authentication methods are correct.
 	
	Additional Details
	Attempting to ping RPC proxy ex1.domain.com.
 	RPC Proxy can't be pinged.
 	
	Additional Details
 	
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Headers received:
request-id: 4065cd00-7187-4982-93a8-38d005724f98
X-CasErrorCode: EndpointNotFound
X-FEServer: EX1
Content-Length: 0
Cache-Control: private
Date: Thu, 23 Jan 2014 16:48:31 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 86 ms.

Open in new window

0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39803885
Did you use Exchange or IIS to setup the SSL certificate?
This looks like you have bound the SSL certificate to the WRONG web site. There are two in an Exchange 2013 deployment.

Simon.
0
 

Author Comment

by:deltaend
ID: 39803899
I added the SSL cert through IIS.  I know that there are certs in ECP (EAC) but I wasn't aware that they had to be added there if they were already added through IIS.  If I add the same cert through ECP, you think that this will solve my issues?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39803987
The problem was doing anything in IIS manager for the SSL certificates.
You should have done it through Exchange. The result is the same, but Exchange ensures they go in to the correct places.

Therefore I would go in to EMC, look at the certificates and ensure that your trusted SSL certificate is bound to the IIS service.

Which web site did you put the trusted SSL certificate on?

Simon.
0
 

Author Comment

by:deltaend
ID: 39803996
Default and Exchange Back End, I used the same *.domain.com wildcard SSL for both.

If the end result is the same, how do you know immediately that I didn't add it in the correct places?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39804025
What I meant by the end result being the same, is that it is installed in to IIS manager so it is available to the web service. However by doing so through Exchange you ensure it is bound to the correct Exchange services.

Simon.
0
 

Author Comment

by:deltaend
ID: 39804032
Well, don't go anywhere... give me a minute and I'll install it and see if the problem goes away.
0
 

Author Comment

by:deltaend
ID: 39804258
Nope, no joy.
0
 

Accepted Solution

by:
deltaend earned 0 total points
ID: 39804717
Got it sorted out.  

For the record, I'm not entirely sure what my problem was.  My biggest issues were with the eternal client authentication being on negotiate instead of basic.  I'm unsure if the install of the certificate into Exchange helped with my issue, but it DID help with the setting of the SMTP/POP/IMAP SSL cert which would not have been set correctly without this (partial credit).  In addtion, I needed a healthy SRV record "_autodiscover._tcp 0 0 443 ex1.domain.com", and mostly I needed to wait for Microsoft's testconnectivity.microsoft.com site to expire their cache as updates to my Exchange enviroment didn't reflect immediately there which was frustrating.
0
 

Author Comment

by:deltaend
ID: 39814561
I found the final solution myself.
0
 

Author Comment

by:deltaend
ID: 39829118
I understand. Thank you.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question