Solved

Exchange 2013 RPC Can't Be Pinged

Posted on 2014-01-23
16
4,507 Views
Last Modified: 2014-02-07
So, I have an Exchange 2013 server which I'm having a really difficult time setting up RPC over HTTP.

testconnectivity.microsoft.com tells me the following:


Attempting to ping RPC proxy ex1.domain.com.
 	RPC Proxy can't be pinged.
 	
	Additional Details
 	
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Headers received:
request-id: 4065cd00-7187-4982-93a8-38d005724f98
X-CasErrorCode: EndpointNotFound
X-FEServer: EX1
Content-Length: 0
Cache-Control: private
Date: Thu, 23 Jan 2014 16:48:31 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 86 ms.

Open in new window



Here is a dump of get-outlookanywhere

RunspaceId                         : 32e9a446-1d08-4313-a568-ce6c028b6059
ServerName                         : EX1
SSLOffloading                      : True
ExternalHostname                   : ex1.domain.com
InternalHostname                   : ex1.domain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://ex1.domain.int/W3SVC/1/ROOT/Rpc
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 516.32)
Server                             : EX1
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=EX1,CN=Servers,CN=Exchange
                                     Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=int
Identity                           : EX1\Rpc (Default Web Site)
Guid                               : 250a8b59-b607-40d9-a48b-258a2fb0a757
ObjectCategory                     : domain.int/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 1/23/2014 9:59:05 AM
WhenCreated                        : 12/10/2013 7:09:19 PM
WhenChangedUTC                     : 1/23/2014 3:59:05 PM
WhenCreatedUTC                     : 12/11/2013 1:09:19 AM
OrganizationId                     :
OriginatingServer                  : dc1.domain.int
IsValid                            : True
ObjectState                        : Changed

Open in new window


get-outlookprovider dumps the following (I have a wildcard cert).

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                        msstd:*.domain.com         1
EXPR                                                        msstd:*.domain.com          1
WEB                                                                                       1

Open in new window


That's about it.  I can't get RPC to do what I want, when I want it to so I'm stuck until this is fixed.
0
Comment
Question by:deltaend
  • 10
  • 3
16 Comments
 

Author Comment

by:deltaend
Comment Utility
I should also note that I have a DNS system internally that routes things locally as if they were externally, so ex1.domain.com should work no matter where the location is.  Ex1.domain.com has been setup in both external and internal DNS records, as well as punching holes in the hardware firewall.  Right now, the internal firewall is completely off and I have the server sitting in a DMZ because I've had so many issues with it.
0
 
LVL 13

Expert Comment

by:Andy M
Comment Utility
From a basic starting point if you do an nslookup on both an internal and external computer does the Exchange server resolve to the correct IP addresses?

Are the relevant ports (25 & 443) forwarded to the server correctly on the firewall?

Does webmail/OWA work both internally and externally?
0
 

Author Comment

by:deltaend
Comment Utility
Yes to all questions.
0
 

Author Comment

by:deltaend
Comment Utility
Here is a dump from the test site:

	Test Steps
 	
	Attempting to resolve the host name ex1.domain.com in DNS.
 	The host name resolved successfully.
 	
	Additional Details
	Testing TCP port 443 on host ex1.domain.com to ensure it's listening and open.
 	The port was opened successfully.
 	
	Additional Details
	Testing the SSL certificate to make sure it's valid.
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
	Test Steps
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.
 	
	Additional Details
	Testing HTTP Authentication Methods for URL https://ex1.domain.com/rpc/rpcproxy.dll?ex1.domain.com:6002.
 	The HTTP authentication methods are correct.
 	
	Additional Details
	Attempting to ping RPC proxy ex1.domain.com.
 	RPC Proxy can't be pinged.
 	
	Additional Details
 	
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Headers received:
request-id: 4065cd00-7187-4982-93a8-38d005724f98
X-CasErrorCode: EndpointNotFound
X-FEServer: EX1
Content-Length: 0
Cache-Control: private
Date: Thu, 23 Jan 2014 16:48:31 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 86 ms.

Open in new window

0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Did you use Exchange or IIS to setup the SSL certificate?
This looks like you have bound the SSL certificate to the WRONG web site. There are two in an Exchange 2013 deployment.

Simon.
0
 

Author Comment

by:deltaend
Comment Utility
I added the SSL cert through IIS.  I know that there are certs in ECP (EAC) but I wasn't aware that they had to be added there if they were already added through IIS.  If I add the same cert through ECP, you think that this will solve my issues?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The problem was doing anything in IIS manager for the SSL certificates.
You should have done it through Exchange. The result is the same, but Exchange ensures they go in to the correct places.

Therefore I would go in to EMC, look at the certificates and ensure that your trusted SSL certificate is bound to the IIS service.

Which web site did you put the trusted SSL certificate on?

Simon.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 

Author Comment

by:deltaend
Comment Utility
Default and Exchange Back End, I used the same *.domain.com wildcard SSL for both.

If the end result is the same, how do you know immediately that I didn't add it in the correct places?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
What I meant by the end result being the same, is that it is installed in to IIS manager so it is available to the web service. However by doing so through Exchange you ensure it is bound to the correct Exchange services.

Simon.
0
 

Author Comment

by:deltaend
Comment Utility
Well, don't go anywhere... give me a minute and I'll install it and see if the problem goes away.
0
 

Author Comment

by:deltaend
Comment Utility
Nope, no joy.
0
 

Accepted Solution

by:
deltaend earned 0 total points
Comment Utility
Got it sorted out.  

For the record, I'm not entirely sure what my problem was.  My biggest issues were with the eternal client authentication being on negotiate instead of basic.  I'm unsure if the install of the certificate into Exchange helped with my issue, but it DID help with the setting of the SMTP/POP/IMAP SSL cert which would not have been set correctly without this (partial credit).  In addtion, I needed a healthy SRV record "_autodiscover._tcp 0 0 443 ex1.domain.com", and mostly I needed to wait for Microsoft's testconnectivity.microsoft.com site to expire their cache as updates to my Exchange enviroment didn't reflect immediately there which was frustrating.
0
 

Author Comment

by:deltaend
Comment Utility
I found the final solution myself.
0
 

Author Comment

by:deltaend
Comment Utility
I understand. Thank you.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now