Solved

Connect to rpc directory

Posted on 2014-11-12
14
260 Views
Last Modified: 2014-12-13
I'm working on getting an Exchange 2003 server cut over to office 365.  I've installed and tested a certificate.  I've followed the guides for setting up RPC over http.  I can connect to OWA wither using SSL or not.

When I run an exchange connectivity test, I get an http authentication error.  If I try to browse to http(s)://mail.domainname.com/rpc I get a service unavailable screen.

I'm out of ideas here and would really like some suggestions.

I'd like to use the cutover migration rather than copying pst file because I have several remote users and export/import would severely slow the transition down.

Thanks in advance.

Results of the connectivity test...

Testing Outlook connectivity.
 The Outlook connectivity test failed.
 
Additional Details
 
Elapsed Time: 1498 ms.


 
Test Steps
 
Testing RPC over HTTP connectivity to server mail.kibel.com
 RPC over HTTP connectivity failed.
 
Additional Details
 
HTTP Response Headers:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 12 Nov 2014 21:27:04 GMT


Elapsed Time: 1498 ms.


 
Test Steps
 
Attempting to resolve the host name mail.kibel.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 100.38.142.34

Elapsed Time: 288 ms.



Testing TCP port 443 on host mail.kibel.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 171 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 393 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.kibel.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=mail.kibel.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 338 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name mail.kibel.com was found in the Certificate Subject Common name.

Elapsed Time: 0 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.kibel.com, OU=Domain Control Validated.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Elapsed Time: 20 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 3 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 11/11/2014 5:51:51 PM, NotAfter = 11/11/2015 5:51:51 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 416 ms.



Testing HTTP Authentication Methods for URL https://mail.kibel.com/rpc/rpcproxy.dll?callisto.kibel.com:6002.
 The HTTP authentication test failed.
 
Additional Details
 
A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
HTTP Response Headers:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 12 Nov 2014 21:27:04 GMT


Elapsed Time: 227 ms.
0
Comment
Question by:mrodriques
  • 7
  • 5
14 Comments
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 40440142
rpc isn't a directory but stands for remote procedure call

try this workaround
    Disable outlook anywhere using the Exchange Management Console
    Remove RPC proxy component using PowerShell servermanagercmd -r rpc-over-http-proxy
    Reboot the server
    Install RPC proxy component using PowerShell servermanagercmd -i rpc-over-http-proxy
    Enable outlook anywhere using the Exchange Management Console
    Restart the Microsoft Active Directory Topology Service
    Try the test again
0
 
LVL 3

Author Comment

by:mrodriques
ID: 40440154
You know I'm running Exchange 2003, right?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 40440294
RPC is a virtual directory on Exchange.
On Exchange 2003 RPC over HTTPS either works, or it doesn't .

The first thing I always do is remove and reinstall the component.
That basically means ensuring that you have RPC over HTTPS set to not configured in Exchange.
Use add/remove programs to remove the RPC Proxy Component. Once done, run IISRESET.
In IIS manager ensure the RPC and RPC-WITH-CERT virtual directory have gone. If not, delete them and run IISRESET to write the change back to the metabase.
Reinstall the RPC Proxy component again.

Then configure RPC over HTTPS using the registry.
http://exchange.sembee.info/2003/rpcoverhttp/rpc-http-server.asp

The registry settings are the usual issue with this feature.
The other problem is authentication based, as integrated authentication can get broken by firewalls.

Test again.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 3

Author Comment

by:mrodriques
ID: 40440941
Same error after following your suggestions.  I'm pretty sure all ports are open in the firewall.  I know for sure 6002 is.  Is there a listing somewhere that I can check against?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40441061
You don't need to open any ports on the firewall. It is designed to operate over port 443 only, nothing else. Ports 600x are internal only ports.

Simon.
0
 
LVL 3

Author Comment

by:mrodriques
ID: 40441081
443 is open for sure on the firewall.
0
 
LVL 3

Author Comment

by:mrodriques
ID: 40441096
Bypass the firewall completely and get the same set of errors when testing.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40442967
If you test it internally, what happens? You will need to use Outlook and probably a split DNS so that the SSL certificate works internally.

Simon.
0
 
LVL 3

Author Comment

by:mrodriques
ID: 40443714
returns a service unavailable error as well.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40445541
Any proxy involved anywhere?
Something has to be interfering.

Simon.
0
 
LVL 3

Author Comment

by:mrodriques
ID: 40445715
All incoming mail is sent through McAfee (offsite malware and spam filters), but would that be something that would interfere here?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40452064
Mail flow has nothing to do with it.
It is web traffic you have to look at.

Simon.
0
 
LVL 3

Author Comment

by:mrodriques
ID: 40494135
None of the suggestions to date have worked, but I thank everyone for trying.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question