Exchange 2003 - Outlook RPC over HTTP fails

I'm performing a migration from Exchange 2003 to Office 365.  I therefore need to get connectivity from the Internet to the Exchange server up and running.

I've installed an SSL cert from a commercial CA, and that's working fine for Outlook Web Access.  The problem is that Outlook "RPC over HTTP" connectivity isn't working, and I think this needs to work for my upcoming migration.

I've run the Outlook connectivity test at https://testconnectivity.microsoft.com, and it fails with the following message.

Testing HTTP Authentication Methods for URL https://mail.domain.co.uk/rpc/rpcproxy.dll?mail.domain.co.uk:6002.
 	The HTTP authentication test failed.
 	 Tell me more about this issue and how to resolve it
 	
	Additional Details
 	
The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
HTTP Response Headers:
MicrosoftOfficeWebServer: 5.0_Pub
Content-Length: 0
Content-Type: text/html
Date: Thu, 05 Mar 2015 08:55:10 GMT
Location: https://login.passport.com/ppsecure/secure.srf?lc=1033&id=1&ru=https://mail.domain.co.uk/rpc/rpcproxy.dll%3Fmail.johnston-engineering.co.uk:6002&tw=1800&fs=1&kv=1&ct=1425545710&cb=&seclog=10&ver=2.1.6000.1&rn=VPFW5mwl&tpf=94afb2ed470611f6228e012864f0dec3
Server: Microsoft-IIS/6.0
WWW-Authenticate: Passport1.4 lc=1033,id=1,tw=1800,fs=1,ru=https://mail.domain.co.uk/rpc/rpcproxy.dll%3Fmail.domain.co.uk:6002,ct=1425545710,kv=1,ver=2.1.6000.1,seclog=10,rn=X5lkRu!Y,tpf=653b54838becf5f2da5d2be65428b841
X-Powered-By: ASP.NET
Elapsed Time: 12844 ms.

Open in new window


If I go into IIS Manager on the server, into Default Web Site, right-click on "RPC" and choose Properties, then look at the authentication methods selected for that directory, ".NET Passport authentication" is checked, "Enable anonymous access" is unchecked, and all other methods (Integrated Windows authentication, Digest authentication, and Basic authentication) are unchecked and grayed out.

How can I get this working, please?  I just need it to work long enough to migrate the data out!
LVL 1
wakatashiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
What is the version of .net framework showing in the properties of the RPC virtual directory?

To get this working, you need basic and integrated Auth enabled.

Alan
wakatashiAuthor Commented:
Hi Alan,

Thanks for the reply.  Version of ASP.NET displayed is 1.1.4322.

Basic and Integrated auth types are grayed out, unfortunately:

Auth methods
Alan HardistyCo-OwnerCommented:
If you untick .net auth - can you then tick others?

.net 1.1 is good :)
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Put the Hammer Down
wakatashiAuthor Commented:
Hah!  Nice one Alan - I didn't think of that.  So I've now got the right authentication methods on the RPC directory.  And now it's getting past that point in the Remote Connectivity Analyser... and then failing later on!

Now it says:

	Attempting to ping the MAPI Mail Store endpoint with identity: mail.domain.co.uk:6001.
 	The attempt to ping the endpoint failed.
 	 Tell me more about this issue and how to resolve it
 	
	Additional Details
 	
The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
Elapsed Time: 3807 ms.

Open in new window

Alan HardistyCo-OwnerCommented:
Please have a read through the following article:

http://www.petri.com/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

Make sure you have the Registry settings as per the article - but with the relevant FQDN of your server instead.

If you have and it fails, then it could be a DNS issue.

Alan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wakatashiAuthor Commented:
Worked through the article, and it didn't initially work.   Your hint that DNS issues could also be involved led me to try setting up split DNS by configuring the internal DNS server to resolve the external FQDN of the server to the LAN IP address of the Exchange server.  (as in, for example, "mail.domain.co.uk --> 192.168.1.1").  This worked, and all is now up and running as it should be.  Many thanks for your help, Alan!
Alan HardistyCo-OwnerCommented:
Excellent news - well done and happy migrating to 365.  Should be plain sailing from now on, but let me know if it isn't - done a few myself so can help out if you need it.

Best wishes

Alan
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.