Solved

Outlook 2007 RPC over HTTP Not Working

Posted on 2016-08-24
8
63 Views
1 Endorsement
Last Modified: 2016-09-11
Hello,

We have 2 other PCs set up with RPC over HTTP running Outlook 2007, which are working fine.  However, there is one that keeps getting the error "The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action." when the username and password are entered.

I followed the same steps I did on the other 2 PCs that are working fine.  There is no encryption.

Thank you for your help.
1
Comment
Question by:JParra72
8 Comments
 
LVL 15

Expert Comment

by:Ivan
ID: 41769457
Hi,

that 3rd computer is same as 2 other, domain joined or not? On same network, same DNS settings?

Regards,
Ivan.
0
 

Author Comment

by:JParra72
ID: 41769458
All 3 PCs are outside of the domain.  Meaning, they are offsite not in our office.  That's why they need to use RPC over HTTP.

Thanks!
0
 
LVL 7

Expert Comment

by:Scobber
ID: 41770437
I thought owa mandates the use of ssl for rpc over http

If be looking at certificate trust.

FYI the computers being outside the domain is no excuse for a poorly implemented exchange server.
When configured correctly outlook does not care if the machine is joined to the domain or not. It makes no difference
0
 

Author Comment

by:JParra72
ID: 41770505
Why would it work on one PC and not on the other?  If it works on one PC then everything should be ok, right?  On the PC with the issue, the security certificate is installed.  I verified this using certmgr.msc,  it is installed in the "Trusted Root Certification Authority" folder.

When I was setting up the profile manually, in the connection tab, the checkbox regarding encryption is unchecked because that is the way the others are set up and working.

Thanks
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 7

Expert Comment

by:Scobber
ID: 41770519
You should have settings on your rpc endpoint matching your client
Typically your authentication should be set to basic and the proxy settings set to SSL you can turn off certificate verification etc...

Open the proxy address in IE
do you get a certificate error?
Does the iis server serve a page??

You might have to check the advanced tab in the ie settings, go to security, and check your ciphers

SSL 2 / 3 have vulnerabilities and should not be used inside of testing so enable them along with tls 1,1.1,1.2. Restart and test your outlook client

If that works you need to fix your cipher suites and disable ssl on your server while keeping Tls enabled

Http://www.ssllabs.com is a good resource for testing the strength of your ssl implementation


As far as your certificates go are they CA issued? Or self signed?
Are they public CA or Enterprise CA
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 41770549
"it is installed in the "Trusted Root Certification Authority" folder."

That sounds like you are using an internally issued certificate or the self signed certificate generated by Exchange, as there should be nothing to install on the clients.

Outlook Anywhere is not supported with the self signed certificate generated by Exchange 2007 and higher.
Furthermore, if you are using Exchange 2007 you should check that Autodiscover is working correctly.

If you aren't using a trusted SSL certificate, I suggest that you deploy one.
0
 

Author Comment

by:JParra72
ID: 41787926
The server is Exchange 2003
0
 
LVL 7

Accepted Solution

by:
Scobber earned 500 total points
ID: 41789140
Shouldn't matter, open internet information services and check the auth settings on your virtual directories.

Usually it will be either basic or ntlm

Basic forces SSL ntlm does not

Don't use digest

How's your patches going? At some point Windows won't trust 1024 bit SSL and this needs to be fixed

Anther potential problem is deprecation of security ciphers
https://community.qualys.com/thread/14251

For example

If SSL 3 has been disabled on the client due to its weakness and your server wants SSL 3 clients won't connect

These are the pains of using out of support software
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now