Link to home
Start Free TrialLog in
Avatar of Ahmed Al-Takrouri
Ahmed Al-TakrouriFlag for Canada

asked on

Microsoft Remote Connectivity Analyzer

I have a problem when I try to test any account via Microsoft's  testconnectivity choosing "Outlook connectivity" below error occurred.

Testing Outlook connectivity. when i expend i get the following,

Warning on 

"Certificate trust is being validated --> Analyzing the certificate chains for compatibility problems with versions of Windows. --> The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled. 


Testing RPC over HTTP connectivity to server --> Attempting to ping the MAPI Mail Store endpoint with identity:


I dont have any issues either with ActiveSnc (via phone) nor with Outlook setup (autodiscovery)

Avatar of M A
Flag of United States of America image

What is the version of Exchange?
Avatar of Ahmed Al-Takrouri


Sorry, forgot to mention is exchange 2019 cu 11
Did you configure your MAPi/RPC VDs?
if not please configure
Try disabling IPv6 as well

Thats RPC,

Server           :***
ExternalHostname :
InternalHostname : mail.mydomainname

thats mapi

Server      :***
ExternalUrl :
InternalUrl :
found this fix on the registry would it work?


Value name: ValidPorts

Value data: ExchangeServer :6001-6002; ExchangeServerFQDN :6001-6002; ExchangeServer :6004; ExchangeServerFQDN :6004

Note:   * ExchangeServer should be the NetBIOS name of Mailbox server.

   * ExchangeServerFQDN should be the fully qualified domain name (FQDN) of Mailbox server.

my current value is

myExchangeServerName:593;myExchangeServerName :49152-65535
Yes. That would fix your issue.
I will take snapshot of my vm and apple that fix

I did change it to


yet i still get that error,
These are warnings, not errors, and they are benign.

Exchange 2019 uses MAPI/HTTP not RPC/HTTP.
I see, thanks for the tip.

But when I test via remote connectivity i'm getting an error not a warning,

User generated image
I got about 12 Exchange servers and i tested another without any errors.

User generated image
Does it succeed under the MAPI/HTTP tree? ExRCA tests both.
Sorry I didnt get you?

On remote connectivity there is no options to select for testing
Do you have ARR or firewall behind ?
If yes you will have to check that first.

Did you update your server to the latest build?
If not please do that test..
Both MAPI over HTTP and RPC over HTTP should be tested. Just one needs to work.User generated image
(I have warnings for both for the standard reason:
User generated image.)

You can also look at managed availability on the server to see what specific components are marked off line (if any) and see if there is an additional error reason logged with MA.

No we dont have ARR in our IIS and for the firewall, I will double check with our network engineer if there is any exchange port that is not open on the new exchange server and i will get back to you.

Yes, running the latest CU


I understand if it was a warning but it is an error not a warning.


Ports are open,

Please try the same after patching with the latest CU and security ups.

I already have the latest version, cu and updates.

I also have another issue i already posted here, every morning mail flow becomes so slow and the only way to make it work again is rebooting the server. I've checked everything, disk capacity, cpu, ram, host.

Restarting the services doesnt work. as soon i reboot everything goes back to normal all day.
Are there warnings on both or just on one?
its an error not warning,

User generated image
I understand. But do BOTH "RPC over HTTP connectivity" and "MAPI over HTTP connectivity" fail?

Mapi over is a warning,

User generated image

rpc over http is an error

User generated image
Do you have any clients so old as to require RPC over HTTP? (Outlook 2010 or before)

Not really, they're office 2016/2019.

So I can ignore that error in this case?

There is no workaround it to change it to warning instead?
Not that I know of. There is probably something wrong, perhaps Get-OutlookAnywhere or Get-OutlookProvider would show it. But since you have newer clients, they aren't using RPC/HTTP anyway. I wouldn't spend too much time on it.
get-outlookanywhere results,

[PS] C:\Windows\system32>Get-OutlookAnywhere
The task wasn't able to connect to IIS on the server ''. Make sure that the server exists
and can be reached from this computer: The RPC server is unavailable.
    + CategoryInfo          : ReadError: (ABC-EXCHMB-01\Rpc (Default Web Site):ADObjectId) [Get-OutlookAnywhere], IISN
    + FullyQualifiedErrorId : [Server=ABC-EXCH02,RequestId=fbbe9501-b8a1-434f-b21d-ec74db0ca583,TimeStamp=11/29/2021 7
   :00:47 PM] [FailureCategory=Cmdlet-IISNotReachableException] 9B02FD9C,Microsoft.Exchange.Management.SystemConfigur
    + PSComputerName        :

RunspaceId                         : b6020bc9-2534-4a36-bd27-f93e7ebe95d1
ServerName                         : ABC-EXCH02
SSLOffloading                      : True
ExternalHostname                   :
InternalHostname                   :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Negotiate
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.2 (Build 986.5)
Server                             : ABC-EXCH02
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=ABC-EXCH02,CN=Servers,CN=Exchange Administrative
                                     Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=MyDomainName,CN=Microsoft
Identity                           : ABC-EXCH02\Rpc (Default Web Site)
Guid                               : 8a791447-ba07-4996-b2cf-84d23dc6995d
ObjectCategory                     :
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 11/17/2021 12:48:34 PM
WhenCreated                        : 11/12/2021 2:43:34 PM
WhenChangedUTC                     : 11/17/2021 9:48:34 AM
WhenCreatedUTC                     : 11/12/2021 11:43:34 AM
OrganizationId                     :
Id                                 : ABC-EXCH02\Rpc (Default Web Site)
OriginatingServer                  :
IsValid                            : True
ObjectState                        : Changed

outlook provider results,

[PS] C:\Windows\system32>Get-OutlookProvider

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH        msstd:MyCertName 1
EXPR        msstd:MyCertName  1
WEB         msstd:MyCertName  1

NOTE: ABC-EXCHMB-01 is my old exchange name which i switchedit off at the moment i did not remove it yet.

I think you found your error right there.

U mean because the existing exchange server still exists in the forest?

I'm planning to remove it soon, in this case I will remove it tomorrow.
Avatar of Michael B. Smith
Michael B. Smith
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial