• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

[SOLVED] OUTLOOK ANYWHERE ERROR CODE 64

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> [SOLVED] OUTLOOK ANYWHERE ERROR CODE 64 Page: [1]
Login
Message << Older Topic   Newer Topic >>
[SOLVED] OUTLOOK ANYWHERE ERROR CODE 64 - 8.Apr.2009 4:17:54 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Hi everybody,

After trying to configure Outlook Anywhere (OA) for a while without success, I hope finding a solution here ;)
Here is my configuration :

- Firewall Linux -> ISA Server 2006 SP1 (W2K3 SP2)-> Exchange 2K7 (W2K8)

- Isa Server is NOT a Domain Member (I don't want it to join the domain)

- OWA and ActiveSync work properly.

- OA works using the internal Exchange FQDN

- Certificates self-signed with Alternates Subject Names (internal & external names)

- OA enabled and ipv6 disabled (:::1 localhost commented out)

- Basic Authentication (ISA and Exchange)

- Valid Ports are configured with Local name and FQDN :6001-6002 and 6004

- Exchange server listener 6004 OK (telnet localhost 6004 works)


Internal : https://server.domain.local/rpc works properly (credentiels and blank page)
External : https://server.domain.com/rpc dosn't work (credentiels and error code 64)

I don't know what to do now ! Did I forgot something important ?
Is Someone experienced this issue ?

Thank you for your help ;)


< Message edited by funnybool -- 29.Apr.2009 11:18:34 AM >
Post #: 1
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 8.Apr.2009 7:07:52 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

check this 3 part troubleshooting guide:

Testing RPC over HTTP through ISA Server 2006 Part 1; Protocols, Authentication and Processing

Testing RPC over HTTP through ISA Server 2006 Part 2; Test Tools and Strategies

Testing RPC over HTTP through ISA Server 2006 Part 3; Common Failures and Resolutions


About the ISA on domain or not, I know you said you donīt want to join it to domain, but it may worth take a look at this:

Debunking the Myth that the ISA Firewall Should Not be a Domain Member

Maybe change your mind or maybe not.

Regards,
Paulo Oliveira.

(in reply to funnybool)
Post #: 2
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 8.Apr.2009 8:19:38 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Ignore your ignorance. Make the ISA a domain member....

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to paulo.oliveira)
Post #: 3
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 8.Apr.2009 8:35:51 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Thanks for your replies,

Ok I will ... ;) Even if I don't understand why I have to do that for configuring OA.

I let you know.

Thank you anyway.

(in reply to SteveMoffat)
Post #: 4
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 14.Apr.2009 3:34:39 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Hi everybody,

I scheduled a downtime and I joined my isa server to the domain.
I'm still having the same issue. OA still working inside the network(internal server name) but doesn't work outside (external site name)

Here are connections on my MBX server when I connect using internal server name :

TCP    192.168.170.221:6001   192.168.170.221:43677  ESTABLISHED
TCP    192.168.170.221:6001   192.168.170.221:43678  ESTABLISHED
TCP    192.168.170.221:6001   192.168.170.221:43680  ESTABLISHED
TCP    192.168.170.221:6001   192.168.170.221:43681  ESTABLISHED
TCP    192.168.170.221:6001   192.168.170.221:43682  ESTABLISHED
TCP    192.168.170.221:6001   192.168.170.221:43683  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43673  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43675  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43685  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43687  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43689  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43691  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43692  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43693  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43694  ESTABLISHED
TCP    192.168.170.221:6004   192.168.170.221:43695  ESTABLISHED

I noticed that my MBX server can't establish connection with himself (through the port 6004 and 6001 and just manage to connect to the port 6002) when I attempt to connect through the external site name :


TCP    192.168.170.221:6002   192.168.170.221:58869  ESTABLISHED


In the connection status I get the following :

---                                                    Directory                              ---              Connecting
---                                                    Directory                              ---               Connecting
SERVER.INTERNAL.NAME       Referral                                HTTPS     Connecting
---                                                    Directory                              ---               Connecting
---                                                    Directory                              ---               Connecting
SERVER.INTERNAL.NAME       Public Folders                    HTTPS      Connecting
SERVER.INTERNAL.NAME       Mail                                       HTTPS      Connecting

My certificates has a Subject : CN = external.site.name and has a valid date.

Do you have any ideas ?

Thank you for your help.

C.

< Message edited by funnybool -- 14.Apr.2009 3:57:27 AM >

(in reply to funnybool)
Post #: 5
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 14.Apr.2009 1:52:08 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

have you followed the troubleshooting guides that I pointed?

Regards,
Paulo Oliveira.

(in reply to funnybool)
Post #: 6
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 15.Apr.2009 6:35:10 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Hi Paulo,

Yes I Checked all the points mentioned in the links above.

I have a linux firewall / proxy in front of the Isa server.
The client connect to the linux Firewall through ssl.
ISA connect to the Exchange server (MBX/CAS) through ssl.

I have created a new external site name (rpc.domain.com)
This domain is directly linked to my mbx server (ProxyPass[Reverse])
In this configuration the connection is OK ! (except the certificate, but it's normal)

My external site name (exchange.domain.com with OWA and ActiveSync) is linked to the Isa server. In this configuration, I lost the connection when I try to connect to /rpc (error 64)

According to me, the Isa server drop the connection for an unknown reason.

I have some questions which could help me to fix this :

    - I have 2 different certificates :
             - On Linux Firewall : Subject = exchange.domain.com
             - On Isa and MBX   : Subject = exchange.domain.com
                                                 Alt Subject Name = exchange.domain.local
                                                                                 = autodiscover.domain.local
                                                                                 = autodiscover.domain.com
             - Outlook Anywhere external site name = exchange.domain.com

    I don't have any certificates problems (No warning, no outlook error ...)
    Can I eliminate the certificate issue ?

    - Is the *.domain.com certificate supported by Isa 2006 and Exch 2007 ?

    - My MBX/CAS server is not the DC Server. Should I modify something in my            configuration (ports, local firewall) ?

    - I can't modify the validports registry key, it rollback to default values each time I open the registry editor.

Thank you for your help.

Christophe.

(in reply to paulo.oliveira)
Post #: 7
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 15.Apr.2009 11:41:18 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

yes, ISA 2006 SP1 support certificate wild cards and SAN certificates.

The DNS name must be the same CN of the certificate.

Regards,
Paulo Oliveira.

(in reply to funnybool)
Post #: 8
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 20.Apr.2009 2:47:31 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Thank you for your reply.

I've read an article regarding my issue :

http://3cx.org/item/46#rpcoverhttp

I discovered a known issue in Apache 2.2 and RPC over HTTP. I will continue to investigate and will let you know.

Regards.
Christophe

< Message edited by funnybool -- 20.Apr.2009 5:08:55 AM >

(in reply to paulo.oliveira)
Post #: 9
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 23.Apr.2009 4:26:42 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

ok. Just wondering why youīre using Apache instead of configure all on IIS...

Regards,
Paulo Oliveira.

(in reply to funnybool)
Post #: 10
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 25.Apr.2009 2:30:21 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Hi,

For instance I can't remove my Linux firewall (and reverse proxy), but I will migrate all the rules on the ISA server soon.

Thanks for your help.
I appreciate.

Christophe





< Message edited by funnybool -- 29.Apr.2009 11:19:54 AM >

(in reply to paulo.oliveira)
Post #: 11
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 28.Apr.2009 9:03:09 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

canīt you just forward the traffic form Linux firewall to ISA firewall and let the computer which is installed Exchange server handle the RPC traffic?

Check this: Implementing RPC over HTTPS in a single Exchange Server 2003 environment

Regards,
Paulo Oliveira.

(in reply to funnybool)
Post #: 12
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 29.Apr.2009 11:17:06 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Hi,

No I can't forward the traffic because Apache block the RPC_IN_DATA.

To solve the problem I'm using Squid3 instead of the apache proxy module and I foward the traffic to my Isa server.

All is working fine.

Thanks for your help.

(in reply to paulo.oliveira)
Post #: 13
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 29.Apr.2009 3:59:45 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

I mean on your firewall (IPtables). Canīt you create a rule redirecting all traffic that comes on 443 port? Or do you have only one valid IP?

Regards,
Paulo Oliveira.

(in reply to funnybool)
Post #: 14
RE: OUTLOOK ANYWHERE ERROR CODE 64 - 4.May2009 2:59:22 AM   
funnybool

 

Posts: 9
Joined: 8.Apr.2009
Status: offline
Hi,

I've added a new virtual card on my linux firewall. This NIC has a new public IP.
I foward all the trafic on port 443 to my Isa Server.

Christophe.

(in reply to paulo.oliveira)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> [SOLVED] OUTLOOK ANYWHERE ERROR CODE 64 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts