Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RPC logon problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RPC logon problem - 24.Jun.2007 4:56:39 PM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
Hi,
I have setup RPC with Exchange 2003 and ISA 2006 following one of the guides from this page. When I test it using a webbrowser to https://mailserver/exchange it works great, and I can see in the ISA log that the connection is running.
But when I try to connect using Outlook, I get a login box, and after a while the connection fails. When I look in the ISA log I also see a failed connection entry.
Does anyone know what could be causing this issue?
Thanks
|
|
|
|
|
RE: RPC logon problem - 26.Jun.2007 2:30:57 AM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
The firewall published rule is an Exchange Web Client Access publishing rule and I have chosen Outlook RPC/HTTP(s) as the type.
As I said in my first post, when I log on using the web interface on https://mailserver/exchange it works fine and I get my Outlook Web Access, but when I open Outlook from a client not logged on to the company network and try to start the RPC/HTTPS connection, I get the login prompt, and after a while i get a message saying that the exchange server must be online to connect. Also when I look in the ISA logs I can see that I first get a initiated connection and immidiately after that I get a failed connection attempt.
I dont know if this info helps?
|
|
|
|
|
RE: RPC logon problem - 26.Jun.2007 9:15:59 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Did you create a rule publishing RPC/HTTP?
What guidance did you use to set it up, since there are many moving parts to a successful RPC/HTTP solution.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC logon problem - 26.Jun.2007 9:25:35 AM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
Hi,
I am using the guide from this site called "ISA Firewall Publishing OWA and RPC/HTTP with a Simgle IP Address"
|
|
|
|
|
RE: RPC logon problem - 28.Jun.2007 10:03:51 AM
|
|
|
Jeroen_317
Posts: 73
Joined: 18.Dec.2002
From: Belgium
Status: offline
|
Hi,
our you using Outlook 2003 or Outlook 2007?
Regards,
J.
|
|
|
|
|
RE: RPC logon problem - 29.Jun.2007 2:37:14 AM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
Hi,
I have tried going through the troubleshooting guide, but I cant seem to find any errors, I have also tried starting from scratch following the guide again, but still no luck.
I dont know if my server setup makes any difference. My RPC/HTTP Exchange server is installed on a server that is also one of two domain controllers in my domain. There are also wo Exchange servers in the domain. The ISA server is a 2006, and the Ootlook clients are both 2003 and 2007.
|
|
|
|
|
RE: RPC logon problem - 29.Jun.2007 7:43:05 AM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
New update!
I have just tested the setup with a Outlook 2003 on the internal network, and it seems to work fine. I have arranged an external test on Outlook 2003 later today, maybe there are some issues with Outlook 2007?
|
|
|
|
|
RE: RPC logon problem - 2.Jul.2007 5:33:30 AM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
Just an update:
This weekend I have tried to work with Outlook 2003 to see if this makes any difference. So far, when I open Outlook, I get the login prompt where I enter domain\username and password. But when I click enter, the login box just comes back again over and over, and in the ISA log, there are no entries of either failure or success.
I have tried using RPCPing to troubleshoot, and I enter the following string:
rpcping.exe -t ncacn_http -s InternalFQDN -o RpcProxy=ExternalFQDN -P "username,domainname,*" -I "username,domainname,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none
And the result from this is:
RPCPinging proxy server ExternalFQDN with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in 250 ms
So it seems that RPC is setup correctly, but I still cant get a connection when using Outlook 2003/2007 
|
|
|
|
|
RE: RPC logon problem - 3.Jul.2007 3:07:24 AM
|
|
|
Jeroen_317
Posts: 73
Joined: 18.Dec.2002
From: Belgium
Status: offline
|
Are you certain your certificates are okay? Have you imported the CA certificate to your local computer running Outlook? That's necessary if you haven't bought "official" certificates.
|
|
|
|
|
RE: RPC logon problem - 3.Jul.2007 1:12:29 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Yes, the CA certificate must be installed on the client -- that's one of the most common reasons for the connection to fail.
Make sure that you're using basic delegation
Make sure that you're entering the correct name for the proxy on the client side -- this is the name on the certificate bound to the Web listener.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC logon problem - 4.Jul.2007 5:05:06 AM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
I have bought an official certificate, but I have tried installing this on the client as well with no result.
I am using basic delegation. The certificate is bound to the address owa.companyname.dk and this is also the name I use in Outlook.
|
|
|
|
|
RE: RPC logon problem - 5.Jul.2007 6:04:59 AM
|
|
|
JohnnyLehnemann
Posts: 8
Joined: 13.Apr.2004
Status: offline
|
Is there something I'm missing?
I bought an official certificate from www.instantSSL.com , I chose an Essential SSL certificate and I set the common name in this to the external DNS/FQDN name of my mailserver owa.companyname.dk, have I bought the wrong certificate or have I configured it incorrectly?
Remember that when I call https://owa.companyname.dk/exchange, it works fine, and I can see that the certificate is loaded as well. With this approach I can also see a log entry in the ISA logs where the connection is allowed, open and closed accordingly.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
