Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RPC over HTTP status code 64
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RPC over HTTP status code 64 - 5.Apr.2006 2:29:53 PM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
Hi,
I'm running into problems publishing a single Exchange server using RPC over HTTP.
I followed the setup as described in procedure 8 in http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/exchage2003.mspx and on the internal network, RPC over HTTP works without problems. Outlook.exe /rpcdiag seems to be showing the right connections.
Outside the ISA firewall, 'Referral' appears to be successful (I receive a login box, for the Exchange server, the connection disappears afterwards), but the connection times out trying to make a 'Directory' connection. Using a network monitor, plenty of traffic appears to pass between the Exchange server and the External host. Using the ISA logging feature, I'm seeing a number of Failed Connection Attempts with status code 64 returning from the Exchange server.
The connection is setup as below:
+------+
| ISA |
Client -> *.tamtam.nl --|Server|-- dft-isa-003.tamtam.nl -> exchange.tamtam.nl
| |
+------+
The certificates use the names above (external is a wildcard, internal names are issued by our internal CA). I can access OWA and the RPC path from the ISA server without receiving warnings about the SSL certificate. On the internet, exchange.tamtam.nl resolves to the listener used for this publishing rule.
I can imagine one of two things might be happening:
1 - RPC over HTTP is unable to use a wildcard certificate
2 - The netbios name for the exchange server is dft-xch-002 (exchange.tamtam.nl is a CNAME). This name is unavailable to the outside world, but is the one used in normal Outlook profiles.
Any other suggestions for troubleshooting this?
-M
< Message edited by mbassie -- 5.Apr.2006 2:31:13 PM >
|
|
|
|
|
RE: RPC over HTTP status code 64 - 10.Apr.2006 1:03:10 PM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
Added a separate listener for RPC over HTTP, set it to HTTPS, Basic auth, credentials forwarding. I get the login box for the HTTP connection to the exchange server, but the connection still times out. Mutual authentication stops me from authenticating successfully to the web listener.
What's odd is that I'm seeing success audits in the DC and Exchange server security event logs for the external machine used to test this setup.
One thing I can think of is that the Exchange server is only a member server in the domain, and the two GCs don't have the "NSPI interface protocol sequences" key - although I really don't want to add it unless it's absolutely necessary.
Is there any other logging I could enable for this?
-Martin
|
|
|
|
|
RE: RPC over HTTP status code 64 - 24.Apr.2006 5:26:58 PM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
quote:
ORIGINAL: tshinder
Hi Martin,
Do you see any denied connections on the ISA firewall?
Do you see any allowed connections?
thanks!
Tom
Hi,
Meant to get back to this earlier :).
I'm seeing allowed established connections, after which I receive a HTTP status code 64 as a response. I imagine that's somewhat of a problem :D.
The ISA server isn't denying any RPC/HTTP traffic, so the rule -appears- to be setup properly.
-Martin
|
|
|
|
|
RE: RPC over HTTP status code 64 - 3.May2006 2:20:43 PM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
Re-ran the BPA (you never know, something might pop up :).
I get 4 warnings, and 1 'best practices' item
Best Practices:
- OWA listening on HTTP port (this is done because it lets me automatically redirect connections to the HTTPS port, instead of simply refusing). It's not the same interface as I reserved for RPC over HTTP.
Warnings:
- Connection limit exceeded (this is an expected error for me)
- IP spoofing alert (not expected, but these do occasionally pop up)
- Unsupported compression type in HTTP response (not expected, but not harmful)
- DNS search order is blank (this is the external interface. The machine runs a DNS master for split DNS, but it must use the internal interface to resolve names)
-Martin
|
|
|
|
|
RE: RPC over HTTP status code 64 - 5.May2006 9:58:11 AM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
quote:
ORIGINAL: tshinder
Hi Martin,
Is the ISA firewall resolving the name on the To tab to the actual IP address of the RPC proxy?
Thanks!
Tom
Aye.. It gets the right IP address for the RPC proxy, which runs on our Exchange server. What confuses me is that it returns 'The specified network name is no longer available.'. The machine's netbios name is different from the servicename, though, and I know Exchange is still very fond of using netbios. I just can't really afford to not use service names.
I'm stumped :). Maybe I should rethink the setup.
|
|
|
|
|
RE: RPC over HTTP status code 64 - 8.May2006 3:55:41 PM
|
|
|
mbassie
Posts: 36
Joined: 23.Mar.2005
Status: offline
|
Hi Tom,
Forwarding basic credentials, also have only basic authentication on the HTTPS listener (no HTTP). From what I can tell, this setup should work. Would it help if I used a completely different name from the Exchange server on the outside?
-Martin
|
|
|
|
|
RE: RPC over HTTP status code 64 - 8.May2006 10:38:25 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Martin,
You shouldn't need to change the name of the Exchange Server, not even in the client configuration. If the client is configured to use the correct FQDN to create the RPC proxy, that's all that's required.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC over HTTP status code 64 - 7.Aug.2006 3:45:47 PM
|
|
|
kjacobsen
Posts: 3
Joined: 22.Jul.2006
Status: offline
|
I have basically the same setup, it was working until i tried to swap the certificates for the listener (just bought one). Anway, now i get a HTTP error code 64 for the rpc proxy. Weird thing is OWA works.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
