Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RPC over HTTPS status code 64
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RPC over HTTPS status code 64 - 8.Aug.2006 11:42:07 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
Hello all,
I've been looking at it for the last few hours (searched extensively this site, too) but I can't seem to make RPC over HTTPS work with thru ISA 2004 std.
A little history. I have a single Exchange server. I had configured RPC over HTTPS and it worked thru a 3com firewall. The firewall, was dying so I replaced it with an ISA server. Now I can't get an IPSec vpn to work (but that's another story), I can't access my DMZ from the lan (but that's also another story), and finally I can't use RPC over HTTPS anymore.
I've transfered the cert from the exchange server to the isaserver, and I can access everything else that's on that server thru HTTPS. Now here's the setup: WAN --- ISA --- Exchange (BE RPC/HTTPS).
Let me answer the usual questions:
Help? Anyone??
< Message edited by PVerdieu -- 19.Sep.2006 11:11:33 PM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 10.Aug.2006 4:59:26 AM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
Hi Tom,
Unfortunately no it didn't help, still getting the "Error Code 64" error. both locally on the ISA server and on remote clients, but not anywhere else on the LAN, so I know it is an ISA problem.
HELP (getting mighty frustrated here)
|
|
|
|
RE: RPC over HTTPS status code 64 - 10.Aug.2006 2:24:52 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi P,
What is the name on the TO tab?
What is the name on the public name tab?
What is the name of the proxy the client is configured to use?
What is the name of the Exchange Server the client is configured to use?
Are you delegating basic credentails?
Are you authenticating at the ISA firewall?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 10.Aug.2006 4:34:02 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
TO Tab: <fqdn>
Public Name: <fqdn>
Proxy: <fqdn>
Exchange Name: <netbios>
Delegating: yes
authenticating at ISA: NO (tried both)
split DNS is used and internally <fqdn> = <netbios>
Certificate Common name on <netbios>: <fqdn>
< Message edited by PVerdieu -- 19.Sep.2006 11:13:31 PM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 13.Aug.2006 6:33:19 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi P,
Couple of things seems out of whack or that I don't understand.
For a split DNS to work, the same name should resolve differently depending on the location of the user. For external users it resolves to the ISA firewall's external address, for internal users it resolves to the name of the actual host (at least in one scenario, there are ways to make it resolve to the name of the ISA firewall's internal interface Web listener too).
You should be authenticating at the ISA firewall and use basic delegation and the ISA firewall should be a domain member (obviously).
Make sure the /rpc directory is configured to use basic auth
Finally, run the ISA firewall BPA on the ISA firewall to check certificate status.
On the client, do you see HTTP connection attempts in the Status dialog box (when you CTRL+right click the Outlook icon in the tray?)
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 14.Aug.2006 9:17:43 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
- Web Listener is configured to use only BASIC authentication and listens ONLY for SSL
- Split DNS is configured correctly (external points to external address, internal points to exchange server)
- ISA server is domain member
- authenticating at the ISA firewall and using basic delegation ONLY
- the /rpc directory is configured to use basic auth and ONLY basic auth
- The only thing on ISA BPA is that a policy blocks FTP uploads
- outlook /rpcdiag or ctrl right click on icon show (translated from french):
(First line)
Server Name: ---
Type: repertoire
Connection: ---
State: connecting
(second line)
Server Name: <netbios>
Type: reference
Connection: https
State: connecting
< Message edited by PVerdieu -- 19.Sep.2006 11:14:46 PM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 18.Aug.2006 2:15:57 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
Help? anybody?
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 18.Aug.2006 2:48:43 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi P,
What is the IP address of the Exchange Server?
What IP address is reported when you ping the Exchange Server from the ISA firewall?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 18.Aug.2006 3:41:29 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
IP address is: <IP> and is the correct one pinged from the ISA server
< Message edited by PVerdieu -- 19.Sep.2006 11:15:19 PM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 21.Aug.2006 5:23:24 PM
|
|
|
gja
Posts: 50
Joined: 15.Aug.2006
From: The Netherlands
Status: offline
|
Hello,
I know about some problems with RPC over HTTPS. We opened a call at microsoft and the first thing they said; "make sure you are using SP1 for w2k3 and sp1 for exchange". Are you using sp1?
good luck
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 21.Aug.2006 9:06:17 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
Hi GJA,
Thanks for the info, but I am already running SP1 everywhere (I'm a big proponent of keeping everything patched up as much as possible). Glad to know I'm not alone in this though ;)
Tom,
Yes the ip address of the internal interface is in the same network as the mail server.
< Message edited by PVerdieu -- 19.Sep.2006 11:16:22 PM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 29.Aug.2006 9:37:04 AM
|
|
|
Treolorn
Posts: 3
Joined: 29.Aug.2006
Status: offline
|
I have this trouble to :(
i can't do anythink :(
Windows 2003 SE SP1
ISA Server EE SP2
Exchange 2003 SP2
if i use https://<my internal mail server name>/rpc/rpcproxy.dll, after autorization i have blank page
if i use https://<my external mail server name/rpc/rpcproxy.dll, after autorization i have error code 64
my OWA on external name - is working fine on https.
ISA BPA reporting this:
"SSL connection failure with published server (name mismatch)."
My internal web server have a certificate "mailserver.domain.local", my exteral domain name (is a ISA Server) - mail.domain.com. My sertificate ISA Server name is mail.domain.com.
How i can fix this?
i'm fix error with "name mismatch", but i have steel Error Code 64 :(
< Message edited by Treolorn -- 29.Aug.2006 12:18:47 PM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 29.Aug.2006 4:47:57 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
Hi Treolorn,
On your ISA server, if you do a https://<my internal mail server name>/rpc/rpcproxy.dll, what does it give you? I get an error code 64 whereas on the rest of the lan it works OK.
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 30.Aug.2006 7:16:57 AM
|
|
|
Treolorn
Posts: 3
Joined: 29.Aug.2006
Status: offline
|
don't worry T,
i'm writed in end of my post what i fix this. I'm change all names (TO in rule and certificate) to "mail.domain.com", and test my OWA. OWA is working fine, but 64 error is steel present. Please, read to end..
P,
on my ISA Server i got blank page. And if i use my external address from ISA - its OK - blank page. But i edited "hosts" file, to resolve mail.domain.com to internal IP of mail server.
i get error 64 only if i use external address from LAN or from Internet.
< Message edited by Treolorn -- 30.Aug.2006 7:18:42 AM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 1.Sep.2006 2:23:44 PM
|
|
|
Treolorn
Posts: 3
Joined: 29.Aug.2006
Status: offline
|
P,
do you have install user certificate for ISA Firewall service?
to all,
how i can test my certificate authentication between WEB and ISA servers?
< Message edited by Treolorn -- 1.Sep.2006 2:24:59 PM >
|
|
|
|
|
RE: RPC over HTTPS status code 64 - 1.Sep.2006 3:18:02 PM
|
|
|
PVerdieu
Posts: 16
Joined: 23.Jun.2005
From: Varennes
Status: offline
|
Treolorn,
Yes I have installed the certificate, OWA works with another rule. I don't know how to test the certificate authentication between the web and Isa server though, but I would try to publish a simple website if I were you.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
