I have configured RPC over HTTPS according to the following article http://support.microsoft.com/?id=833401 Ė but my main problem is that it works from inside the company but not from the outside. My setup is like this. I have two domain names one called https://mail.outside.com (this is being used for outside access) (this also has a valid certificate optained from Thawte) and I use an internal name called serverhostname.inside.com. Certificate Issued by me from Thawte is on name https://mail.outside.net/exchange, I have also tried by issuing certificate with https://mail.outside.net, but my problem does not get reduced.Exchange server has IP 192.x.x.AAA which is connected to my ISA server that has Public IP. ISA Server 2004 is located between Exchange server 2003 and Internet, so that my exchange server is back end server (no front end in my scenario). If i ping to mail.outside.com , it resolves correctly to my Public IP of my ISA Server 2004 from outside.If I use https://servername.inside.com - then I am able to make the Connection from the inside through RPC over HTTPS and if i use the real name from the Outside https://mail.outside.com, then also i am able to do the connection by giving my username and password. I am also able to get to the website https://mail.outside.com/rpc/proxy.dll by getting a blank page when I am connected to outsideEverything else on the server works, I can use the OWA from outside through https://mail.outside.com/exchange.I have also configured my ISA server to disable ďCompression filterĒ, after doing so I am able to get all test correct from inside as well as outside. I configured the valid ports to look at my internal name servername.inside.com. I type following command on Exchange Server which is mine back end server c:/>rpccfg /hd server Name Port Settings mail.zzz.com 6001-6002 6004 servername 6001-6002 6004 servername.xxx.com 6001-6002 6004 I configured the RPC folder to use Basic auth, and to use SSL ::::::ACTUAL PROBLEM::::::when i configure my outlook , it does not resolves my name correctly to servername.inside.com and it gives me. ďThe Action Could not completed. The connection to Microsoft exchange server is unavailableĒ Do you have an idea what the problem is, if you need more info let me know.Thank you
I configure RPC over http to my front end. And itís working from the inside network can see from Outlook /rpcdiag that connection is made by https. But from the external I canít login using the same pc. Iím using cisco pix fro internet firewall and ISA 2004 . Cisco pix is allowing port 80, 443, 25,135 and I publish exchange RPC in ISA using mail wizard.. but itís not working . from the inside I canít ping my rpc proxy using rpc ping command rpcping -t ncacn_http -s "back-mail" -o RpcProxy="front-mail" -P "user, domain, password" -I "user, domain ,password" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none Itís Failed with error 401 client is not authorized to ping RPC proxy. Please help Iím complete lost
Just wanted to first start off and say hi to all of you. I am new to the site. I am not sure if I am in the right place for this but i will try anyways. I am running a MS SBS2003 server at my home with a standard linksys router. My internet is cable and they do block port 80. I am running exchange server on my sbs server. I was able to change the port that the webmail works on so I could get to it. The sbs server is domain server MRUOTOLO.local Now what i am trying to do is set up RPC over http. I dont have a static at my house so i am using a dns fowarder no-ip.com. I cant seem to get rpc over http to work. i have setup everyhing in outlook and just used mruotolo.myvnc.com which is the dns forwarder. But it prompts me for my password and i put it in but the server does not connect. Well i am thinking that the man problem is becuae the sever is just a .local and its not out on the web. If this is the case can or should i get a valid domain for it so i can put it out on the web. I do own mruotolo.com. No i know its a lot but i am new to the server situation trying to learn doing the hands on atempt. Well any help would be apreciated. Thanks Mike
I just spent all day on the phone with MS over this one. Here is what I found out starting with what my problem was.
Environment: ISA Server 2006, tri-homed (WAN,DMZ,LAN) Exchange 2003 Frontend server in DMZ (single homed) Exchange 2003 Backend server on LAN (single homed)
Solution: In addition to the usual set of firewall rules for the Frontend to talk to the Backend and the DCs and the GCs there are three additional ports for RPC over HTTP aka RPC Proxy. TCP Ports 6001,6002,6004. You can verify this in the registry on the Frontend server (assuming that your Frontend server can talk to the Backend already and that Exchange System Attendant is running) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy\ValidPorts
Create custom protocal(s) for 6001-6002, 6004 or 6001-6004 if you are lazy like me and allow them from the Frontend to the Backend.
Other things I learned. 1) Error 64 when connecting through the ISA box to https://mail.company.com/rpc/rpcproxy.dll via a web browser is NORMAL and is the CORRECT behavior. What error 64 means in this regard is that the wrong client agent was used to access the url. In this case a web browser was used instead of Outlook/MSPRC.
2) ISA Server 2006 is not currently (May 31, 2007) fully compatible with Windows Server 2003 SP2. You need to make the following registry changes and reboot. (please go verify this somewhere, I am going off of what MS told me) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "EnableTCPA"=dword:00000000 "EnableRSS"=dword:00000000 "EnableTCPChimney"=dword:00000000 **and perhaps: "EnableSecurityFilters"=dword:00000000
3) To restart IIS from and command prompt even faster type: iisrest
4) The ISA Best Practices Tool has the Debug tools in it that MS will need to assist you so be sure to keep your Best Practices Tool up to date
5) When using "outlook.exe /rpcdiag" HTTPS means RPC over HTTP and TCP/IP means straight RPC.
6) To troubleshoot RPC over HTTP you may have to disable Outlook's ability to revert back to using straight RPC. [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\RPC] "DisableRpcTcpFallback"=dword:00000001
7) ISA Server 2006 has all kinds of nefty monitoring filters, don't be afraid to add columns so that you can see more and create filters that filter applied rules. For example, a filter like Rule Equals "Inbound Exchange Services" can come in hand when troubleshooting.
I have a question. I'm not "uber" technical, but have managed to get it all working. And can connect to our exchange over our 3G cards (great)
My problem is when the user comes back into the office, they plug in a Lan cable instead of going over their 3G card, in which case it doesn't connect to the exchange server. and so have to go into the settings and untick the tick box "connect using http" but as the users would find this too technical and time consuming, for now i have simply created 2 seperate profiles (in office) and (away from office) configured differently, one to use rdp over http, and one not to.
The only trouble is at the end of a work day there could be a lot of changes that would then need to be sync'd over the 3G card.
Ideally, i'd like one profile that i can change the way it connects by the click of a button. Is there a way to enable/disable the "Connect over HTTP" tickbox by the click of a button without going into the settings?
From: Sydney, Australia
I haven't read the entire thread so I may be barking up completely teh wrong tree here... but.. Could this be done with a .reg file you double-click to alternate between your settings? ie: Set one way, export appropriate keys, chance to alternate and export Then you have 2 files to choose between...
Hi friends, I am standing as we say in German "luike the donkey at the mountain". I have done Outlook RPC over HTTP a few times on different clients, everything works. Now I go a new machine at home, where my wife and me are working with. My wifes account works, mine not, always telling "disconnected". On my old PC at home it worked!!! I have done exactly as it should, establishing VPN, puting all the parameters in the windows, OL 2003 works fine on VPN. Once VPN is disonnected, it asks for user name (which is already preset in form domain/user) and my password. But it never connects. No other RPC over HTTP connection is active!
Firewall cannot be the issue. Web works, the protocol is the same and the ports 80 and 473 are open. OWA works too! I am not an ISA expert, but I saw in the log of the ISA2004 something like he is refusing the connection, because "too many attempts within one second". Does it make sense for you experts?
Your article was very informative. I could successfully setup my outlook client, to connect to my company exchange, from HOME.
However, in another scenarion I cannot. @ work, from my desktop, I establish a VPN connection using Juniper to my client network (so logically/ network-wise I am dis-connected from my company network) But in that scenario I cannot establish a RPC over HTTP to the same exchange server (to which I can, from home)....I suspect some firewall port is blocked.
Which port could it be? and in what direction 'exchange-server' to 'my-desktop' or the opposite?
I tried the "outlook /rpcdiag" command but that did not reveal any port number; except indicating status to the effect ....'attempting connection' followed by 'disconnected'
PS: However; With VPN established, internet browsing remains open and I can access Outlook-Web-access (and I supply the same owa url in exchange proxy settings, of my outlook client)