RPC over HTTP

From: Mark (mddpub-remove-this_at_silcon.com)
Date: 07/20/04 

Date: Mon, 19 Jul 2004 18:03:27 -0700

Hello,

I spent an entire day attempting to configure Exchange
2003 for RPC over HTTP functionality. This is a single
server installation. We have a cisco PIX firewall which
is doing network address translation. There is an
inbound port mapping for port 443 for https traffic.

I have followed all of the insturctions listed in KB
Article 833401. I can connect to https://my.server.com
and get the HTTP Error 403.2 - Forbidden: Read access is
denied. I do not get any SSL certificate errors.

When I configure Outlook 2003 to connect using RPC to the
server, I get the login dialog box which prompts for a
username and password, which I enter (this appears to be
the authentication to IIS), and then the box go aways for
about 20-30 seconds until I get "The connection to the
Microsoft Exchange Server is unavailable.

In my IIS log file, I see the following:

2004-07-20 00:48:47 192.168.1.5
RPC_IN_DATA /rpc/rpcproxy.dll mail.xyz.com:6004 443
XYZ\administrator 207.1.1.87 MSRPC 404 2 1260
2004-07-20 00:48:47 192.168.1.5
RPC_OUT_DATA /rpc/rpcproxy.dll mail.xyz.com:6004 443
XYZ\administrator 207.1.1.87 MSRPC 404 2 1260
2004-07-20 00:48:47 192.168.1.5
RPC_IN_DATA /rpc/rpcproxy.dll mail.xyz.com:593 443
XYZ\administrator 207.1.1.87 MSRPC 404 2 1260
2004-07-20 00:48:47 192.168.1.5
RPC_OUT_DATA /rpc/rpcproxy.dll mail.xyz.com:593 443
XYZ\administrator 207.1.1.87 MSRPC 404 2 1260

Can anyone tell me why I'm getting these 404 errors? I
can authenticate to the IIS server just fine if I'm going
to something like https://mail.xyz.com/exchange. I've
disabled anonymous authentication on the /rpc directory
and enabled basic authentication exactly as specified in
the docs.

Could this problem somehow relate to the fact that the
internal hostname/IP address is different than the
external hostname/IP address because we're using NAT with
split horizon DNS? I've put in all possible hostnames in
the registry under the ValidPorts key. Since the call to
IIS appears as mail.xyz.com in the logs, I'm assuming
this is the hostname which it's attempting to proxy the
RPC requests, so that shouldn't be a problem since I've
definately put that hostname in ValidPorts.

I think it's something more simple to do with IIS, but
I've run out of ideas.

Your help is very much appreciated.

Mark

Relevant Pages

  • Re: Security of IIS - Secure Intranet web site on SBS2003 box
    ... > take two days to rebuild their server and return everything to normal. ... > Before 'Code Red' IIS was considered reasonably secure. ... >> over HTTP via SSL for OUTLOOK-EXCHANGE links to users operating in the ...
    (microsoft.public.windows.server.sbs)
  • Re: Still working on 400 errors Hostname
    ... client was attempting to use HTTP v1.0. ... client is using HTTP v1.0 (or there is a proxy inbetween that is using HTTP ... this does not look like an IIS problem. ... look at your browser configuration -or- your proxy server configuration. ...
    (microsoft.public.inetserver.iis)
  • RE: OWA Problems
    ... I had a similar problem after installing SharePoint services and the fixes ... with the “IE Friendly HTTP errors” turned off I get ... > I have checked the IIS settings for the root website and the “exchange” ... > I have tried to connect to it using the server name and its IP addresses ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS not responding to some requests Error: 12029
    ... Error 12029 is *not* a HTTP status code. ... connect to the internet (I assume that you do *not* see anything in the IIS ... logs that matches these requests from XMLHTTP? ... The error frequency is not correlated to server activity. ...
    (microsoft.public.inetserver.iis)
  • RPC over HTTP
    ... Are the proper ports opened in the firewall to the ... >server installation. ... >the authentication to IIS), and then the box go aways ... >external hostname/IP address because we're using NAT ...
    (microsoft.public.exchange.connectivity)