Re: RPC over HTTPs
- From: Bart <Bart@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 25 May 2006 13:49:01 -0700
Hi Jim,
The client trusts the CA.
and I did make the changes in the registry.
I think,however, that I have finally found the solution. Using netstat -ano
on the server told me that store.exe was not actually listening on port 6001
and mad.exe not on 6002 (lsass.exe , however, was correctly listening on
6004).
I went back into the registry and found that there was an entry rpc\internet
that was probably left over from trying to get RPC over TCP/IP to work. I
felt lucky (desperate?) and deleted it, rebooted the server, and then
everything worked.
(Confirmed by netstat -ano and then by connecting with outlook from outside
my firewall).
"Jim McBee [MVP Exchange]" wrote:
Bart:.
It is obvious that you have done your research on this. When you
connect to the Exchange server using IE using the http://exchangeserver/rpc
URL, do you get a message indicating that the CA that issued the certificate
is not trusted? If so, THAT will break RPC over HTTPS for sure. Make sure
that the CA's certificate is installed on the client. Maybe I'm thinking of
something too simple, though.
Did you make the manual changes to the DC/GC that you are supposed to
make in the Registry? There used to be a KB article on configuring RPC over
HTTPS in a single server environment, but that information has been rolled
up in to the "RPC over HTTP Deployment Scenarios" gude. You can get to it
here:
http://support.microsoft.com/Default.aspx?kbid=833401
I just spent an entire day troubleshooting a very similar problem but it
turned out the workstation was having network problems. :-)
--
Jim McBee
Blog: http://mostlyexchange.blogspot.com
Free eBook: http://nexus.realtimepublishers.com/ttgsm.htm
"Bart" <Bart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D23E1540-9521-498C-8A57-36B3919AAB6E@xxxxxxxxxxxxxxxx
I followed the MS and some non-MS tips on how to setup RPC over HTTPs, but
so
far no luck.
The server runs Exchange 2003 with the latest patches. It is also a
Win2003
DC.
My client computer has Outlook 2003 with all latest patches. IE on that
machine can access the https:// address that is supposed to give access to
exchange.
Using /rpcdiag tells me that the 'directory' type is connecting through
https, but the 'mail' type fails.
When outside the firewall, I can see the 'mail' connection tries to
connect
with the NETBios name, rather than the FQDN (The 'directory' type
connection
uses the FQDN). I added the NETBios name to the hosts file and checked
that
it is pingable with its NETBios name).
Running the same Outlook machine from inside the firewall does connect
successfully, but an inspection of the /rpcdiag window shows that it is
cheating (using TCP/IP instead of HTTPS for the 'Mail' type connection,
and
HTTPS for the 'directory' type connection. )
Could there be an issue with the certificates? Because 'mail' is using the
NEtbios name, does that mean it will want a certificate with that as the
full
name?
Thanks.
- References:
- Re: RPC over HTTPs
- From: Jim McBee [MVP Exchange]
- Re: RPC over HTTPs
- Prev by Date: Re: OWA SSL Certificate
- Next by Date: Exchange 2003 and Outlook 2003 via the Web?
- Previous by thread: Re: RPC over HTTPs
- Next by thread: Re: Satellite connection via RPC over HTTP times out
- Index(es):
Relevant Pages
|
