Re: Help with RPC over HTTP and requests for Credentials
From: Tim Hackbart [MSFT] (Timhack_at_online.microsoft.com)
Date: 01/13/05
- Next message: Pablo Vernocchi: "Re: A required directory operation was unsuccessful"
- Previous message: Evan Dodds [MSFT]: "Re: SSL Sending via IMAP Configuration?"
- In reply to: Daren DiClaudio: "Re: Help with RPC over HTTP and requests for Credentials"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 Jan 2005 17:52:23 -0600
Can you see any differences between the stores at all?
Are they the exact same VPN clients, exact same internet connection etc?
The other thing to look at is where the prompt is coming from.
You could check the event logs on the RPC Proxy Server and then on the Back
End Server to see if we have any issues there.
You could also check the IISlogs on the RPC Proxy server to see what error
codes we are getting back.
I am not aware of any registry key that would affect this issue, the only
thing I could think of was something that is different in the environment
between the two stores.
One thing to try is to start OL2003 with the /rpcdiag switch, and when you
get the Authentication prompt, look at the Connection Status box and see if
we are connecting to a server, or if we are not even showing a server
connection yet. This may let us know who is prompting, RPC or Exchange.
Try to figure out if there is any difference at all between the stores as
far as VPN and internet connection goes, and then where we are being
prompted
-- Tim Hackbart M.C.S.E. This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send email directly to this alias. This alias is for newsgroup purposes only. "Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message news:eDZQbMc#EHA.2316@TK2MSFTNGP15.phx.gbl... > > Strange, they why do the 20 other sites I am working with not prompt me? > > I have taken the vpn offline at the store I am currently working on to make > sure all traffic runs throught the RPC over HTTP setup. I have done this to > another store that is working without prompting for the password as well, to > test the functionality of RPC over HTTP and making sure the store is not > reliant upon the VPN being up to have the ability to interact with their > mail. It works great at the "test" store, but still prompts me at the > "problem" store. > > My goal is to not prompt for credentials. That is another reason I am using > NTLM Auth instead of Basic. I am 99% sure it is an issue on the client > machine becuase the other stores do not have to provide their passwords to > connect. > > I am confused as to why using NTLM auth over a VPN would cause issues? The > VPN equipment we use is transparent and the client machine can talk directly > to the internal IP Address of the Domain Controller. When using RPC over > HTTP, the client machine will just connect to the public IP address that > belongs to the mail cunstions of the Domain Controller and run the RPC > conmands over the HTTPS tunnel... or at least that is how I thought it was > working at the other stores. > > Any idea why this is one of only 5 stores that are exhibiting this behavior? > All 25 stores have XP SP2, MS Office 2003 SBS edition with all the updates > applied, and do not rely on the VPN to interact with their e-mail. Just 5 of > those stores keeps prompting for a password. > > Hehe, I am almost bald from this problem :-P > > Thanks for your help, I appreciate that someone is responding to my posts. > > "Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message > news:eBe3QEc%23EHA.2596@tk2msftngp13.phx.gbl... > > Ok, I gotcha.. > > > > So you can connect when you supply the correct credentials, I thought you > > were NOT able to connect, even after supplying credentials. > > > > In that case I do think it may be an issue with the VPN and the Domain > > Authentication interacting with both the Auth on the RPC Virtual Directory > > and Auth for Exchange. > > > > Setting Outlook and RPC to use Basic Auth will of course prompt you for > > credentials, then it should work, > > > > I have seen that using Basic Authentication is by far the most robust > > solution, and the one we use here at Microsoft. Using NTLM with VPN can > > cause issues as we are not totally in charge of the credentials that are > > sent. I have seen where the incorrect credentials are sent using NTLM, so > > we go to Basic only on the RPC Virtual Directory, then Always Prompt and > > only use NTLM on the Ol2003 client, and that works. You will be prompted, > > but then you are totally in charge of the credentials sent to the server. > > > > > > -- > > Tim Hackbart M.C.S.E. > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > > Please do not send email directly to this alias. This alias is for > > newsgroup > > purposes only. > > > > "Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message > > news:ea0mL0b#EHA.3616@TK2MSFTNGP11.phx.gbl... > >> > >> I will get you more info a little later, but as soon as I try to connect > > to > >> the server is when it asks. I can run outlook in offline mode just fine. > >> > >> I use NTLM authentication at all my sites (eventhough RPC over HTTP > > requires > >> SSL I still like having the added protection) The server and clients are > > all > >> set up to accept NTLM Authentication. I tried using Basic Auth as a > >> tshoot > >> measure but it didn't change the request for username/password (which if > >> I > >> manually supply it, outlook connects without a problem). > >> > >> Just a little frusterating :-) > >> > >> > >> > >> > >> "Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message > >> news:uqJEevb%23EHA.3820@TK2MSFTNGP11.phx.gbl... > >> > What are your Authentication settings on the RPC virtual Directory in > > the > >> > ISM. > >> > > >> > Also what are your settings in Outlook 2003 for Authentication. > >> > > >> > How far do you get into the Outlook session? > >> > If you launch Outlook with \rpcdiag switch, what do you see in the > >> > connection status dialog box? > >> > 827330 How to troubleshoot client RPC over HTTP connection issues in > >> > Office > >> > http://support.microsoft.com/?id=827330 > >> > > >> > I am curious if we are getting past the RPC Proxy Server and then the > >> > Exchange Server is the one that does not like your Credentials. > >> > > >> > -- > >> > Tim Hackbart M.C.S.E. > >> > This posting is provided "AS IS" with no warranties, and confers no > >> > rights. > >> > > >> > Please do not send email directly to this alias. This alias is for > >> > newsgroup > >> > purposes only. > >> > > >> > "Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message > >> > news:#1SaRpb#EHA.2192@TK2MSFTNGP14.phx.gbl... > >> >> > >> >> They do not use a proxy of any sort. > >> >> > >> >> Each location has a direct connection to the internet through a > >> > transparent > >> >> firewall and connects to a public IP address for their server cia a > >> >> DSL > >> > line > >> >> at each location.. It is as direct as you can go. > >> >> > >> >> They can use OWA and I have installed the certificate and added the > > FQDN > >> >> into the trusted internet sites catagory in IE's security (that is how > > I > >> > set > >> >> up the 20 other sites). > >> >> > >> >> I have researched this to death, I cannot seem to find what could be > >> > causing > >> >> the issue. The only thing I can guess is that there is some obscure > >> > registry > >> >> setting that is affecting the use of the current credentials (they are > >> > still > >> >> logging into the domain via the VPN). > >> >> > >> >> Any other ideas? > >> >> > >> >> Thanks you. > >> >> > >> >> > >> >> "Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message > >> >> news:ulPNUca%23EHA.2680@TK2MSFTNGP09.phx.gbl... > >> >> > Daren > >> >> > > >> >> > What are the Proxy/Web Access differences from the 5 locations that > > do > >> > not > >> >> > work? > >> >> > > >> >> > I have seen that in locations that require you to provide > >> >> > authentication > >> >> > to > >> >> > a Web Proxy to access the Internet, this will cause Rpc over Http to > >> > fail. > >> >> > So check to see if these locations have Web Proxies that require > >> >> > authentication. > >> >> > > >> >> > Also make sure that you can access OWA using SSL from these > > locations, > >> >> > that > >> >> > will ensure that you have a good SSL and TCP connection to the Web > >> > Server. > >> >> > > >> >> > My guess is that it is a Web Proxy Authentication issue, and > > currently > >> >> > there > >> >> > is no workaround except to modify the web proxy to NOT prompt for > >> >> > credentials. > >> >> > > >> >> > Let me know if this helps. > >> >> > > >> >> > -- > >> >> > Tim Hackbart M.C.S.E. > >> >> > This posting is provided "AS IS" with no warranties, and confers no > >> >> > rights. > >> >> > > >> >> > Please do not send email directly to this alias. This alias is for > >> >> > newsgroup > >> >> > purposes only. > >> >> > > >> >> > "Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message > >> >> > news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl... > >> >> >> Alright, > >> >> >> > >> >> >> I have this set up at about 25 total locations, 20 of which are > >> >> >> working > >> >> >> flawlessly. The other 5... well please let me know if you can help! > >> >> >> > >> >> >> I have each location logging into a domain accross a VPN. I have > >> >> > implemented > >> >> >> RPC over HTTP to minimize the load on the VPN equipment. The issue > > is > >> >> >> that > >> >> >> at 5 of these sites, they keep asking for the logon credentials > >> >> >> when > >> > you > >> >> > go > >> >> >> into Exchange. > >> >> >> > >> >> >> I have installed the certificate from the server, I have made sure > >> >> >> that > >> >> > the > >> >> >> terminals are using credentials that have not expired. If I allow > > the > >> >> >> terminals to connect using the normal RPC method that would require > >> >> >> the > >> >> > use > >> >> >> of the VPN it works fine, I am pulling my hair out trying to figure > >> >> >> out > >> >> > this > >> >> >> issue. > >> >> >> > >> >> >> I suspect it has something to do with a registry setting or other > >> >> >> configuration issue that I have not been able to find i the last > > month > >> > or > >> >> >> so. I have experience with setting this up correctly, but there is > >> >> > something > >> >> >> else wrong. > >> >> >> > >> >> >> Any and all suggestions will be appreciated.I have searched the > >> >> >> newsgroups > >> >> >> for possible answers to my issue and the posted responces to > > previous > >> >> >> questions did not resolve my issue. > >> >> >> > >> >> >> Again, thank you for your help. > >> >> >> > >> >> >> Daren > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > >> >> > >> > > >> > > >> > >> > > > > > >
- Next message: Pablo Vernocchi: "Re: A required directory operation was unsuccessful"
- Previous message: Evan Dodds [MSFT]: "Re: SSL Sending via IMAP Configuration?"
- In reply to: Daren DiClaudio: "Re: Help with RPC over HTTP and requests for Credentials"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
