Re: RPC over HTTP scenario
- From: "Stephen Harrington" <stephen@xxxxxxxxx>
- Date: Sat, 4 Mar 2006 13:05:54 -0700
Thanks for the information Ken.
I think my problem goes back to the certificate issue now.
I followed instructions in
http://support.microsoft.com/default.aspx?scid-kb;en-us;831051 to use the
RPC Ping utility to test connectivity from the outside to the server.
The returned error was "Error 12175 returned in the WinHttpSendRequest".
That error points back to a certificate issue.
Keep this in mind on this problem. The server system DOES NOT have a public
IP address. The firewall system has a public IP address which has two DNS
pointers. The firewall forwards all necessary ports to the server.
According to that article, it states that the RPC Ping may have failed
because a Mutual Authentication failed because the subject on the
certificate did not match the expected subject. By default, the certificate
subject should match the published fully qualified domain name of the RPC
Proxy server.
Since this is a SBS box, I'm assuming that the RPC Proxy server is the SBS
box itself. However, since the server is not directly associated with any
DNS name on the Internet, should the certificate still have the external DNS
pointer which basically points at the firewall? Or should the certificate
have the internal FQDN?
Thanks again guys for all the good info.
"Ken F" <TechAdmin@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OraurXnPGHA.1216@xxxxxxxxxxxxxxxxxxxxxxx
Hey Stephen..I can relate.........your certificate should reference your
internet domain FQDN which it appears you have it set for mail.abcgc.com
Also, make sure your firwall is passing GRE protocols
Protocol: IP and the type is GRE (IP protocol 47)(note....this is not the
same as Port 47)
Also, make sure your clients install the certificate.......ou may want to
delete the current client cert and install the new one.....here is my
default list I use for SBS
TCP 25 This port is used for incoming SMTP traffic. If you are using POP3
connector, it's not necessary to open this port.
TCP 110 This port is used for POP3 mail clients. If there is no external
POP3 mail user, it's not necessary to open this port.
TCP 443 SSL for OWA, RWW sites
TCP 444 SSL for Companyweb
TCP 4125 Remote Web Workplace
TCP 3389 Terminal services
TCP 1723 PPTP VPN connection
GRE (protocol number 47)
Hope this helps
Ken
"Stephen Harrington" <stephen@xxxxxxxxx> wrote in message
news:%23xl6INhPGHA.3272@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for your reply.
Yes, I have already followed those steps numerous times to no avail.
I think my problem lies in one of two areas. First, since the SBS server
is NOT directly connected to the Internet with an Internet name
associated, I may have problems resolving to it. When you're doing the
certificate setup on the server, you are asked for the full name of the
server. For this server, it would be abcsrv.office.abcgc.com. However,
that is not viewable across the Internet. The firewall has the IP
address which is associated with office.abcgc.com and is setup to forward
the necessary services to the server or to other places on the network.
So, once again, I may be incorrect in what I have designated in the
certificate setup portion of the wizard.
The second area where the problem could be is the firewall itself. I've
forwarded 80 and 443 to the server. Perhaps something else is missing?
Thanks again.
""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:woC6YRcPGHA.4520@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Stephen,
Thank you for posting in SBS newsgroup.
From the description, I understand the issue to be: you can not
configure
RPC over HTTP and receive error 0x8004011D. If I have misunderstood your
concerns, please do not hesitate to let me know.
As I know, you need to specify office.abcgc.com for the certificate when
you run CEICW. And then please follow the steps below to install RPC
over
HTTP:
1. Open http://servername/remote on SBS and then click Configure Outlook
via the Internet.
2. Please closely follow the steps listed to configure the RPC over
HTTP.
Hope it helps.
I appreciate your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
corresponding
newsgroups so that they can be resolved in an efficient and timely
manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there
are
any updates in your thread. When responding to posts via your
newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
| From: "Stephen Harrington" <stephen@xxxxxxxxx>
| Subject: RPC over HTTP scenario
| Date: Wed, 1 Mar 2006 16:43:43 -0700
| Lines: 31
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <OLcebqYPGHA.3856@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: office.amnet.net 71.39.54.22
| Path: TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:248591
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I'm having some problems configuring a SBS 2003 server for RPC over
HTTP.
| Perhaps I'm missing something, or perhaps I have a scenario that's no
| described here.
|
| Let's say my customer is ABC General Contractors (fictional). They
are a
| small business. Here is their setup:
|
| Internet connection with a static IP address assigned to the WAN side
of
the
| firewall. --->
| WAN IP address has two names associated with it on the Internet,
| mail.abcgc.com and office.abcgc.com --->
| Server is named ABCSRV and has a private class IP address of
192.168.1.5.
| The internal domain is ALSO office.abcgc.com. Thus, the server's FQDN
is
| abcsrv.office.abcgc.com
|
| The firewall is setup to forward 443 and 80 to the server's internal
IP
| address. Users can access OWA by using
https://mail.abcgc.com/exchange
and
| https://office.abcgc.com/exchange and can successfully POP and use
SMTP
| through those two addresses.
|
| When we try to connect Outlook to the server, we receive error
0x8004011D.
|
| One item that's throwing me off is when doing the Internet Connection
| Wizard, what should I specify for the certificate when it asks for the
full
| server name? Should it be abcsrv.office.abcgc.com or just
office.abcgc.com?
| Could that be where my problem lies?
|
| I have yet to find information on getting this configured when the
server
| has a private class IP. Any suggestions on where to start?
|
|
|
.
- References:
- RPC over HTTP scenario
- From: Stephen Harrington
- RE: RPC over HTTP scenario
- From: "Crina Li"
- Re: RPC over HTTP scenario
- From: Stephen Harrington
- Re: RPC over HTTP scenario
- From: Ken F
- RPC over HTTP scenario
- Prev by Date: Re: RPC over HTTP scenario
- Next by Date: Re: RPC over HTTP scenario
- Previous by thread: Re: RPC over HTTP scenario
- Next by thread: Re: RPC over HTTP scenario
- Index(es):
Relevant Pages
|
