Re: RPC over HTTP

Hi Phil,

Thanks for your reply.

Please let me know the following:

1. Do you have ISA installed?

Please try the following:

Step 1: Please make a clean boot to make sure the problem is not caused
third party software:

1. Click Start->Run...->type msconfig and press Enter.
2. Click Services tab and select Hide All Microsoft Services and Disable
All third party Services.
3. Click Startup tab and Disable All startup items.
4. Click OK and choose Restart.
5. After reboot, check whether the problem still occurs.
6. If there are no more problems, please use the above steps to enable
services and startup items one by one in order to figure out the root cause
of this issue.

Step 2: Please confirm the configuration on the Outlook client. Let's check:

Please go to the remote client, logon and open the Outlook, click
Tools->E-mail Accounts. Click View or change existing e-mail accounts
option and click Next. Click the "Change" button, then click More Settings,
go to the Connection tab. Is the "Connect to my Exchange mailbox using
HTTP" option checked? Click the Exchange Proxy Settings button, under the
Proxy authentication settings option, is "Basic Authentication" option
selected?

If the problem persists, please help me collect the following information
for further research:

1. Please capture some screen shots of the error messages when you open
Outlook.

2. Please use RPCPing utility to check the communication. To do so, use the
following syntax:

"rpcping -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P
"user,domain,*" -I "user,domain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R
none" (without the quotation marks)

If the command is not completed, please let me know the exact error message.

Note: The RPC Ping Utility is part of the Microsoft Windows Server 2003
Resource Kit Tools. To download the Resource Kit, visit the following
Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-
96ee-b18c4790cffd&DisplayLang=en
(http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7
-96ee-b18c4790cffd&DisplayLang=en)

More info:

How to Use the RPC Ping Utility to Troubleshoot Connectivity Issues with
the Exchange Over the Internet Feature in Outlook 2003
http://support.microsoft.com/kb/831051

3. Please collect the IIS log and IIS metabase for analyze:

- To collect the IIS log on Server:

1). On Exchange Serves, open IIS MMC, right click Default Web Site and then
click Properties.
2). Click Website tab and then check Enable logging. And click Properties
button, please check all options under the Advanced tab.
3). Stop the Default Website and RENAME the existing IIS log files under
C:\WINDOWS\system32\LogFiles\W3SVC1.
4). Restart the Default Website and reproduce the problem, which will
generate new IIS log file with the exact error.
5). Wait for 15 minutes so that IIS Log can be synced. And then go to the
following folder on Exchange Server: C:\WINDOWS\system32\LogFiles\W3SVC1.
6). Send me the log files to my working email address
v-yanniw@xxxxxxxxxxxxxx And please let me know the alias of the user who
encountered the issue.

- To collect the IIS Metabase for analyze.

a. Download the IIS Resource Kit tools from the following page:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en
b. Install it, run MBExplorer (Metabase Explorer)
c. Right click the "LM" node and choose "Export to file".
d. Specify a file name, specify the password and finish the export.
e. Send the file and the password to me.

4. Collect the Exchange MPS Report

a. Please download the MPSRPT_Exchange.EXE from the following link and then
run this tool to gather some information from the problematic computer:
http://www.microsoft.com/downloads/details.aspx?familyid=cebf3c7c-7ca5-408f-
88b7-f9c79b7306c0&displaylang=en

b. Double-click on the MPSRPT_Exchange.EXE file.
[Note] This process may take some time; however, it will not have a
negative effect on the performance.

c. A CAB file will be generated in the
%systemroot%\MPSReports\Setup\Reports\Cab directory called
%COMPUTERNAME%_MPSReports.CAB. The CAB file will contain the reports
generated by the MPS Reporting Tool.

Please send the information to v-robeli@xxxxxxxxxxxxx with subject: RPC
over HTTP.

I am looking forward to hear from you.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Thread-Topic: RPC over HTTP
<thread-index: AcgAnEjUM8naXyZESWaLvBy7U5oZ6A==
<X-WBNR-Posting-Host: 207.46.193.207
<From: =?Utf-8?B?UGhpbFNjb3R0?= <PhilScott@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <D20F6A7C-2B17-478D-9D55-7163406855ED@xxxxxxxxxxxxx>
<1189589524.921572.15750@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<5C908891-8B45-40BE-B000-A3D7F18FB140@xxxxxxxxxxxxx>
<hZ6Tayb9HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<01929D75-1FD2-416A-AED2-1801505E72A8@xxxxxxxxxxxxx>
<aUIuPCs9HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<C97B748C-5586-497F-8BAC-D3AF0B2997A3@xxxxxxxxxxxxx>
<089D9CB8-08B9-44FC-8365-3F9D5DFB7C13@xxxxxxxxxxxxx>
<331A2AF1-E3F8-4ADF-8841-B39587ED3F91@xxxxxxxxxxxxx>
<2hcY4T$$HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<Subject: Re: RPC over HTTP
<Date: Wed, 26 Sep 2007 17:21:01 -0700
<Lines: 315
<Message-ID: <CFBD3817-736E-4472-B451-436AEEE8B4E4@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:65846
<NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Hi,
<
<I did follow all instructions as suggested.
<
<Also we do not receive a Certificate error when we visit the OWA webpage.
We
<always use the certified FQDN when accessing it.
<
<When I visit https://FQDN/rpc I do not receive a certificate error. I
simply
<receive the 403 error saying that it is Forbidden.
<
<Hope this helps!
<Phil
<
<"Robert Li [MSFT]" wrote:
<
<> Hi Phil,
<>
<> Thanks for your reply.
<>
<> First I need to double confirm you have ran the CEICW wizard to publish
<> Outlook via the Internet and fully followed the steps to configure RPC
over
<> Http for Outlook.
<>
<> Please let me know the following:
<>
<> Did you get the same certificate error visit OWA by the link
<> https:\\FQDN\exchange? If yes, please check the following:
<>
<> When the certificate error prompts, click View Certificate, you will see
<> Issued to item, such as mail.domain.com, please check if mail.domain.com
<> listed here is the same FQDN as when you visit OWA.
<>
<> From the Internet client, browse to https://FQDN/rpc. In order for RPC
over
<> HTTPs to work, you must be able to browse to this URL without getting a
<> popup warning about the certificate. You will receive the following
error
<> on the page:
<>
<> The page cannot be displayed
<> HTTP Error 403.2 - Forbidden: Read access is denied.
<> Internet Information Services (IIS)
<>
<> This is normal. The idea is to be able to get to that page without
getting
<> the popup warning about the certificate.
<>
<> I am looking forward to hear from you.
<>
<>
<> Best regards,
<>
<> Robert Li(MSFT)
<>
<> Microsoft CSS Online Newsgroup Support
<>
<> Get Secure! - www.microsoft.com/security
<>
<> =====================================================
<>
<> This newsgroup only focuses on SBS technical issues. If you have issues
<> regarding other Microsoft products, you'd better post in the
corresponding
<> newsgroups so that they can be resolved in an efficient and timely
manner.
<> You can locate the newsgroup here:
<> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<>
<> When opening a new thread via the web interface, we recommend you check
the
<> "Notify me of replies" box to receive e-mail notifications when there
are
<> any updates in your thread. When responding to posts via your
newsreader,
<> please "Reply to Group" so that others may learn and benefit from your
<> issue.
<>
<> Microsoft engineers can only focus on one issue per thread. Although we
<> provide other information for your reference, we recommend you post
<> different incidents in different threads to keep the thread clean. In
doing
<> so, it will ensure your issues are resolved in a timely manner.
<>
<> For urgent issues, you may want to contact Microsoft CSS directly.
Please
<> check http://support.microsoft.com for regional support phone numbers.
<>
<> Any input or comments in this thread are highly appreciated.
<>
<> =====================================================
<>
<> This posting is provided "AS IS" with no warranties, and confers no
rights.
<>
<> --------------------
<> <Thread-Topic: RPC over HTTP
<> <thread-index: Acf/yXojg4PBmqvuTNKQDKCAyN8XGg==
<> <X-WBNR-Posting-Host: 207.46.19.168
<> <From: =?Utf-8?B?UGhpbFNjb3R0?= <PhilScott@xxxxxxxxxxxxxxxxxxxxxxxxx>
<> <References: <D20F6A7C-2B17-478D-9D55-7163406855ED@xxxxxxxxxxxxx>
<> <1189589524.921572.15750@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<> <5C908891-8B45-40BE-B000-A3D7F18FB140@xxxxxxxxxxxxx>
<> <hZ6Tayb9HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<> <01929D75-1FD2-416A-AED2-1801505E72A8@xxxxxxxxxxxxx>
<> <aUIuPCs9HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<> <C97B748C-5586-497F-8BAC-D3AF0B2997A3@xxxxxxxxxxxxx>
<> <089D9CB8-08B9-44FC-8365-3F9D5DFB7C13@xxxxxxxxxxxxx>
<> <Subject: Re: RPC over HTTP
<> <Date: Tue, 25 Sep 2007 16:12:00 -0700
<> <Lines: 314
<> <Message-ID: <331A2AF1-E3F8-4ADF-8841-B39587ED3F91@xxxxxxxxxxxxx>
<> <MIME-Version: 1.0
<> <Content-Type: text/plain;
<> < charset="Utf-8"
<> <Content-Transfer-Encoding: 7bit
<> <X-Newsreader: Microsoft CDO for Windows 2000
<> <Content-Class: urn:content-classes:message
<> <Importance: normal
<> <Priority: normal
<> <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
<> <Newsgroups: microsoft.public.windows.server.sbs
<> <Path: TK2MSFTNGHUB02.phx.gbl
<> <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:65594
<> <NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<> <X-Tomcat-NG: microsoft.public.windows.server.sbs
<> <
<> <Hi,
<> <
<> <We have already set up Outlook Web Access and purchase a SSL
Certificate
<> <from Comodo. So this should not be a problem.
<> <
<> <I have also set up RPC over HTTP but the outlook client is still not
<> <connecting. I have used the "outlook.exe /rpcdiag" to see if it uses
the
<> HTTP
<> <but it never connects.
<> <
<> <How can I test where the issue is? It obviously could be anything from
our
<> <firewall through to the exchange server. Is there a way I can break
each
<> <level down to try and troubleshoot the issue?
<> <"Patrick" wrote:
<> <
<> <> Phil,
<> <> rpc over http requires a valid SSL certificate that matches your
<> servers
<> <> public DNS name. That's the same name that will go in the URL field
for
<> the
<> <> Exchange proxy section in your Outlook configuration per previous
<> <> instructions. You can rerun the CEIW and reissue a certificate from
the
<> <> server pretty easily. Since it's not a "trusted authority", you will
<> need to
<> <> install it on the client computer first. Those instructions are also
on
<> the
<> <> top of the document Configuring Outlook for Internet Email. make
sure
<> you
<> <> redirect port 443 to your server from the outside, too.
<> <>
<> <> Patrick
<> <>
<> <>
<> <> "PhilScott" wrote:
<> <>
<> <> > Hi,
<> <> >
<> <> > I have followed these instructions, but I am still unable to access
<> the
<> <> > https://ourservername/remote. I get a certificate error and then
<> receive a
<> <> > HTTP 403 error. Are there any other ways of configuring the RPC
over
<> HTTP?
<> <> >
<> <> > Phil
<> <> >
<> <> >
<> <> > "Robert Li [MSFT]" wrote:
<> <> >
<> <> > > Hi Phil,
<> <> > >
<> <> > > Thanks for your reply.
<> <> > >
<> <> > > I will help you with the PRC over Http issue in this thread. For
the
<> RWW
<> <> > > issue, a suggestion is to open a new thread in our newsgroup.
Thanks
<> for
<> <> > > your understanding.
<> <> > >
<> <> > > However, I'd like to give you some suggestions here:
<> <> > >
<> <> > > By default, RWW is installed automatically when running the SBS
<> integrated
<> <> > > setup. There is virtual directory named Remote under Default
Website
<> in
<> <> > > IIS, please have a check.
<> <> > >
<> <> > > Please check the following steps to see if RWW can work again.
<> <> > >
<> <> > > Step 1: Please rerun the CEICW, this helps us to configure
network
<> and IIS
<> <> > > correctly:
<> <> > >
<> <> > > 1. Click Start, click Server Management. Click To Do List and
then
<> click
<> <> > > "Connect to the Internet". Click Next, and go through the
Internet
<> option.
<> <> > > 2. Select Enable firewall and click Next.
<> <> > > 3. On the Web Services Configuration page shows, make sure Remote
<> Work
<> <> > > Webplace is selected. Click Next.
<> <> > > Note: You can select other items according to your needs, for
<> example:
<> <> > > Outlook Web Access, Business Website (wwwroot) and so on.
<> <> > > 4. On the Web Server Certificate page shows. Select "Create a new
<> Web
<> <> > > server certificate", and type your FQDN (mail.domain.com) in the
<> "Web
<> <> > > server name" text box. Click Next.
<> <> > >
<> <> > > IMPORTANT: The FQDN that you type in the "Web server name" box
must
<> be the
<> <> > > same name that you use to connect to the Web site from the
Internet.
<> For
<> <> > > example, if the URL that you use to connect to the RWW is
<> <> > > https://server.contoso.com/remote, type "server.contoso.com"
<> (without the
<> <> > > quotation marks) in the "Web server name" box. If you use
<> <> > > http://ipaddress/remote to access RWW, type the public IP address
in
<> the
<> <> > > "Web server name".
<> <> > >
<> <> > > 5. Go through the steps to finish the wizard.
<> <> > >
<> <> > > More info:
<> <> > > 825763 How to configure Internet access in Windows Small Business
<> Server
<> <> > > 2003
<> <> > > http://support.microsoft.com/?id=825763
<> <> > >
<> <> > > Step 2: This may be caused by incorrect IIS setting, please have
a
<> check:
<> <> > >
<> <> > > 1. Open IIS snap-in.
<> <> > > 2. Go to Default Web Site/Remote
<> <> > > 3. Right click Remote and click Properties.
<> <> > > 4. Click Virtual Directory tab.
<> <> > > 5. Please ensure you have input proper Local Path
<> (C:\Inetpub\remote) and
<> <> > > also ensure the checkbox of Read, Log Visit and Index this
resource
<> are
<> <> > > checked.
<> <> > > And also ensure Application Settings as follows:
<> <> > > --Application Name: Remote
<> <> > > --Execute Permissions: Script only
<> <> > > --Application Pool: DefaultAppPool
<> <> > > 6. Click Directory Security tab.
<> <> > > 7. Click Edit under "Authentication and access control".
<> <> > > 8. Make sure that the option "Integrated Windows Authentication"
and
<> Enable
<> <> > > anonymous access are checked.
<> <> > > 9. Click Edit under "IP address and domain name restriction".
<> <> > > 10. Make sure that "Granted access" has been selected.
<> <> > > 11. Click Edit under "Secure communications".
<> <> > > 12. Make sure that "Require secure channel (SSL)" is checked.
<> <> > > 13. On the ASP.NET tab, ensure version is 1.1.4322.
<> <> > >
<> <> > > Hope this helps.
<> <> > >
<> <> > > If you need further assistance, please don't hesitate to let me
<> know.
<> <> > >
<> <> > > Best regards,
<> <> > >
<> <> > > Robert Li(MSFT)
<> <> > >
<> <> > > Microsoft CSS Online Newsgroup Support
<> <> > >
<> <> > > Get Secure! - www.microsoft.com/security
<> <> > >
<> <> > > =====================================================
<> <> > >
<> <> > > This newsgroup only focuses on SBS technical issues. If you have
<> issues
<> <> > > regarding other Microsoft products, you'd better post in the
<> corresponding
<> <> > > newsgroups so that they can be resolved in an efficient and
timely
<> manner.
<> <> > > You can locate the newsgroup here:
<> <> > > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<> <> > >
<> <> > > When opening a new thread via the web interface, we recommend you
<> check the
<> <> > > "Notify me of replies" box to receive e-mail notifications when
<> there are
<> <> > > any updates in your thread. When responding to posts via your
<> newsreader,
<> <> > > please "Reply to Group" so that others may learn and benefit from
<> your
<> <> > > issue.
<> <> > >
<> <> > > Microsoft engineers can only focus on one issue per thread.
Although
<> we
<> <> > > provide other information for your reference, we recommend you
post
<> <> > > different incidents in different threads to keep the thread
clean.
<> In doing
<> <> > > so, it will ensure your issues are resolved in a timely manner.
<> <> > >
<> <> > > For urgent issues, you may want to contact Microsoft CSS
directly.
<> Please
<> <> > > check http://support.microsoft.com for regional support phone
<> numbers.
<> <> > >
<> <> > > Any input or comments in this thread are highly appreciated.
<> <> > >
<> <> > > =====================================================
<> <> > >
<> <> > > This posting is provided "AS IS" with no warranties, and confers
no
<> rights.
<> <> > >
<> <> > > --------------------
<> <> > > <Thread-Topic: RPC over HTTP
<> <> > > <thread-index: Acf2n/GSYBwaYqF/R2+tEDZw9xEPUQ==
<> <> > > <X-WBNR-Posting-Host: 207.46.192.207
<> <> > > <From: =?Utf-8?B?UGhpbFNjb3R0?=
<PhilScott@xxxxxxxxxxxxxxxxxxxxxxxxx>
<> <> > > <References:
<D20F6A7C-2B17-478D-9D55-7163406855ED@xxxxxxxxxxxxx>
<> <> > > <1189589524.921572.15750@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<> <> > > <5C908891-8B45-40BE-B000-A3D7F18FB140@xxxxxxxxxxxxx>
<> <> > > <hZ6Tayb9HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<> <> > > <Subject: Re: RPC over HTTP
<

.

Quantcast