RE: Windows SBS 2003 and Outlook 2007 via RPC over HTTP

Hello Jim,

Thank you for posting here.

From your post, I understand that when attempting to use Outlook to connect
to SBS server via RPC over HTTPS, Error 0x8004011D is encountered.

Firstly I suggest you install following update to see if it helps:

Using Windows Vista and Outlook 2007 in a Windows Small Business Server
2003 Network:
http://www.microsoft.com/downloads/details.aspx?FamilyID=46e95c56-1a4c-45bd-
8d69-5f41ff8f1f22&DisplayLang=en

If it does not work, let's move on:

Suggestion 1: Check the Outlook settings:
=========================
Please logon to the Remote Web Workplace (https://serverFQDN/remote) as a
user from the remote client and look at the link for "Configure Outlook via
the Internet". Click "Configure Outlook via the Internet" and then the Web
page "Using Outlook via the Internet" will appear which has pretty much a
step by step list of instructions. If it tells you to use
"server.domain.local", use that. If it tells you to use
"server.domain.com", use that. Follow the steps exactly to configure the
Outlook for RPC over HTTP.

Suggestion 2: Please re-run the CEICW wizard to enable firewall and publish
the "Outlook Web Access", "Outlook via the internet", "Remote Web
Workspace" to internet. You can refer to the following steps:
========================
1. Expand Standard Management | To Do List.
2. Click Connect to the Internet in the right pane.
3. Navigate the wizard to Firewall and then select Enable firewall. In the
next page, make sure the E-mail item is checked in services configuration
page.
4. Click Next and then select Allow access to the following web site
services from the internet.
5. Make sure "Outlook Web Access", "Outlook via the internet", "Remote Web
Workspace" items are selected and select any additional services that you
require. click Next.
6. On the Web Server Certificate page, select the Web server certificate
type, and then click Next. You can choose to either install a new Web
server certificate or locate a third-party certificate.
7. The wizard automatically configures Exchange, IIS, and the RPC proxy
registry entries.

It is recommended that you refer to KB825763 to get more information about
configure SBS network connection:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Suggestion 3: Check ISA setting if it is installed
=============================
Moreover, if ISA is installed, it is necessary to make the following
changes in urlscan.ini (which is located in the
%SystemRoot%\system32\inetsrv\urlscan folder by default) in order for RPC
over HTTP to work:

[RequestLimits]
; The entries in this section impose limits on the length
; of allowed parts of requests reaching the server.
MaxAllowedContentLength=2000000000
MaxUrl=16384
MaxQueryString=4096

In addition, you need to add the following verbs to the Allow Verbs:

RPC_IN_DATA
RPC_OUT_DATA

After editing the ini file, restart IIS Admin Service and Microsoft ISA
Server Control services.

Reference:

823175 Fine-tuning and known issues when you use the Urlscan utility in an
Exchange 2003 environment
http://support.microsoft.com/?id=823175

Suggestion 4: Check IIS settings
=================
1. On the server open internet services manager, goto the properties of the
rpc virtual directory under the default website
2. CLick on the directory security tab, click on the edit button for secure
communications
3. Change the Client certificate section to "ignore client certificates"
4. Perform an iisreset

More information:

Troubleshooting RPC over HTTP Communications
http://technet.microsoft.com/en-us/library/bb124649.aspx

I hope the above information is helpful to you. However, if the issue
persists, please help me gather following information:

Test:
============
In order to verify whether the issue happens to the configuration of
Firewall, let's configure an Outlook workstation in LAN to have RPC over
HTTP connection.

We have the following concern regarding this test. Now the original
certificate is issued with FQDN name of Proxy Server. For testing purpose,
if you specify the FQDN name of Proxy Server when configuring Outlook
profile, the Outlook will have an Internet access and contact Firewall
first and then Proxy Server, it is the same as external access with the
same failure result. If you specify the NetBIOS name of Proxy name, you
will have an internal access; however since the server name of certificate
doesn't match NetBIOS name of Proxy Server, the authentication will fail
again. So after locating an Outlook workstation in LAN, please add an entry
in local HOST file with Public FQDN of RPC Proxy Server pointing to an
internal IP Address of RPC Proxy Server. And then please follow the link
below to configure profile for RPC/HTTP access on internal Outlook
workstation.

http://office.microsoft.com/en-us/assistance/HA011402731033.aspx

By default on a fast network, Outlook attempts to connect by using the LAN
connection first. On a slow network, Outlook attempts to connect by using
HTTP first. Please note you need to check "On fast networks, connect using
HTTP first, then connect use TCP/IP" option during configuration.

Please also let me know following information:

1. Does the issue occur with all the user accounts or the specific user
account?

2. If you try to connect via RPC over HTTPS on another computer, does the
issue happen?

3. If it is convenient for you, could you create a test account for me? So,
I could try to check if this is a client side issue. If possible, please
let me know the following information.

Public FQDN
Internal Domain Name
Test User account & Password

You may send the information to v-mzhuan@xxxxxxxxxxxxxx

4. Please collect the IIS log on SBS Server so that I can perform further
research:

1). On the Serves, open IIS MMC, right click Default Web Site and then
click Properties.
2). Click Website tab and then check Enable logging.
3). Stop the Default Website and RENAME the existing IIS log files under
C:\WINDOWS\system32\LogFiles\W3SVC1.
4). Restart the Default Website and reproduce the problem, which will
generate new IIS log file with the exact error.
5). Wait for a while so that IIS Log can be synced. And then go to the
following folder on Exchange Server: C:\WINDOWS\system32\LogFiles\W3SVC1.
6). Send me the log files to my working email address
v-mzhuan@xxxxxxxxxxxxxx And please let me know the alias of the user who
encountered the issue.

5. Please download the MPS Report tool from the following link and run it
on both the client workstation and the SBS server, then send the generated
CAB file to my mailbox v-mzhuan@xxxxxxxxxxxxx for further investigation so
that we can find what the root cause is:

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

For your information:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-
88B7-F9C79B7306C0&displaylang=en

Please try the above steps at your earliest convenience. If you have any
concern, please feel free to let me know.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Windows SBS 2003 and Outlook 2007 via RPC over HTTP
| thread-index: AchH+uC/KDc6l8HgT6iilXB6ejcvAQ==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?SmltQQ==?= <JimA@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Windows SBS 2003 and Outlook 2007 via RPC over HTTP
| Date: Wed, 26 Dec 2007 12:07:01 -0800
| Lines: 18
| Message-ID: <46241495-07B5-43A8-84C2-8257518C254F@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:83616
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have a lot of users connecting using outlook 2003 to SBS 2003 sp1
withtout
| issues. I purchased a new laptop that came with Office 2007 and I can
connect
| via a wired network connection, a wireless access point connection, but
not
| through the aircard that really needs to work (travelling user). The
aircard
| connects and I have gone through extensive diagnostics with AT&T without
| success.
|
| I came across some fixs for outlook 2007 but they haven't worked either.
| This is absolutelty driving me to drink. I've configured NTLM as I found
in
| KB article but it still keeps reporting "Error 0x8004011D server not
| available". It seems to be trying to connect but just can't. I did notice
| that there wasn't a Mutually authenticate selection anywhere.
|
| Any help is appreciated.
|
| Thanks.
| --
| Jim A.
|

.