Re: SBS2003 Outlook HTTP/RPC not working

Dave,

Your telnet response is the same as mine. I have UDP on port 1182 as well,
but you don't mention any UDP ports.

Do you have rpc listening on any UDP ports?

After installing DNS fix 953230, did you set up the ReservedPorts per
956189? Susan Bradley also has a blog about it here
http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx

I am wondering if you just failed to mention UDP ports, or something is not
loading correctly.

I got curious as to what ports are used. I started out with everything but
the business web site selected in the CEICW, then I disabled "Outlook via
the Internet" in the CEICW and re-ran the netstat command. For TCP port 593,
the telnet result is identical to the enabled result. I also still have TCP
6001, 6002, 6004.

My ports do not seem to change, other than there being more in use without
the feature than with it, but that could be a quirk.

I wish I had a list of the ports used by that one function. Better yet, a
list of differences in IIS, etc, that are affected.

I'm sorry I could not help.

Gregg Hill


"Dave Cattley" <DaveCattley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EE6EF0F7-08AE-49E0-898D-9F9AAA3226F6@xxxxxxxxxxxxxxxx
Mr. Hill,

My answers are inline.

Thank you for your interest - morbid or otherwise :)

-dave


"Gregg Hill" wrote:

OK, I'll take a stab at it, if only out of morbid curiosity.

On your LAN, if you run the following at a command prompt, what is the
response?

telnet servername 593

[drc: TELNET displays the string

ncacn_http/1.0

and sits there.]



Now run the following at a command prompt on the SBS:

netstat -ano -b >netstat.txt

then search that file for "rpcss" and post any entries related to rpcss.
I
want to see what ports you have listening and compare them to a working
system.

[drc: The ports that RPCSS is listening on are....

TCP 0.0.0.0:135
TCP 0.0.0.0:593

STORE.EXE is listening on TCP 0.0.0.0:6001
MAD.EXE is listening on TCP 0.0.0.0:6002
LSASS.EXE is listening on TCP 0.0.0.0:6004

I think that covers all the relevant ports.
]

Gregg Hill


"Dave Cattley" <DaveCattley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0EFC1828-EF59-4915-8EF9-48E113450AF1@xxxxxxxxxxxxxxxx
Mr. Connor,
Please see my comments inline to your suggestions.
Regards,
-dave

"Les Connor" wrote:

Can we look at this in a bit more detail?

What is the name of the certificate (as generated by SBS)?
What is the URL you use to access /remote or /exchange?
[drc: These match correctly. OWA and RWW work fine.]

Have you tried this from the "inside out", to see where the point of
failure
might be? (below)
[drc: Yes. I have also collected detailed network traces, used RCP
diagnostic tools, and inspected IIS logs. They all point to a failure
on
the
part of the RPC/HTTP Proxy to communicate with the RPC endpoints on the
same
machine.]

If you configure a workstation on the *lan* to use Outlook RPC/HTTP,
does
it
work?
[drc: No. Outlook times out and uses RPC over TCP]

If it does, is it possible for you to connect that workstation
physically
between your SBS external NIC and your internet facing device - i.e. a
router port that's on the same subnet as the SBS external NIC, but not
fully
on the internet? Does it still work?

[drc: Indeed this is exactly how my test enviroment is setup. No, this
does
not work.]

--
Les Connor [SBS-MVP]


____________________________
"Dave Cattley" <DaveCattley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:07EB0114-58AC-440C-ADDA-36497256FB0B@xxxxxxxxxxxxxxxx


"SuperGumby [SBS MVP]" wrote:


There is a possibility that the problem exists due to DNS, what is
the
AD
DNS name please? (munge it if you like but please keep it
'substantially
correct').



The internal/external DNS has not changed across the
'works'->'doesn't
work'
event. None the less, in terms of what they are is essentially

internal: hostname.foobar.local
external: www.foobar.org

obviously i was not lucky enough to register foobar.org :)

And please don't think I don't appreciate your responses. I truly
do.
I
was somewhat surprised by the tenor of your first one given that (as
Susan
points out) this is a P2P community and not an advertising/referal
mechanism.

I also recognize that I can perform a 'server upgrade/migration'
(probably
using the swing kit) and start with a 'fresh' server configuration
and
retaining my data, etc.

Its just that even that is a monumental undertaking and it just
frustrates
me to think that entropy can creep to cause such a failure and the
tools
do
not exist to linearly validate each hop from
client->proxy->rpc-server
and
understand what is failing.

I am stymied by the result that the RPC diagnostic tools (RpcPing)
can
tell
me it recieves and error indicating the RPC server is not available
and
yet I
cannot determine from the RPC Proxy why it cannot communicate with
the
RPC
Server endpoint on the very same box. If there is some way to
expose
diagnostic information from the RPC Proxy, perhaps that would
explain
the
'last hop' of this problem.

Regards,
-dave








.

Relevant Pages

  • Re: R2 DFS Replication failing
    ... Disabled the firewall and everything started magically working.. ... BTW: Found out the RPC patch is this one: ... System service name: DfsApplication protocol Protocol Ports ... NetBIOS Session Service TCP 139 ...
    (microsoft.public.windows.server.general)
  • Re: Win32 The RPC server is unavailable
    ... WMI errors the seem to be RPC related. ... Usually RPC errors are due to name resolution or blocked ports. ... Microsoft MVP - Directory Services ... Instead of the website you're using, I suggest to use OEx (Outlook Express ...
    (microsoft.public.windows.server.networking)
  • Re: RPC ports over a firewall
    ... > 1) Does the RPC need to be restricted to a static port on ServerB as well ... you restrict RPC to a small number of ports. ... UDP 88 Kerberos Authentication ...
    (microsoft.public.windows.server.active_directory)
  • Re: dcpromo failed
    ... way to lock rpc down to specific ports and keep high ports turned off. ... MVP - Directory Services ... I disjoined the server from the domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Ports when used on DMZ
    ... When I was doing testing, the absolute minimum was - RPC with 1 static port, ... DNS (UDP only is sufficient if no long response is expected), ... > than likely your problem is with dynamic RPC in that you are finding ports ... > 1025-1030 being dropped by your firewall. ...
    (microsoft.public.security)