RE: Outlook HTTPS over RPC error - Inconsistent users



Hi,

Thanks for your post.

If the clients are using Outlook with PRC over HTTP and issue ONLY occurs
to some of new users NOT all clients/Users, then it should be a client
issue which means it might be a client Outlook configuration or workstation
network connection or client authentication issue.

Sometimes, Outlook 2003 clients fail to connect to Exchange 2003 using RPC
over HTTPS because there is a problem with the certificate assigned to the
destination website. When you connect to an Outlook Web Access website if
there is a problem with the certificate you will receive a pop up box
informing you of what the problem is. With RPC over HTTPS no such pop up
box appears and the connection to the Exchange server fails.

One of the most common explanations for the inability of client PCs to
reach Exchange 2003 Server when using Microsoft Outlook 2003 with RPC over
HTTPS is that the certificate is invalid for one of three common reasons:

1. The certificate name does not match the Internet FQDN of the server
being accessed. For example, the certificate is issued to
"server.domain.local" and the network administrators have published the
site as "webmail.domain.com";
2. The certificate root authority is not trusted by the workstation being
used;
3. The certificate has expired;

Suggestions:

1. Ensure that the certificate shows the correct name. Even if your local
Active Directory domain is "domain.local" you can still generate a Windows
Certificate Authority certificate for "webmail.domain.com" by following the
wizard within IIS Manager.

2. Ensure that the root certificate exists in the "Trusted Root
Certification Authorities" folder on the local PC. The server certificate
does not necessarily have to be imported to the PC but the PC must trust
the root authority. Those PCs that are part of an Active Directory domain
should trust the root certificate as a matter of course but RPC over HTTPS
could just as easily be used by home PCs and PCs that are not part of the
corporate Active Directory forest.

3. Ensure that the certificate remains in date and that network
administrators renew the certificate before expiry.

4. In IIS the properties of the RPC virtual directory => Directory Security
tab, make sure it is set as "ignore client certificates".

5. Reran the CEICW wizard on the SBS server and make sure the created
certificate is correct which the RPC virtual directory uses.

6. Reconfigure the Outlook profile to use RPC over HTTP connection, follow
the instructions in below articles.

Now, please use Outlook /rpcdiag switch to open Outlook in Run box. Please
see in the popup window, if the client can connect to your GC and Exchange
server using HTTPS type.

More related information, please see:

To use Outlook 2003 RPC over HTTPS your client PCs must trust the root
certificate
http://support.microsoft.com/kb/555261/en-us

Troubleshooting RPC over HTTP Communications
http://technet.microsoft.com/en-us/library/bb124649(EXCHG.65).aspx

How can I configure Outlook 2003 to use RPC over HTTP/S?
http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm

How can I configure RPC over HTTP/S on Exchange 2003 (single server
scenario)?
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm

How can I test RPC over HTTP/S on Exchange 2003?
http://www.petri.co.il/testing_rpc_over_http_connection.htm

Exchange Server - Remote Connectivity Analyzer
http://www.testexchangeconnectivity.com

Hope this helps.



Best regards,
Robbin Meng(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages
Loading