+ Reply to Thread
Results 1 to 9 of 9
  1. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #1

    Default Exchange 2K3 - RPC over HTTP

    Hey guys,

    I've been working on setting up RPC over HTTP off an on for about a month and I just can't seem to get it to work? Does anyone have any experience in this sort of thing?

    I've gone through all the steps here How to Deploy RPC over HTTP for the First Time on Exchange Server 2003 SP1 (Front-End/Back-End Scenario) but have had no luck. We do have a Front-End/Back-End setup and it appears that everything starts out correctly but it just fails.

    Outlook /rpcdiag shows it connecting to the Front-End server and then it starts to reference a Global Catalog but immediately fails. It never even shows whether it's connecting via TCP/IP or HTTP.

    The one thing to note is before I became the Administrator at my company, the former admin really screwed with the applications and some things just don't work anymore. It's possible that I just need to reset something but I'm not sure what it is, any ideas?

    I'm at the point where I'll probably just bring in a consultant if I can't get this stinking thing working.
    Reply With Quote Quote  

  2. SS -->
  3. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,088

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #2
    Is the authentication on the Outlook client set correctly (Basic vs. NTLM)?
    IT guy since 12/00

    Recent: 3/22/2017 - Passed Microsoft 70-412; 2/11/2017 - Completed VCP6-DCV (passed 2V0-621)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), more Linux, AWS Solution Architect (Associate)
    Thinking about: VCP6-CMA, MCSA 2016, Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  4. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #3
    It is set for Basic Authentication on the FE server but your question made me wonder if it was setup on the BE... it wasn't. I changed the RPC virtual directory to Basic Authentication (from Anon & Integrated), rran iisreset............still no go.

    RPCDiag shows it connecting to my internal, BE mail server with a 'Referral' Type and then it switches to a GC with a 'Directory' type and immediately thereafter it goes to Status 'Disconnected.'

    Ugh.

    Oh, and yes it's set correctly on the Client as Basic Authentication.
    Last edited by genXrcist; 03-22-2010 at 02:49 AM.
    Reply With Quote Quote  

  5. Member
    Join Date
    Nov 2008
    Location
    Surrey, UK
    Posts
    43

    Certifications
    MCSE:W2K, MCTS:E2K10, CCNA, CNE
    #4
    Sounds like it maybe a problem with the servers/ports listed on the FE server's HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy key. Or maybe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NTDS\Parameters on the DC/GC is set wrong. Or maybe one of the required ports isn't open between the FE and the BE or the FE and the GC...
    Reply With Quote Quote  

  6. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #5
    Quote Originally Posted by GrayhenTor View Post
    Sounds like it maybe a problem with the servers/ports listed on the FE server's HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy key. Or maybe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NTDS\Parameters on the DC/GC is set wrong. Or maybe one of the required ports isn't open between the FE and the BE or the FE and the GC...
    Thanks for the reply Grayhentor but unfortunately, those keys are correct. When you say the required ports between the FE & the BE, what ports might those be?
    Reply With Quote Quote  

  7. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #6
    Quote Originally Posted by genXrcist View Post
    what ports might those be?
    tcp/6001 (Information Store), tcp/6002 (Directory Referral) and tcp/6004 (DSProxy/NSPI)
    Reply With Quote Quote  

  8. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #7
    Quote Originally Posted by astorrs View Post
    tcp/6001 (Information Store), tcp/6002 (Directory Referral) and tcp/6004 (DSProxy/NSPI)
    These are the ports the BE server needs open, correct? Neither of the FE/BE servers are DC's so if I understood the articles correctly, the FE server doesn't require any sort of Registry editing, simply making it a FE server opens the correct ports.

    I don't think the issue lies between the FE/BE servers because the BE server prompts me to authenticate. The failure occurs when the 'Referral' process begins. This would lead me to believe port 6002 needs to be opened on the GC's but I've found no documenation that states this.

    Thoughts?
    Reply With Quote Quote  

  9. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #8
    I was wrong, the issue did lie between the BE & the FE... but not the way I thought. I got tired of the problem so I just called a local 3rd party Support helpdesk and this is what we discovered.

    When attempting to go to https://localhost/rpc we got 401.1 errors, which deals with invalid credentials. We should have gotten 403 errors. Anyway, after looking at the permissions of the FE RPC virtual directory on a working Exchange server w/RPCoverHTTP we discovered that we needed the Scripts & Executables option selected, not just the Scripts option. After making this change, voila. HTTPS connection were made when running outlook /rpcdiag!

    Yet another piece of my former manager's legacy left behind. He made changes in IIS like this all the time and never changed them back nor documented the changes he made.

    UGH!

    Thanks for the help guys!
    Last edited by genXrcist; 03-31-2010 at 02:13 AM.
    Reply With Quote Quote  

  10. Member
    Join Date
    Nov 2008
    Location
    Surrey, UK
    Posts
    43

    Certifications
    MCSE:W2K, MCTS:E2K10, CCNA, CNE
    #9
    Great that you got it solved! I'd never have thought of checking that setting in IIS. I don't remember it being mentioned in the Technet link either .. but then I was half a sleep when I read through that.

    Hope that you don't find too many more gremlins left by your predecessor!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks