RPC over HTTP Exchange 2003

I have an Exchange 2003 deployment and cannot get rpc over http to work. I have followed all of the mirosoft docs but it is not working. I can see the traffic coming in over the firewall. However the clients cannot connect. Are there any hotixes from microsoft that I need to add in to get this to work?


Solution 1:

If your client doesn't trust the certificate the website is using, it will silently drop the connection without even a hint there's some error.

Try connecting from that client to your Exchange's OWA: if Internet Explorer complains about an invalid certificate, that's your problem.

You can solve it by creating a valid certificate (if you have a certification authority available) or by importing the existing certificate in your client's machine store.

Solution 2:

I've recently deployed rpc over http in our environemnt. My first piece of advice is to assure you that black magic isn't required to make it work. The rpc over http feature works as advertised, is well documented and stable. There is no need for hotfixes or odd workarounds.

I think the first step to diagnosing your issue is to detail your deployment scenario. For instance is it a Front-End / Back-End architecture, are you offloading ssl, are you authencticating requests in the perimeter network, is there a locally connected global catalog serevr, etc. This will give clues to where it's failing down and I can detail a list of configuration steps to check.

If I had to guess where the issue(s) may lie it's in two areas - certifcates and authentication. As suggested by others on the certifcate front make sure you use valid and trusted certifcates on the rpc proxy and on the web publishing rule (if your using ISA or a similiar product).

On the authentication front Microsoft recommend you use 'Basic' authentication over SSL, especially if you are using ISA server for authentication. If you want to use NTLM authentication I believe ISA server can only pass through and not delegate authentcation credentials. This will be the case for many reverse proxy products. I recommend checking that authentication scheme you want to use is applied consistantly on your Front-End server and firewall.

For testing on the client side you can use a combination of registry keys and the command 'Outlook /rpcdiag" for force Outlook to connect via HTTP instead of TCP. Also the Exchange Server Remote Connectivity Analyser is a valuable diagnostic tool.

Solution 3:

Are you using https and a self signed certificate?

If so you will need to manually add it to the certificate stores on the client PCs. This can be done by running certmgr.msc and importing it into 'Trusted Root Certification Authorities'.