none
How to fix RPC over HTTPS problem RRS feed

  • Question

  • Hello,

      I have been ove the forum and web searching for a solution.  We are running SBS 2003 which means exchange 2003 and we cannot get the system to pass the connectivity tester at https://www.testexchangeconnectivity.com.  It passes all steps except the last one, here is the output

    Testing RPC/HTTP connectivity.
      The RPC/HTTP test failed.
     
    Test Steps
     
    Attempting to resolve the host name mail.lotmanagement.com in DNS.
      The host name resolved successfully.
     
    Additional Details
      IP addresses returned: 66.181.7.163
    Testing TCP port 443 on host mail.lotmanagement.com to ensure it's listening and open.
      The port was opened successfully.
    Testing the SSL certificate to make sure it's valid.
      The certificate passed all validation requirements.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.lotmanagement.com on port 443.
      The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
     
    Additional Details
      Remote Certificate Subject: CN=mail.lotmanagement.com, OU=PositiveSSL, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
    Validating the certificate name.
      The certificate name was validated successfully.
     
    Additional Details
      Host name mail.lotmanagement.com was found in the Certificate Subject Common name.
    Certificate trust is being validated.
      The certificate is trusted and all certificates are present in the chain.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.lotmanagement.com, OU=PositiveSSL, OU=Domain Control Validated.
      One or more certificate chains were constructed successfully.
     
    Additional Details
      A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
      Potential compatibility problems were identified with some versions of Windows.
     
    Additional Details
      The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Testing the certificate date to confirm the certificate is valid.
      Date validation passed. The certificate hasn't expired.
     
    Additional Details
      The certificate is valid. NotBefore = 9/18/2013 12:00:00 AM, NotAfter = 9/18/2014 11:59:59 PM
    Checking the IIS configuration for client certificate authentication.
      Client certificate authentication wasn't detected.
     
    Additional Details
      Accept/Require Client Certificates isn't configured.
    Testing HTTP Authentication Methods for URL https://mail.lotmanagement.com/rpc/rpcproxy.dll?rciserver.rcidomain.loc:6002.
      The HTTP authentication methods are correct.
     
    Additional Details
      The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLM
    Testing SSL mutual authentication with the RPC proxy server.
      Mutual authentication was verified successfully.
     
    Additional Details
      Certificate common name mail.lotmanagement.com matches msstd:mail.lotmanagement.com.
    Attempting to ping RPC proxy mail.lotmanagement.com.
      RPC Proxy was pinged successfully.
     
    Additional Details
      Completed with HTTP status 200 - OK
    Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server rciserver.rcidomain.loc.
      The attempt to ping the endpoint failed.
     
    Additional Details
     

    An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled

     We have checked the regisery, we can telnet to all the ports listed in the registry (593, 6001, 6002, 6004) from both inside and out side the network, IPv 6 is not installed so that is not an issue.  any other ideas?

    TIA,

    Jim

    Friday, September 20, 2013 8:15 PM

All replies

  • Are you able to connect to RPC over HTTPS from within the network?

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, September 21, 2013 12:12 AM
    Moderator
  •   Yep.  Very odd.  Mobile devices work fine as well.

    TIA,

    Jim

    <object height="1" id="plugin0" style=";z-index:1000;" type="application/x-dgnria" width="1"><param name="tabId" value="{3ECB96BE-5FB5-4DA0-A209-F5347ED3C817}" /></object>
    Saturday, September 21, 2013 1:07 AM
  • Mobile devices don't use that, so that's no surprise.

    What piqued my interest was that hostname, it's an internal unroutable hostname, rciserver.rcidomain.loc.  I'm not sure whether that's supposed to be set that way.

    This is one of those reasons that I preach using split-brain DNS and the same domains both inside and on the Internet.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, September 21, 2013 1:24 AM
    Moderator
  • <object height="1" id="plugin0" style=";z-index:1000;" type="application/x-dgnria" width="1"><param name="tabId" value="{3ECB96BE-5FB5-4DA0-A209-F5347ED3C817}" /></object>

    Ed,

      I have followed you for years, glad its you.  We don't have a split brain DNS.  The SSL Cert and all pass.  Should I create another DNS zone and provide another name with a .com address? 

    Jim

    Saturday, September 21, 2013 1:44 AM
  •   Almost forgot.  that code 1818 breaks down to a timeout as far as I can tell.

    Jim

    Saturday, September 21, 2013 1:45 AM
  • Honestly, I don't know if that's the issue.  It's been so long since I've configured RPC over HTTPs on Exchange 2003 that I don't remember.  I'd recommend that you go through some of the Internet tutorials on configuring that and verify that yours is set up right.

    Here's one I found--I like Daniel's website:

    http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

    Make sure your certificate isn't expired.  Make sure all services are running.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, September 21, 2013 2:02 AM
    Moderator
  •   That s the problem for me too.  Thanks for all the help over the years.  I will look at the like and let you know.

    Thanks again

    Jim

    <object height="1" id="plugin0" style=";z-index:1000;" type="application/x-dgnria" width="1"><param name="tabId" value="{3ECB96BE-5FB5-4DA0-A209-F5347ED3C817}" /></object>
    Saturday, September 21, 2013 2:38 AM
  •   Ok, followed the article and same problem. Iwas wondering if anyone know of a good article to remove and reinstall Outlook Anywhere on SBS 2003.

    TIA,

    Jim

    Monday, September 23, 2013 9:19 PM
  •   Cert is good and all services are running.

    Jim

    Monday, September 23, 2013 9:20 PM
  • Hi,

    Except checking the configuration of RPC over HTTPS as the article Ed gave,we can also check the RpcProxy Valid Ports:

    1. On the RPC proxy server, start Registry Editor (Regedit).
    2. In the console tree, locate the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
    3. In the details pane, right-click the ValidPorts subkey, and then click Modify.
    4. In Edit String, in the Value data box, type the following information:
        ExchangeServer :6001-6002; ExchangeServerFQDN :6001-6002; ExchangeServer :6004;                        ExchangeServerFQDN :6004

    Note:
    ExchangeServer is the NetBIOS name of your Exchange server.
    ExchangeServerFQDN is the fully qualified domain name (FQDN) of your Exchange server. If the FQDN that is used to access the server from the Internet differs from the internal FQDN, you must use the internal FQDN.

    http://technet.microsoft.com/en-us/library/aa998910(v=EXCHG.65).aspx

    And here is a reference about How to configure RPC over HTTP in Exchange Server 2003:

    http://support.microsoft.com/kb/833401


    If you have any question, please feel free to let me know.
    Thanks,
    Angela Shi

     

    Tuesday, September 24, 2013 3:33 AM
    Moderator
  • Angela,

      Checked all that and they are good.  Finally decided to open a case with MS.  We spent about 4 hours with no resolution.  They had me run some diags and send the result.  I will let you know how things go.

    Jim

    Tuesday, September 24, 2013 2:26 PM