none
outlook 2003 經過多次測試,仍然無法使用透過網際網路連線 Exchange連線exchange2003

    問題

  • 先介紹我的環境:
    1.DC有兩台,其中有一台GC,都不是exchange server,系統都為server 2003 SBE
    2.目前除了公司內部的Exchange正常收發外,OWA是提供http的模式,沒有提供https模式,也是正常運作。
    3.公司內部為 mail.xxxx.com.tw郵件主機,外部則是用 mail.xxxx.tw連線,前者網址在外部無法使用。公司沒有設定proxy server。
    4.公司有使用push mail,在IIS的active sync 目錄,則是有選用https的機制,且在此exchange該主機有設定且發行CA憑證,公司的push mail手機都能正常透過https收到push mail。連線 https://mail.xxxx.tw 正常。CA也是設定mail.xxxx.tw
    5.RPC over http元件已經安裝,服務有啟動,且在IIS rpc資料夾有設定基本驗證(因為主要的預設網頁層級不是這項設定,所以套用到上層的設定不一樣,所以用手動設定),憑證也是與上面的相同。
    6.公司防火牆有開通443  80  pop3與smtp給exchange主機,外部dns主機也是設定在exchange該主機上。防火牆外有頻寬管理器,也對應到相同的Port透過固定IP對外提供服務。

    目前,由查詢先前的人提過的問題,也都是參考微軟官方網站設定,outlook2003還是會一直跳出登入帳號驗證的訊息,無法完成,且經過很多次登入訊息後,最後顯示[無法完成此動作,無法連線到microsoft exchanger server ,要完成此動作,outlook必須要在連線狀態]的訊息,按下確定,會出現要您[檢查名稱]。更正一下,此訊息是當我有勾選rpc的[整合式windows驗證]會出現,如果只勾[基本驗證],打開outlook則只是一直跳login畫面,沒完沒了。
    所有的[透過網際網路連線 Exchange]選項都有交叉測試過,RPC-HTTP後端伺服器與exchange所管理的RPT-http...,都沒有成功過,請前輩幫忙確認一下問題到底在哪裡。總覺得應該跟push mail一樣容易,就是設定不出來。謝謝

    先前查到的訊息:Jammy羅濟棠

    1. 在控制台新增RPC over HTTP元件
    2. 打開Exchange IIS管理員,找到Default Web site右鍵內容目錄安全性申請CA憑證
    3. FQDN輸入與使用者在Internet要輸入的FQDN一致
    4. 設定需要使用必須使用安全通道 (SSL)] 核取方塊以及 [需要 128 位元加密]
    5. 找到Exadmin右鍵內容目錄安全性將必須使用安全通道 (SSL)] 核取方塊以及 [需要 128 位元加密]兩項的勾取消
    6. 重新啟動IIS
    7. 打開ESM\Server\Server name右鍵內容RPC-HTTP[RPC-HTTP 後端伺服器]
    8. GC/Exchange重開機


    目前測試的Web log訊息如下
    2008-03-19 07:03:52 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:6002 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:03:52 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:6002 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:03:52 192.168.100.11 RPC_OUT_DATA /rpc/rpcproxy.dll mail.xxxx.tw:6002 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:03:52 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:593 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:03:53 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:593 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:03:53 192.168.100.11 RPC_OUT_DATA /rpc/rpcproxy.dll mail.xxxx.tw:593 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:04:14 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:6004 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:04:15 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:6004 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:04:15 192.168.100.11 RPC_OUT_DATA /rpc/rpcproxy.dll mail.xxxx.tw:6004 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:04:17 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:593 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:04:17 192.168.100.11 RPC_IN_DATA /rpc/rpcproxy.dll mail.xxxx.tw:593 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0
    2008-03-19 07:04:17 192.168.100.11 RPC_OUT_DATA /rpc/rpcproxy.dll mail.xxxx.tw:593 443 xxxx\jaxxxx 124.10.93.146 MSRPC 200 0 0

    2008年3月19日 上午 07:57

解答

  • DC上設定

    必須是Windows Server 2003
    通用類別目錄伺服器(GC)及網域控制站(DC)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
    數值名稱:NSPI interface protocol sequences
     數值資料:ncacn_http:6004
    重新開機 

    Exchange 設定

    To configure an Exchange Server 2003 SP1 single-server installation to use RPC over HTTP

    1.       In Exchange System Manager, expand Administrative Groups, and then expand the Administrative Group that contains your Exchange server.

    2.       Expand the Servers object, right-click the Exchange server you want to set as the RPC proxy server, and then select Properties.

    3.       On the Exchange Server Properties page, click the RPC-HTTP tab, and then select the option next to RPC-HTTP back-end server.

    4.       Click OK.

    5.       The following dialog box appears informing you that you do not have an Exchange front-end server in your organization. Click OK to close this dialog box.

     

    After you click OK on this dialog box, you will receive another message indicating that you can allow Exchange to configure your ports automatically to use RPC over HTTP. Click OK to allow Exchange to do this automatically.

     

    6.       Restart this computer.

    To configure the RPC over HTTP virtual directory

    1.       Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    2.       In Internet Information Services (IIS) Manager, in the console tree, expand the server you want, expand Web Sites, expand Default Web Site, right-click the RPC virtual directory, and then click Properties.

    3.       In RPC Virtual Directory Properties page, on the Directory Security tab, in the Authentication and access control pane, click Edit.

    4.       On the Authentication Methods window, verify that the check box next to Enable anonymous access is cleared.

    Note   RPC over HTTP does not allow anonymous access by default despite what the user interface shows.

    5.       On the Authentication Methods window, under Authenticated access, select the check box next to Basic authentication (password is sent in clear text), and ensure the check box next to Integrated Windows authentication (NTLM) is checked, and then click OK.

    6.       To save your settings, click Apply, and then click OK.

    7.       Ensure that you have a valid SSL certificate installed on the virtual server

     

    Your RPC virtual directory is now ready to use Basic and NTLM authentication.

    To configure the RPC proxy server to use specified ports for RPC over HTTP

    The following ports are required for RPC over HTTP.

     

    Table 1   Required ports for RPC over HTTP

    Server

    Ports (Services)

    Exchange back-end server

    6001 (store)

    6002 (DSReferral)

    6004 (DSProxy)

     

    1.       On the Exchange proxy server, start Registry Editor (regedit).

    2.       In the console tree, locate the following registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

    3.       In the details pane, right-click the ValidPorts subkey, and then click Modify.

    4.       In Edit String, in the Value data box, type the following information:

    ExchangeServer:6001-6002;ExchangeServerFQDN:6001-6002;ExchangeServer:6004;ExchangeServerFQDN:6004;

    ·         ExchangeServer is the NetBIOS name of your Exchange server.

    ·         ExchangeServerFQDN is the fully qualified domain name (FQDN) of your Exchange server.

    Your Exchange server is now set up to act as both a back-end mailbox and an RPC over HTTP proxy server.

    2008年3月20日 上午 09:02
    版主
  • 各位前輩,很感謝各位的幫忙,今天一早就測試出來了,我的相關記錄如下:
    1. ValidPorts,在參考相關文件後,確認其中的FQDN,如果公司有分內外部FQDN,必須是設定公司的內部FQDN,也就是mail.xxxx.com.tw,而非外部FQDN      mail.xxxx.tw
    2. OWA有沒有HTTPS沒差,因為如果你的RPC需要,您必須在RPC虛擬目錄設定好加密機制與驗證模式。
    3. [NSPI interface protocol sequences],ncacn_http:6004這個機碼,目前我沒有設定,已經能夠正常運作了。應該是我的環境的關係。
    4. Exchange設定成[RPC-HTTP 後端伺服器]我這理必須設定。
    5. 最重要的幾點,就是在設定outlook的[Microsoft Exchange伺服器],同樣,如果公司有分內外部FQDN請勿填寫外部的FQDN,書上寫的,後來,我只填主機名稱,發現加上上述設定,就會自動產生mail.xxxx.com.tw的內部FQDN。而[透過網際網路連線 Exchange連線]裡面,則是必需要填入外部的FQDN,當透過網路的https連線到exchange主機,就能夠正常的收發電子郵件了。
    2008年3月21日 上午 02:32

所有回覆

  • DC上設定

    必須是Windows Server 2003
    通用類別目錄伺服器(GC)及網域控制站(DC)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
    數值名稱:NSPI interface protocol sequences
     數值資料:ncacn_http:6004
    重新開機 

    Exchange 設定

    To configure an Exchange Server 2003 SP1 single-server installation to use RPC over HTTP

    1.       In Exchange System Manager, expand Administrative Groups, and then expand the Administrative Group that contains your Exchange server.

    2.       Expand the Servers object, right-click the Exchange server you want to set as the RPC proxy server, and then select Properties.

    3.       On the Exchange Server Properties page, click the RPC-HTTP tab, and then select the option next to RPC-HTTP back-end server.

    4.       Click OK.

    5.       The following dialog box appears informing you that you do not have an Exchange front-end server in your organization. Click OK to close this dialog box.

     

    After you click OK on this dialog box, you will receive another message indicating that you can allow Exchange to configure your ports automatically to use RPC over HTTP. Click OK to allow Exchange to do this automatically.

     

    6.       Restart this computer.

    To configure the RPC over HTTP virtual directory

    1.       Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    2.       In Internet Information Services (IIS) Manager, in the console tree, expand the server you want, expand Web Sites, expand Default Web Site, right-click the RPC virtual directory, and then click Properties.

    3.       In RPC Virtual Directory Properties page, on the Directory Security tab, in the Authentication and access control pane, click Edit.

    4.       On the Authentication Methods window, verify that the check box next to Enable anonymous access is cleared.

    Note   RPC over HTTP does not allow anonymous access by default despite what the user interface shows.

    5.       On the Authentication Methods window, under Authenticated access, select the check box next to Basic authentication (password is sent in clear text), and ensure the check box next to Integrated Windows authentication (NTLM) is checked, and then click OK.

    6.       To save your settings, click Apply, and then click OK.

    7.       Ensure that you have a valid SSL certificate installed on the virtual server

     

    Your RPC virtual directory is now ready to use Basic and NTLM authentication.

    To configure the RPC proxy server to use specified ports for RPC over HTTP

    The following ports are required for RPC over HTTP.

     

    Table 1   Required ports for RPC over HTTP

    Server

    Ports (Services)

    Exchange back-end server

    6001 (store)

    6002 (DSReferral)

    6004 (DSProxy)

     

    1.       On the Exchange proxy server, start Registry Editor (regedit).

    2.       In the console tree, locate the following registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

    3.       In the details pane, right-click the ValidPorts subkey, and then click Modify.

    4.       In Edit String, in the Value data box, type the following information:

    ExchangeServer:6001-6002;ExchangeServerFQDN:6001-6002;ExchangeServer:6004;ExchangeServerFQDN:6004;

    ·         ExchangeServer is the NetBIOS name of your Exchange server.

    ·         ExchangeServerFQDN is the fully qualified domain name (FQDN) of your Exchange server.

    Your Exchange server is now set up to act as both a back-end mailbox and an RPC over HTTP proxy server.

    2008年3月20日 上午 09:02
    版主
  • 再補充一下我的環境與問題,兩台DC,其中一台是GC,都沒有對外,而exchange server並非DC,只是單純的提供Exchange服務,有加入網域的主機。
    1.想確認一下,我的ValidPorts,應該設定內部的FQDN還是設定外部連線使用的FQDN,
    2.再者,主要的OWA沒有使用HTTPS,是否會影響到RPC over HTTP的功能。
    3.目前通用類別目錄主機中,沒有看到[NSPI interface protocol sequences],ncacn_http:6004這個機碼,我的環境需要加上去嗎?如果需要,是否兩台DC都要加上此機碼?
    4.最後,我的環境,需要把這台Exchange設定成[RPC-HTTP 後端伺服器]嗎?
    又測試了兩天,還是沒有成功,請各位前輩提出建議,謝謝。
    2008年3月20日 上午 09:34
  • 各位前輩,很感謝各位的幫忙,今天一早就測試出來了,我的相關記錄如下:
    1. ValidPorts,在參考相關文件後,確認其中的FQDN,如果公司有分內外部FQDN,必須是設定公司的內部FQDN,也就是mail.xxxx.com.tw,而非外部FQDN      mail.xxxx.tw
    2. OWA有沒有HTTPS沒差,因為如果你的RPC需要,您必須在RPC虛擬目錄設定好加密機制與驗證模式。
    3. [NSPI interface protocol sequences],ncacn_http:6004這個機碼,目前我沒有設定,已經能夠正常運作了。應該是我的環境的關係。
    4. Exchange設定成[RPC-HTTP 後端伺服器]我這理必須設定。
    5. 最重要的幾點,就是在設定outlook的[Microsoft Exchange伺服器],同樣,如果公司有分內外部FQDN請勿填寫外部的FQDN,書上寫的,後來,我只填主機名稱,發現加上上述設定,就會自動產生mail.xxxx.com.tw的內部FQDN。而[透過網際網路連線 Exchange連線]裡面,則是必需要填入外部的FQDN,當透過網路的https連線到exchange主機,就能夠正常的收發電子郵件了。
    2008年3月21日 上午 02:32