Stumped by RPC over HTTP

TheMSsForum.com: The Microsoft Software Forum

This is a multi-part message in MIME format.

------=_NextPart_000_000B_01C6FE7F.CD747160
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,=20

I about flipped today when I saw a new article by Thomas Shinder which =
finally addressed my scenario almost exactly, which I've been battling =
on and off for almost a year now. In a single server Exchange 2003 SP2 =
deployment along side a separate 2003 DC and behind an ISA 2004 SP1 =
server, which I will certainly upgrade to 2006 if that proves to be the =
problem. =20

My problem (which I would guess is more Exchange or DC related rather =
than ISA) is that I cannot get a client machine which is XP SP2 w/ =
Outlook 2003 SP2 to connect to the Exchange server within the firewall =
on the corpnet using HTTP(S). I have tried the outlook /rpcdiag to help =
debug the problem, but I am repeatedly prompted to login which never =
occurs so the /rpcdiag switch doesn't help much. I do however see the =
expected behavior from the test URLs of https://mail.fqdn.com/rpc/ and =
https://mail.fqdn.com/rpc/rpcproxy.dll so I'm fairly certain the certs =
are setup appropriately.=20

I've checked my ports in the registry on the single server Exchange =
machine and have entries under ValidPorts for=20
netbios:6001-6002;=20
netbios.domain.local:6001-6002;=20
netbios.fqdn.com:6001-6002;netbios:6004;=20
netbios.domain.local:6004;=20
netbios.fqdn.com:6004=20

As well on the separate 2003 DC machine I have ports configured under =
NTDS Parameters for the NSPI interface protocol sequences that read=20
ncacn_http:6004=20

I have only one public ip address and so...I've had to follow the =
guidance of Tom's other tutorial around wildcard certificates in order =
to provide access to the several secure web apps that we publish =
including OWA, WSS to name a couple. So, on the SSL side...I do have =
one Self Signed Root CA (running on our DC where DNS is also running) =
which has issued a wildcard *.fqdn.com cert and it has been imported =
into our ISA machine. As well I've issued the mail.fqdn.com and =
wss.fqdn.com certs that have been assigned to the specific sites where =
they are being used, OWA/OMA/EAS and WSS respectively for those FQDN's. =
OWA/OMA and WSS work like a dream in this scenario, with some success in =
EAS as well (depends on the device, Windows Mobile 5 device won't sync =
and doesn't seem to handle the wildcard cert as well as Windows Mobile =
2003 SE). =20

Anyway...I hope some of you out there will benefit in knowing that this =
environment is possible - and my long explanation will serve a purpose =
beyond my desperate need for assistance. However, I'm really stumped at =
this point when it comes to getting RPC over HTTP to connect at all and =
I don't know why!!!=20

Thx in advance for any guidance!=20

Gaylen

------=_NextPart_000_000B_01C6FE7F.CD747160
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD><FONT face=3DArial><FONT size=3D2>
<BODY>
<DIV>
<P class=3DMsoNormal style=3D"MARGIN: 0in 0in 0pt"><FONT face=3D"Times =
New Roman"=20
size=3D4><SPAN style=3D"FONT-SIZE: 14.5pt">Hello, <BR><BR>I about =
flipped today when=20
I saw a <A=20
href=3D"http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RP=
C-HTTP-Single-IP-Address-Part2.html"=20
target=3D_blank>new article</A> by Thomas Shinder&nbsp;which finally =
addressed my=20
scenario almost exactly, which I've been battling on and off&nbsp;for =
almost a=20
year now.&nbsp; In a single server Exchange 2003 SP2 deployment along =
side a=20
separate 2003 DC and&nbsp;behind an ISA 2004 SP1 server, which I=20
will&nbsp;certainly upgrade to 2006 if that proves to be the =
problem.&nbsp;=20
<BR><BR>My problem (which I would guess is more Exchange or DC related =
rather=20
than ISA) is that I cannot get a client machine which is XP SP2 w/ =
Outlook 2003=20
SP2 to connect to the Exchange server <U>within the firewall on the =
corpnet</U>=20
using HTTP(S).&nbsp; I have tried the outlook /rpcdiag to help debug the =

problem, but I&nbsp;am repeatedly prompted to login which never occurs =
so the=20
/rpcdiag switch doesn't help much.&nbsp; I do however see the expected=20
behavior&nbsp;from the test URLs of <A =
href=3D"https://mail.fqdn.com/rpc/"=20
target=3D_blank>https://mail.fqdn.com/rpc/</A> and <A=20
href=3D"https://mail.fqdn.com/rpc/rpcproxy.dll"=20
target=3D_blank>https://mail.fqdn.com/rpc/rpcproxy.dll</A>&nbsp;so I'm =
fairly=20
certain&nbsp;the certs are setup appropriately. <BR><BR>I've checked my =
ports in=20
the registry on the single server Exchange machine and have entries =
under=20
ValidPorts for <BR><B><SPAN style=3D"FONT-WEIGHT: =
bold">netbios:6<?xml:namespace=20
prefix =3D st2 ns =3D "urn:schemas-nereosoft-com:nsinfofinder:smarttags" =

/><st2:Phone w:st=3D"on">001-6002</st2:Phone>;</SPAN></B> <BR><B><SPAN=20
style=3D"FONT-WEIGHT: bold">netbios.domain.local:6001-6002;</SPAN></B>=20
<BR><B><SPAN=20
style=3D"FONT-WEIGHT: =
bold">netbios.fqdn.com:6001-6002;netbios:6004;</SPAN></B>=20
<BR><B><SPAN style=3D"FONT-WEIGHT: =
bold">netbios.domain.local:6004;</SPAN></B>=20
<BR><B><SPAN style=3D"FONT-WEIGHT: =
bold">netbios.fqdn.com:6004</SPAN></B>=20
<BR><BR>As well on the separate 2003 DC machine I have ports configured =
under=20
NTDS Parameters for the NSPI interface protocol sequences that read =
<BR><B><SPAN=20
style=3D"FONT-WEIGHT: bold">ncacn_http:6004</SPAN></B> <BR><BR>I have =
only=20
one&nbsp;public ip address and so...I've had to follow the guidance of =
Tom's=20
other <A =
href=3D"http://www.isaserver.org/tutorials/2004wildcardcert.html"=20
target=3D_blank>tutorial</A> around wildcard certificates in order to =
provide=20
access to the several secure web apps that we publish&nbsp;including =
OWA, WSS to=20
name a couple.&nbsp; So, on the SSL side...I do have one Self Signed=20
<?xml:namespace prefix =3D st1 ns =3D =
"urn:schemas-microsoft-com:office:smarttags"=20
/><st1:place w:st=3D"on"><st1:City w:st=3D"on">Root</st1:City> =
<st1:State=20
w:st=3D"on">CA</st1:State></st1:place> (running on our DC where DNS is =
also=20
running) which has issued a wildcard *.fqdn.com cert and it has been =
imported=20
into our ISA machine.&nbsp;&nbsp;As well I've issued the mail.fqdn.com =
and=20
wss.fqdn.com certs that have been assigned to the specific sites where =
they are=20
being used, OWA/OMA/EAS and WSS respectively for those FQDN's.&nbsp; =
OWA/OMA and=20
WSS work like a dream in this scenario, with some success in EAS as well =

(depends on the device, Windows Mobile 5 device won't&nbsp;sync and =
doesn't seem=20
to handle&nbsp;the wildcard cert as well as Windows Mobile 2003 =
SE).&nbsp;=20
<BR><BR>Anyway...I hope some of you out there&nbsp;will benefit&nbsp;in =
knowing=20
that this environment is possible -&nbsp;and my long explanation will =
serve a=20
purpose beyond my desperate need for assistance.&nbsp; However, I'm =
really=20
stumped at this point when it comes to getting RPC over HTTP to connect =
at all=20
and I don't know why!!! <BR><BR>Thx in advance for any guidance!=20
<BR><BR>Gaylen</SPAN></FONT><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><?xml:namespace prefix =3D =
o ns =3D=20
"urn:schemas-microsoft-com:office:office"=20
/><o:p></o:p></SPAN></FONT></P></DIV></BODY></HTML></FONT></FONT>

------=_NextPart_000_000B_01C6FE7F.CD747160--
Top