RPC over HTTPS - Frustrated (Help!)

[Jon Doe]

I'm trying to set up rpc over https and I just can't seem to be able to get
it to work even after following all the technet docs for configuration and
troubleshooting. Here's what I've done so far:

I'm trying to use the same front-end server that I'm using for OWA which has
a certificate and owa is working fine. On that server, I went ahead and
checked off the rpc front-end selection in the HTTP-RPC tab. I then went to
the backend server (which is really an A/P cluster) and checked off the rpc
backend selection.

I later learned that I was supposed to do the backend first, before doing
the frontend, so I unchecked the boxes and did it in order and then rebooted
the frontend (owa) server. Then on the owa server, I went through making
sure basic authentication was selected on both my owa server and also on the
rpc subfolder... as well as making sure is requires SSL (128bit encryption).

I then went ahead and configured the client (using basic auth), and I'm
using the dns name for my owa server which is owa.domain.com as the
"exchange server". When I try to connect, I just get the prompt for login
credentials, but never connects.

To troubleshoot, I went to owa.domain.com/rpc, and it prompts me for the
login credentials, and it doesn't accept the credentials... but after the
3rd time, it would go to the "You are not authorized" page. I load up
outlook /rpc and it never gets past the login screen. On the troubleshooting
steps on technet, all software versions match/exceeds what's required.

Am I right to put in my owa server's dns name as the exchange server? Or can
someone please help me discover what I'm doing wrong? rpc doesn't work when
I'm on the network, nor does it work when I'm connection from the internet.

Thanks a lot in advance!

 

[Jon Doe]

Oh.. I should mention what I'm using.

All exchange servers are E2K3 SP2 running on W2K3 SP1 servers. The DC's are
W2K A/S servers.

 

[Jon Doe]

Sorry.. I seem to be replying myself here, but I still need help. I just
discovered that exchange MUST have access to a W2K3 GC in order for it to
work. I don't have any W2K3 GC's... do I have any options at all other than
to build a W2K3 server and make it into a GC? could my Front-end server
become a GC without causing any problems to the rest of the domain that's
currently running in native mode?

Thanks much!

 

[Russ Kaufmann \(MVP\)]

Sorry.. I seem to be replying myself here, but I still need help. I just
discovered that exchange MUST have access to a W2K3 GC in order for it to
work. I don't have any W2K3 GC's... do I have any options at all other
than to build a W2K3 server and make it into a GC? could my Front-end
server become a GC without causing any problems to the rest of the domain
that's currently running in native mode?

Never install Exchange on a DC/GC. Ever. It is not supported.

Is there some reason that you have not made your current DCs into GCs?


--
Russ Kaufmann
MVP - Windows Server - Clustering
ClusterHelp.com, a Microsoft Certified Gold Partner
Web http://www.clusterhelp.com
Blog http://msmvps.com/clusterhelp

The next ClusterHelp classes are:
Denver starting Nov 28th
NYC starting Dec 4th.

 

[Andy David - MVP]

Never install Exchange on a DC/GC. Ever. It is not supported.

Its supported, just not recommended. Whats not supported is running
dcpromo on an existing Exhange Server, changing its role.

 

[John Oliver, Jr. [MVP]]

All DC's must be at least Windows 2003 for RPC over HTTPs to work properly.
I am also including great link by Mark Arnold,

http://www.msexchange.me.uk/rpchttpsproblems.htm

 

[Jon Doe]

I was reading up on this stuff, and I understand that I can have a Win2K DC,
but have W2K3 GC's as long as exchange doesn't try to pull info from the 2K
DC/GC's. In my case, I have a 2K DC, and 2K GC's.

If I make one of my 2K3 servers into a GC, how can I make sure that it's not
pulling data from the 2K GC's? Also, how will it affect replication (since
RUS is currently set up to point to the W2K DC)

 

[Jon Doe]

I have one DC and several GC's in different geographical locations (all
W2K).

 

[Russ Kaufmann \(MVP\)]

Its supported, just not recommended. Whats not supported is running
dcpromo on an existing Exhange Server, changing its role.

No. It is not supported. See http://support.microsoft.com/kb/898634 for more
information.


--
Russ Kaufmann
MVP - Windows Server - Clustering
ClusterHelp.com, a Microsoft Certified Gold Partner
Web http://www.clusterhelp.com
Blog http://msmvps.com/clusterhelp

The next ClusterHelp classes are:
Denver starting Nov 28th
NYC starting Dec 4th.

 

[Russ Kaufmann \(MVP\)]

I have one DC and several GC's in different geographical locations (all
W2K).

Generally, it is best if all DCs are GCs.


--
Russ Kaufmann
MVP - Windows Server - Clustering
ClusterHelp.com, a Microsoft Certified Gold Partner
Web http://www.clusterhelp.com
Blog http://msmvps.com/clusterhelp

The next ClusterHelp classes are:
Denver starting Nov 28th
NYC starting Dec 4th.

 

[mitch Roberson]

under the exchange server properties in Exchange System manager go the the
tab Directory access and uncheck the automatically find and then specifiy
the specific server