Help with RPC over HTTP #2

This is a multi-part message in MIME format.

------=_NextPart_000_0026_01C4ECFE.88379990
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have installed a front end server which now, thanks to the advice from =
GT, works perfectly for OWA.  RPC over HTTP is another matter =
altogether.   I've done EVERYTHING and I'm still not making the right =
connections.  The environment is as follows:

Servers all have Windows 2003.  Backend is an A/P two server cluster =
with Exchange 2003 Enterprise.  Front end is Exchange 2003 Standard.  We =
have Checkpoint FW1 that separates the external (domain.edu) from the =
internal (internal.domain.edu).  We have two external dns servers and =
two internal.

    I've followed every KB article to the letter.  I've tracked down =
every article here on the message board.   I can RPCping between the =
front end and the back end and the reverse.  I've got SSL in place and I =
know it works because the OWA sessions require https.  I've set up the =
Outlook 2003 client properly and have tried every variation that's been =
published anywhere that I can find. . .

    But when I run "outlook /rpcdiag", it appears that I'm never =
connecting to anything.  Initially, the logon dialog box pops up and the =
diagnostic window shows the following:

Server Name                     | Type     | Interface  | Conn  | Status =
      | Reg/Fail  | AvgResp

--                                          Directory                    =
--        Connecting
backend.int.dom.edu        Referral                      --        =
Connecting

After about 5 seconds or so,  those two entries disappear and the =
following line shows up:

DomCntrller.int.dom.edu      Directory                    --        =
Connecting

After a second or so, it changes to

backend.int.dom.edu       Directory                      --        =
Connecting

And then quickly to

backend                            Directory                      --     =
   Connecting

The last entry (netbios name rather than FQDN) stays for about a minute =
and then disappears as the "Your server is not available" message pops =
up.

 I've checked the firewall logs and it is accepting all the packets =
coming from the client.  And I can connect when I'm in VPN mode, but =
even with the client set to not use tcp/ip on fast or slow networks, the =
connection type is still TCP/IP.

I'm hoping against hope that someone knows some obscure fact that is =
poorly documented.  Any help would be greatly appreciated!!  Thanks in =
advance.

Bill Schleifer
------=_NextPart_000_0026_01C4ECFE.88379990
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>I have installed a front end server =
which now,=20
thanks to the advice from GT, works perfectly for OWA.&nbsp; RPC over =
HTTP is=20
another matter altogether.&nbsp;&nbsp; I've done EVERYTHING and I'm =
still not=20
making the right connections.&nbsp; The environment is as =
follows:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Servers all have Windows 2003.&nbsp; =
Backend is an=20
A/P two server cluster with Exchange 2003 Enterprise.&nbsp; Front end is =

Exchange 2003 Standard.&nbsp; We have Checkpoint FW1 that separates the =
external=20
(domain.edu) from the internal (internal.domain.edu).&nbsp; We have two =
external=20
dns servers and two internal.</FONT></DIV>
<DIV dir=3Dltr>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; I've =
followed every KB=20
article to the letter.&nbsp; I've tracked down every article here on the =

message&nbsp;board.&nbsp; &nbsp;I can RPCping between the front end and =
the back=20
end and the reverse.&nbsp; I've got SSL in place and I know it works =
because the=20
OWA sessions require https.&nbsp; I've set up the Outlook 2003 client =
properly=20
and have tried every variation that's been published anywhere that I can =
find. .=20
..</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; But when I =
run "outlook=20
/rpcdiag", it appears that I'm never connecting to anything.&nbsp; =
Initially,=20
the logon dialog box pops up and the diagnostic window shows the=20
following:</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2><STRONG>Server=20
Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
| Type&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;Interface&nbsp; | Conn&nbsp; |=20
Status&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Reg/Fail&nbsp; |=20
AvgResp</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;=20
Referral&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>After about 5 seconds or =
so,&nbsp; those=20
two entries disappear and the following line shows up:</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>DomCntrller.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>After a second or so, it =
changes=20
to</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>And then quickly =
to</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>backend&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>The last entry (netbios name =
rather than=20
FQDN) stays for about a minute and then disappears as the "Your server =
is not=20
available" message pops up.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;I've checked the =
firewall logs and it=20
is accepting all the packets coming from the client.&nbsp; And I can =
connect=20
when I'm in VPN mode, but even with the client set to not use tcp/ip on =
fast or=20
slow networks, the connection type is still TCP/IP.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>I'm hoping against hope that =
someone knows=20
some obscure fact&nbsp;that is poorly documented.&nbsp; Any help would =
be=20
greatly appreciated!!&nbsp; Thanks in advance.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Bill =
Schleifer</FONT></DIV></BODY></HTML>

------=_NextPart_000_0026_01C4ECFE.88379990--

0
bschleifer (15)
12/28/2004 9:59:02 PM
exchange.admin 57650 articles. 1 followers. Follow

11 Replies
426 Views

Similar Articles

[PageSpeed] 50

This is a multi-part message in MIME format.

------=_NextPart_000_015F_01C4ECFA.A4184690
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Do you have both Basic and Integrated authentication enabled on the =
Exchange virtual directory (and Public)?  I seem to recall that you have =
to have Integrated enabled in order for RPC/HTTPS to work correctly.  =
I'll have to see if I can dig up the reference.

--=20
Ben Winzenz
Exchange MVP


"Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl...
I have installed a front end server which now, thanks to the advice from =
GT, works perfectly for OWA.  RPC over HTTP is another matter =
altogether.   I've done EVERYTHING and I'm still not making the right =
connections.  The environment is as follows:

Servers all have Windows 2003.  Backend is an A/P two server cluster =
with Exchange 2003 Enterprise.  Front end is Exchange 2003 Standard.  We =
have Checkpoint FW1 that separates the external (domain.edu) from the =
internal (internal.domain.edu).  We have two external dns servers and =
two internal.

    I've followed every KB article to the letter.  I've tracked down =
every article here on the message board.   I can RPCping between the =
front end and the back end and the reverse.  I've got SSL in place and I =
know it works because the OWA sessions require https.  I've set up the =
Outlook 2003 client properly and have tried every variation that's been =
published anywhere that I can find. . .

    But when I run "outlook /rpcdiag", it appears that I'm never =
connecting to anything.  Initially, the logon dialog box pops up and the =
diagnostic window shows the following:

Server Name                     | Type     | Interface  | Conn  | Status =
      | Reg/Fail  | AvgResp

--                                          Directory                    =
--        Connecting
backend.int.dom.edu        Referral                      --        =
Connecting

After about 5 seconds or so,  those two entries disappear and the =
following line shows up:

DomCntrller.int.dom.edu      Directory                    --        =
Connecting

After a second or so, it changes to

backend.int.dom.edu       Directory                      --        =
Connecting

And then quickly to

backend                            Directory                      --     =
   Connecting

The last entry (netbios name rather than FQDN) stays for about a minute =
and then disappears as the "Your server is not available" message pops =
up.

 I've checked the firewall logs and it is accepting all the packets =
coming from the client.  And I can connect when I'm in VPN mode, but =
even with the client set to not use tcp/ip on fast or slow networks, the =
connection type is still TCP/IP.

I'm hoping against hope that someone knows some obscure fact that is =
poorly documented.  Any help would be greatly appreciated!!  Thanks in =
advance.

Bill Schleifer
------=_NextPart_000_015F_01C4ECFA.A4184690
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Do you have both Basic and Integrated=20
authentication enabled on the Exchange virtual directory (and=20
Public)?&nbsp;&nbsp;I seem to recall that you&nbsp;have to have =
Integrated=20
enabled in order for RPC/HTTPS to work correctly.&nbsp; I'll have to see =
if I=20
can dig up the reference.</FONT></DIV>
<DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>"Bill Schleifer" &lt;<A=20
href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
message <A=20
href=3D"news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl">news:%232UbyhS7EHA.=
4028@TK2MSFTNGP15.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>I have installed a front end server =
which now,=20
thanks to the advice from GT, works perfectly for OWA.&nbsp; RPC over =
HTTP is=20
another matter altogether.&nbsp;&nbsp; I've done EVERYTHING and I'm =
still not=20
making the right connections.&nbsp; The environment is as =
follows:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Servers all have Windows 2003.&nbsp; =
Backend is an=20
A/P two server cluster with Exchange 2003 Enterprise.&nbsp; Front end is =

Exchange 2003 Standard.&nbsp; We have Checkpoint FW1 that separates the =
external=20
(domain.edu) from the internal (internal.domain.edu).&nbsp; We have two =
external=20
dns servers and two internal.</FONT></DIV>
<DIV dir=3Dltr>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; I've =
followed every KB=20
article to the letter.&nbsp; I've tracked down every article here on the =

message&nbsp;board.&nbsp; &nbsp;I can RPCping between the front end and =
the back=20
end and the reverse.&nbsp; I've got SSL in place and I know it works =
because the=20
OWA sessions require https.&nbsp; I've set up the Outlook 2003 client =
properly=20
and have tried every variation that's been published anywhere that I can =
find. .=20
..</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; But when I =
run "outlook=20
/rpcdiag", it appears that I'm never connecting to anything.&nbsp; =
Initially,=20
the logon dialog box pops up and the diagnostic window shows the=20
following:</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2><STRONG>Server=20
Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
| Type&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;Interface&nbsp; | Conn&nbsp; |=20
Status&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Reg/Fail&nbsp; |=20
AvgResp</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;=20
Referral&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>After about 5 seconds or =
so,&nbsp; those=20
two entries disappear and the following line shows up:</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>DomCntrller.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>After a second or so, it =
changes=20
to</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>And then quickly =
to</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial=20
size=3D2><STRONG>backend&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>The last entry (netbios name =
rather than=20
FQDN) stays for about a minute and then disappears as the "Your server =
is not=20
available" message pops up.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;I've checked the =
firewall logs and it=20
is accepting all the packets coming from the client.&nbsp; And I can =
connect=20
when I'm in VPN mode, but even with the client set to not use tcp/ip on =
fast or=20
slow networks, the connection type is still TCP/IP.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>I'm hoping against hope that =
someone knows=20
some obscure fact&nbsp;that is poorly documented.&nbsp; Any help would =
be=20
greatly appreciated!!&nbsp; Thanks in advance.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Bill =
Schleifer</FONT></DIV></BODY></HTML>

------=_NextPart_000_015F_01C4ECFA.A4184690--

0
Ben
12/28/2004 10:31:11 PM
Does your SSL certificate on the RPC FE server match the name you used when 
you configured your clients?  For OWA a redirection is ok, but not with 
RPC/HTTPS.

-GT
"Bill Schleifer" <bschleifer@rivier.edu> wrote in message 
news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl...
I have installed a front end server which now, thanks to the advice from GT, 
works perfectly for OWA.  RPC over HTTP is another matter altogether.   I've 
done EVERYTHING and I'm still not making the right connections.  The 
environment is as follows:

Servers all have Windows 2003.  Backend is an A/P two server cluster with 
Exchange 2003 Enterprise.  Front end is Exchange 2003 Standard.  We have 
Checkpoint FW1 that separates the external (domain.edu) from the internal 
(internal.domain.edu).  We have two external dns servers and two internal.

    I've followed every KB article to the letter.  I've tracked down every 
article here on the message board.   I can RPCping between the front end and 
the back end and the reverse.  I've got SSL in place and I know it works 
because the OWA sessions require https.  I've set up the Outlook 2003 client 
properly and have tried every variation that's been published anywhere that 
I can find. . .

    But when I run "outlook /rpcdiag", it appears that I'm never connecting 
to anything.  Initially, the logon dialog box pops up and the diagnostic 
window shows the following:

Server Name                     | Type     | Interface  | Conn  | Status 
| Reg/Fail  | AvgResp

--                                          Directory                    --  
Connecting
backend.int.dom.edu        Referral                      --  
Connecting

After about 5 seconds or so,  those two entries disappear and the following 
line shows up:

DomCntrller.int.dom.edu      Directory                    --  
Connecting

After a second or so, it changes to

backend.int.dom.edu       Directory                      --  
Connecting

And then quickly to

backend                            Directory                      --  
Connecting

The last entry (netbios name rather than FQDN) stays for about a minute and 
then disappears as the "Your server is not available" message pops up.

 I've checked the firewall logs and it is accepting all the packets coming 
from the client.  And I can connect when I'm in VPN mode, but even with the 
client set to not use tcp/ip on fast or slow networks, the connection type 
is still TCP/IP.

I'm hoping against hope that someone knows some obscure fact that is poorly 
documented.  Any help would be greatly appreciated!!  Thanks in advance.

Bill Schleifer 


0
GT
12/28/2004 10:56:19 PM
This is a multi-part message in MIME format.

------=_NextPart_000_0D6F_01C4ED07.32D72110
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Ben,
   Yes. . . Both are selcted on those two virutal directories.

    In the registry entry where the referrals are assigned. . . should =
it be the back end for 6001-6002 and 6004?  Or if you have a separate =
GC, should that be set for 6004?  And we, in fact, have multiple GCs. . =
..

Bill
  "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> =
wrote in message news:eKTDwzS7EHA.1452@TK2MSFTNGP11.phx.gbl...
  Do you have both Basic and Integrated authentication enabled on the =
Exchange virtual directory (and Public)?  I seem to recall that you have =
to have Integrated enabled in order for RPC/HTTPS to work correctly.  =
I'll have to see if I can dig up the reference.

  --=20
  Ben Winzenz
  Exchange MVP


  "Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl...
  I have installed a front end server which now, thanks to the advice =
from GT, works perfectly for OWA.  RPC over HTTP is another matter =
altogether.   I've done EVERYTHING and I'm still not making the right =
connections.  The environment is as follows:

  Servers all have Windows 2003.  Backend is an A/P two server cluster =
with Exchange 2003 Enterprise.  Front end is Exchange 2003 Standard.  We =
have Checkpoint FW1 that separates the external (domain.edu) from the =
internal (internal.domain.edu).  We have two external dns servers and =
two internal.

      I've followed every KB article to the letter.  I've tracked down =
every article here on the message board.   I can RPCping between the =
front end and the back end and the reverse.  I've got SSL in place and I =
know it works because the OWA sessions require https.  I've set up the =
Outlook 2003 client properly and have tried every variation that's been =
published anywhere that I can find. . .

      But when I run "outlook /rpcdiag", it appears that I'm never =
connecting to anything.  Initially, the logon dialog box pops up and the =
diagnostic window shows the following:

  Server Name                     | Type     | Interface  | Conn  | =
Status       | Reg/Fail  | AvgResp

  --                                          Directory                  =
  --        Connecting
  backend.int.dom.edu        Referral                      --        =
Connecting

  After about 5 seconds or so,  those two entries disappear and the =
following line shows up:

  DomCntrller.int.dom.edu      Directory                    --        =
Connecting

  After a second or so, it changes to

  backend.int.dom.edu       Directory                      --        =
Connecting

  And then quickly to

  backend                            Directory                      --   =
     Connecting

  The last entry (netbios name rather than FQDN) stays for about a =
minute and then disappears as the "Your server is not available" message =
pops up.

   I've checked the firewall logs and it is accepting all the packets =
coming from the client.  And I can connect when I'm in VPN mode, but =
even with the client set to not use tcp/ip on fast or slow networks, the =
connection type is still TCP/IP.

  I'm hoping against hope that someone knows some obscure fact that is =
poorly documented.  Any help would be greatly appreciated!!  Thanks in =
advance.

  Bill Schleifer
------=_NextPart_000_0D6F_01C4ED07.32D72110
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Ben,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Yes. . . Both are selcted =
on those two=20
virutal directories.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; In the registry =
entry where the=20
referrals are assigned. . . should it be the back end for 6001-6002 and=20
6004?&nbsp; Or if you have a separate GC, should that be set for =
6004?&nbsp; And=20
we, in fact, have multiple GCs. . .</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Ben Winzenz [Exchange MVP]" &lt;<A=20
  =
href=3D"mailto:ben_winzenz@NOSPAMdotmessageonedotcom">ben_winzenz@NOSPAMd=
otmessageonedotcom</A>&gt;=20
  wrote in message <A=20
  =
href=3D"news:eKTDwzS7EHA.1452@TK2MSFTNGP11.phx.gbl">news:eKTDwzS7EHA.1452=
@TK2MSFTNGP11.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>Do you have both Basic and Integrated =

  authentication enabled on the Exchange virtual directory (and=20
  Public)?&nbsp;&nbsp;I seem to recall that you&nbsp;have to have =
Integrated=20
  enabled in order for RPC/HTTPS to work correctly.&nbsp; I'll have to =
see if I=20
  can dig up the reference.</FONT></DIV>
  <DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>"Bill Schleifer" &lt;<A=20
  href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
  message <A=20
  =
href=3D"news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl">news:%232UbyhS7EHA.=
4028@TK2MSFTNGP15.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>I have installed a front end server =
which now,=20
  thanks to the advice from GT, works perfectly for OWA.&nbsp; RPC over =
HTTP is=20
  another matter altogether.&nbsp;&nbsp; I've done EVERYTHING and I'm =
still not=20
  making the right connections.&nbsp; The environment is as=20
follows:</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Servers all have Windows 2003.&nbsp; =
Backend is=20
  an A/P two server cluster with Exchange 2003 Enterprise.&nbsp; Front =
end is=20
  Exchange 2003 Standard.&nbsp; We have Checkpoint FW1 that separates =
the=20
  external (domain.edu) from the internal (internal.domain.edu).&nbsp; =
We have=20
  two external dns servers and two internal.</FONT></DIV>
  <DIV dir=3Dltr>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; I've =
followed every KB=20
  article to the letter.&nbsp; I've tracked down every article here on =
the=20
  message&nbsp;board.&nbsp; &nbsp;I can RPCping between the front end =
and the=20
  back end and the reverse.&nbsp; I've got SSL in place and I know it =
works=20
  because the OWA sessions require https.&nbsp; I've set up the Outlook =
2003=20
  client properly and have tried every variation that's been published =
anywhere=20
  that I can find. . .</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; But when =
I run=20
  "outlook /rpcdiag", it appears that I'm never connecting to =
anything.&nbsp;=20
  Initially, the logon dialog box pops up and the diagnostic window =
shows the=20
  following:</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2><STRONG>Server=20
  =
Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  | Type&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;Interface&nbsp; | Conn&nbsp; |=20
  Status&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Reg/Fail&nbsp; |=20
  AvgResp</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  &nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;=20
  =
Referral&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>After about 5 seconds or =
so,&nbsp; those=20
  two entries disappear and the following line shows up:</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  size=3D2><STRONG>DomCntrller.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>After a second or so, it =
changes=20
  to</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>And then quickly =
to</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>backend&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>The last entry (netbios =
name rather than=20
  FQDN) stays for about a minute and then disappears as the "Your server =
is not=20
  available" message pops up.</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;I've checked the =
firewall logs and=20
  it is accepting all the packets coming from the client.&nbsp; And I =
can=20
  connect when I'm in VPN mode, but even with the client set to not use =
tcp/ip=20
  on fast or slow networks, the connection type is still =
TCP/IP.</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>I'm hoping against hope =
that someone=20
  knows some obscure fact&nbsp;that is poorly documented.&nbsp; Any help =
would=20
  be greatly appreciated!!&nbsp; Thanks in advance.</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>Bill=20
Schleifer</FONT></DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0D6F_01C4ED07.32D72110--

0
bschleifer (15)
12/28/2004 11:01:03 PM
This is a multi-part message in MIME format.

------=_NextPart_000_017C_01C4ED01.BD72E3F0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

What about the RPC virtual directory?  Also, is the Outlook client set =
up to use Basic to authenticate, or NTLM?  NTLM won't work through a =
firewall.

Have you applied Exchange 2003 SP1?  It makes RPC/HTTP(s) tons easier by =
doing the configuration work for you.

--=20
Ben Winzenz
Exchange MVP


"Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:%23E4obET7EHA.3596@TK2MSFTNGP12.phx.gbl...
Ben,
   Yes. . . Both are selcted on those two virutal directories.

    In the registry entry where the referrals are assigned. . . should =
it be the back end for 6001-6002 and 6004?  Or if you have a separate =
GC, should that be set for 6004?  And we, in fact, have multiple GCs. . =
..

Bill
  "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> =
wrote in message news:eKTDwzS7EHA.1452@TK2MSFTNGP11.phx.gbl...
  Do you have both Basic and Integrated authentication enabled on the =
Exchange virtual directory (and Public)?  I seem to recall that you have =
to have Integrated enabled in order for RPC/HTTPS to work correctly.  =
I'll have to see if I can dig up the reference.

  --=20
  Ben Winzenz
  Exchange MVP


  "Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl...
  I have installed a front end server which now, thanks to the advice =
from GT, works perfectly for OWA.  RPC over HTTP is another matter =
altogether.   I've done EVERYTHING and I'm still not making the right =
connections.  The environment is as follows:

  Servers all have Windows 2003.  Backend is an A/P two server cluster =
with Exchange 2003 Enterprise.  Front end is Exchange 2003 Standard.  We =
have Checkpoint FW1 that separates the external (domain.edu) from the =
internal (internal.domain.edu).  We have two external dns servers and =
two internal.

      I've followed every KB article to the letter.  I've tracked down =
every article here on the message board.   I can RPCping between the =
front end and the back end and the reverse.  I've got SSL in place and I =
know it works because the OWA sessions require https.  I've set up the =
Outlook 2003 client properly and have tried every variation that's been =
published anywhere that I can find. . .

      But when I run "outlook /rpcdiag", it appears that I'm never =
connecting to anything.  Initially, the logon dialog box pops up and the =
diagnostic window shows the following:

  Server Name                     | Type     | Interface  | Conn  | =
Status       | Reg/Fail  | AvgResp

  --                                          Directory                  =
  --        Connecting
  backend.int.dom.edu        Referral                      --        =
Connecting

  After about 5 seconds or so,  those two entries disappear and the =
following line shows up:

  DomCntrller.int.dom.edu      Directory                    --        =
Connecting

  After a second or so, it changes to

  backend.int.dom.edu       Directory                      --        =
Connecting

  And then quickly to

  backend                            Directory                      --   =
     Connecting

  The last entry (netbios name rather than FQDN) stays for about a =
minute and then disappears as the "Your server is not available" message =
pops up.

   I've checked the firewall logs and it is accepting all the packets =
coming from the client.  And I can connect when I'm in VPN mode, but =
even with the client set to not use tcp/ip on fast or slow networks, the =
connection type is still TCP/IP.

  I'm hoping against hope that someone knows some obscure fact that is =
poorly documented.  Any help would be greatly appreciated!!  Thanks in =
advance.

  Bill Schleifer
------=_NextPart_000_017C_01C4ED01.BD72E3F0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>What about the RPC virtual =
directory?&nbsp; Also,=20
is the Outlook client set up to use Basic to authenticate, or =
NTLM?&nbsp; NTLM=20
won't work through a firewall.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Have you applied Exchange 2003 =
SP1?&nbsp; It makes=20
RPC/HTTP(s) tons easier by doing the configuration work for =
you.</FONT></DIV>
<DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>"Bill Schleifer" &lt;<A=20
href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
message <A=20
href=3D"news:%23E4obET7EHA.3596@TK2MSFTNGP12.phx.gbl">news:%23E4obET7EHA.=
3596@TK2MSFTNGP12.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Ben,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Yes. . . Both are selcted =
on those two=20
virutal directories.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; In the registry =
entry where the=20
referrals are assigned. . . should it be the back end for 6001-6002 and=20
6004?&nbsp; Or if you have a separate GC, should that be set for =
6004?&nbsp; And=20
we, in fact, have multiple GCs. . .</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Ben Winzenz [Exchange MVP]" &lt;<A=20
  =
href=3D"mailto:ben_winzenz@NOSPAMdotmessageonedotcom">ben_winzenz@NOSPAMd=
otmessageonedotcom</A>&gt;=20
  wrote in message <A=20
  =
href=3D"news:eKTDwzS7EHA.1452@TK2MSFTNGP11.phx.gbl">news:eKTDwzS7EHA.1452=
@TK2MSFTNGP11.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>Do you have both Basic and Integrated =

  authentication enabled on the Exchange virtual directory (and=20
  Public)?&nbsp;&nbsp;I seem to recall that you&nbsp;have to have =
Integrated=20
  enabled in order for RPC/HTTPS to work correctly.&nbsp; I'll have to =
see if I=20
  can dig up the reference.</FONT></DIV>
  <DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>"Bill Schleifer" &lt;<A=20
  href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
  message <A=20
  =
href=3D"news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl">news:%232UbyhS7EHA.=
4028@TK2MSFTNGP15.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>I have installed a front end server =
which now,=20
  thanks to the advice from GT, works perfectly for OWA.&nbsp; RPC over =
HTTP is=20
  another matter altogether.&nbsp;&nbsp; I've done EVERYTHING and I'm =
still not=20
  making the right connections.&nbsp; The environment is as=20
follows:</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Servers all have Windows 2003.&nbsp; =
Backend is=20
  an A/P two server cluster with Exchange 2003 Enterprise.&nbsp; Front =
end is=20
  Exchange 2003 Standard.&nbsp; We have Checkpoint FW1 that separates =
the=20
  external (domain.edu) from the internal (internal.domain.edu).&nbsp; =
We have=20
  two external dns servers and two internal.</FONT></DIV>
  <DIV dir=3Dltr>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; I've =
followed every KB=20
  article to the letter.&nbsp; I've tracked down every article here on =
the=20
  message&nbsp;board.&nbsp; &nbsp;I can RPCping between the front end =
and the=20
  back end and the reverse.&nbsp; I've got SSL in place and I know it =
works=20
  because the OWA sessions require https.&nbsp; I've set up the Outlook =
2003=20
  client properly and have tried every variation that's been published =
anywhere=20
  that I can find. . .</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; But when =
I run=20
  "outlook /rpcdiag", it appears that I'm never connecting to =
anything.&nbsp;=20
  Initially, the logon dialog box pops up and the diagnostic window =
shows the=20
  following:</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2><STRONG>Server=20
  =
Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  | Type&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;Interface&nbsp; | Conn&nbsp; |=20
  Status&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Reg/Fail&nbsp; |=20
  AvgResp</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  &nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;=20
  =
Referral&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>After about 5 seconds or =
so,&nbsp; those=20
  two entries disappear and the following line shows up:</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  size=3D2><STRONG>DomCntrller.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>After a second or so, it =
changes=20
  to</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial =
size=3D2><STRONG></STRONG></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>backend.int.dom.edu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =

  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>And then quickly =
to</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial=20
  =
size=3D2><STRONG>backend&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  =
Directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Connecting</STRONG></FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>The last entry (netbios =
name rather than=20
  FQDN) stays for about a minute and then disappears as the "Your server =
is not=20
  available" message pops up.</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>&nbsp;I've checked the =
firewall logs and=20
  it is accepting all the packets coming from the client.&nbsp; And I =
can=20
  connect when I'm in VPN mode, but even with the client set to not use =
tcp/ip=20
  on fast or slow networks, the connection type is still =
TCP/IP.</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>I'm hoping against hope =
that someone=20
  knows some obscure fact&nbsp;that is poorly documented.&nbsp; Any help =
would=20
  be greatly appreciated!!&nbsp; Thanks in advance.</FONT></DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV dir=3Dltr><FONT face=3DArial size=3D2>Bill=20
Schleifer</FONT></DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_017C_01C4ED01.BD72E3F0--

0
Ben
12/28/2004 11:22:00 PM
This is a multi-part message in MIME format.

------=_NextPart_000_0D87_01C4ED1C.7567A350
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Yes, the RPC virtual directory is set up the same as the others.  And =
the outlook client is set up for basic authentication. I am using Ex2K3 =
SP1 on both the front and the back ends.  And regarding the registry =
entry for valid ports, I guess it must be right with the back end for =
all three ports -- if I modify it, it quickly gets changed back to the =
back end server for all three.  The system must be controlling that =
registry entry.

Bill
  "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> =
wrote in message news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl...
  What about the RPC virtual directory?  Also, is the Outlook client set =
up to use Basic to authenticate, or NTLM?  NTLM won't work through a =
firewall.

  Have you applied Exchange 2003 SP1?  It makes RPC/HTTP(s) tons easier =
by doing the configuration work for you.

  --=20
  Ben Winzenz
  Exchange MVP


------=_NextPart_000_0D87_01C4ED1C.7567A350
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Yes, the RPC virtual directory is set =
up the same=20
as the others.&nbsp; And the outlook client is set up for basic =
authentication.=20
I am using Ex2K3 SP1 on both the front and the back ends.&nbsp; And =
regarding=20
the registry entry for valid ports, I guess it must be right with the =
back end=20
for all three ports -- if I modify it, it quickly gets changed back to =
the back=20
end server for all three.&nbsp; The system must be controlling that =
registry=20
entry.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Ben Winzenz [Exchange MVP]" &lt;<A=20
  =
href=3D"mailto:ben_winzenz@NOSPAMdotmessageonedotcom">ben_winzenz@NOSPAMd=
otmessageonedotcom</A>&gt;=20
  wrote in message <A=20
  =
href=3D"news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl">news:esMYJQT7EHA.3504=
@TK2MSFTNGP12.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>What about the RPC virtual =
directory?&nbsp; Also,=20
  is the Outlook client set up to use Basic to authenticate, or =
NTLM?&nbsp; NTLM=20
  won't work through a firewall.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Have you applied Exchange 2003 =
SP1?&nbsp; It=20
  makes RPC/HTTP(s) tons easier by doing the configuration work for=20
  you.</FONT></DIV>
  <DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0D87_01C4ED1C.7567A350--

0
bschleifer (15)
12/29/2004 1:33:14 AM
Thanks again, GT for your earlier help.  The certificate name is for the 
external address of the server and that is what I put into the client as 
well.  I'm using a Windows CA certificate, but I've downloaded the CA chain 
to the client computer and the certificate is listed under the client 
machine's IE content page.  Is there anything else special about the 
certificate that I can check?

Bill


"GT" <DSS4u@+++nospam+++HOTMAIL.COM> wrote in message 
news:lwlAd.24862$Tn1.877460@news20.bellglobal.com...
> Does your SSL certificate on the RPC FE server match the name you used 
> when you configured your clients?  For OWA a redirection is ok, but not 
> with RPC/HTTPS.
>
> -GT
> "Bill Schleifer" <bschleifer@rivier.edu> wrote in message 
> news:%232UbyhS7EHA.4028@TK2MSFTNGP15.phx.gbl...
> I have installed a front end server which now, thanks to the advice from 
> GT, works perfectly for OWA.  RPC over HTTP is another matter altogether. 
> I've done EVERYTHING and I'm still not making the right connections.  The 
> environment is as follows:
>
> Servers all have Windows 2003.  Backend is an A/P two server cluster with 
> Exchange 2003 Enterprise.  Front end is Exchange 2003 Standard.  We have 
> Checkpoint FW1 that separates the external (domain.edu) from the internal 
> (internal.domain.edu).  We have two external dns servers and two internal.
>
>    I've followed every KB article to the letter.  I've tracked down every 
> article here on the message board.   I can RPCping between the front end 
> and the back end and the reverse.  I've got SSL in place and I know it 
> works because the OWA sessions require https.  I've set up the Outlook 
> 2003 client properly and have tried every variation that's been published 
> anywhere that I can find. . .
>
>    But when I run "outlook /rpcdiag", it appears that I'm never connecting 
> to anything.  Initially, the logon dialog box pops up and the diagnostic 
> window shows the following:
>
> Server Name                     | Type     | Interface  | Conn  | Status | 
> Reg/Fail  | AvgResp
>
> --  
>                       Directory                    --  Connecting
> backend.int.dom.edu        Referral                      --  Connecting
>
> After about 5 seconds or so,  those two entries disappear and the 
> following line shows up:
>
> DomCntrller.int.dom.edu      Directory                    --  Connecting
>
> After a second or so, it changes to
>
> backend.int.dom.edu       Directory                      --  Connecting
>
> And then quickly to
>
> backend                            Directory                      --  
> Connecting
>
> The last entry (netbios name rather than FQDN) stays for about a minute 
> and then disappears as the "Your server is not available" message pops up.
>
> I've checked the firewall logs and it is accepting all the packets coming 
> from the client.  And I can connect when I'm in VPN mode, but even with 
> the client set to not use tcp/ip on fast or slow networks, the connection 
> type is still TCP/IP.
>
> I'm hoping against hope that someone knows some obscure fact that is 
> poorly documented.  Any help would be greatly appreciated!!  Thanks in 
> advance.
>
> Bill Schleifer
> 


0
bschleifer (15)
12/29/2004 1:36:31 AM
This is a multi-part message in MIME format.

------=_NextPart_000_004C_01C4ED07.02416290
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

You are correct. In Exchange 2003 SP1, this registry key is controlled =
by the system, so it makes no sense to try to change it.
What I would suggest to do is to check if your _GC_ server is listening =
on port 6004 - there is a registry key for that (for NTDS service) =
described in KB.
Run the TCPView utility on all servers to check if they are all =
listening on all necessary ports.
Another suggestion is to verify that your front end FQDN exactly matches =
the name on the certificate. This might be a problem. If for some reason =
tehy don't match, you can create a CNAME in your DNS matching the name =
on a certificate, and use this name in Outlook client confiiguration.
Well, and I assume you haven't installed a certificate on the back-end, =
right? :)

Good luck,
Boris
  "Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl...
  Yes, the RPC virtual directory is set up the same as the others.  And =
the outlook client is set up for basic authentication. I am using Ex2K3 =
SP1 on both the front and the back ends.  And regarding the registry =
entry for valid ports, I guess it must be right with the back end for =
all three ports -- if I modify it, it quickly gets changed back to the =
back end server for all three.  The system must be controlling that =
registry entry.

  Bill
    "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> =
wrote in message news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl...
    What about the RPC virtual directory?  Also, is the Outlook client =
set up to use Basic to authenticate, or NTLM?  NTLM won't work through a =
firewall.

    Have you applied Exchange 2003 SP1?  It makes RPC/HTTP(s) tons =
easier by doing the configuration work for you.

    --=20
    Ben Winzenz
    Exchange MVP


------=_NextPart_000_004C_01C4ED07.02416290
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1476" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>You are correct. In Exchange 2003 SP1, =
this=20
registry key is controlled by the system, so it makes no sense to try to =
change=20
it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>What&nbsp;I would suggest to do is to =
check if your=20
_GC_ server is listening on port 6004 - there is a registry key for that =
(for=20
NTDS service) described in KB.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Run the TCPView utility on all servers =
to check if=20
they are all listening on all necessary ports.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Another suggestion is to verify that =
your front end=20
FQDN exactly matches the name on the certificate. This might be a =
problem. If=20
for some reason tehy don't match, you can create a CNAME in your DNS =
matching=20
the name on a certificate, and use this name in Outlook client=20
confiiguration.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Well, and I assume you haven't =
installed a=20
certificate on the back-end, right? :)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Good luck,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Boris</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Bill Schleifer" &lt;<A=20
  href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
  message <A=20
  =
href=3D"news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl">news:OV7aeZU7EHA.2032=
@tk2msftngp13.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>Yes, the RPC virtual directory is set =
up the same=20
  as the others.&nbsp; And the outlook client is set up for basic=20
  authentication. I am using Ex2K3 SP1 on both the front and the back=20
  ends.&nbsp; And regarding the registry entry for valid ports, I guess =
it must=20
  be right with the back end for all three ports -- if I modify it, it =
quickly=20
  gets changed back to the back end server for all three.&nbsp; The =
system must=20
  be controlling that registry entry.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
  <BLOCKQUOTE dir=3Dltr=20
  style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
    <DIV>"Ben Winzenz [Exchange MVP]" &lt;<A=20
    =
href=3D"mailto:ben_winzenz@NOSPAMdotmessageonedotcom">ben_winzenz@NOSPAMd=
otmessageonedotcom</A>&gt;=20
    wrote in message <A=20
    =
href=3D"news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl">news:esMYJQT7EHA.3504=
@TK2MSFTNGP12.phx.gbl</A>...</DIV>
    <DIV><FONT face=3DArial size=3D2>What about the RPC virtual =
directory?&nbsp;=20
    Also, is the Outlook client set up to use Basic to authenticate, or=20
    NTLM?&nbsp; NTLM won't work through a firewall.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT face=3DArial size=3D2>Have you applied Exchange 2003 =
SP1?&nbsp; It=20
    makes RPC/HTTP(s) tons easier by doing the configuration work for=20
    you.</FONT></DIV>
    <DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
    <DIV>&nbsp;</DIV>
    <DIV>&nbsp;</DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_004C_01C4ED07.02416290--

0
msexpert1 (171)
12/29/2004 1:59:43 AM
This is a multi-part message in MIME format.

------=_NextPart_000_0DA8_01C4ED40.27592520
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Thank you for replying, Boris.  I had not used that registry entry, so I =
checked using TCPView and didn't see 6004.  I put the registry entry in =
all the Global Catalog servers (and could see that they were now =
listening on 6004).  The reaction was the same as I originally =
described.  The certificate and the FQDN do match exactly.  And yes, I =
do have a certificate on the back end as it has been the active OWA (and =
continues to be until I get this all figured out).  Does that cause a =
problem?  I removed it and tried to connect, both before I put the =
registry entries in and after-- got the same result.  (So I reassigned =
it to the OWA)

Thanks again and if you can think of anything else, I'd sure appreciate =
it,

Bill
  "Boris Lokhvitsky" <msexpert@community.nospam> wrote in message =
news:uKdaRoU7EHA.4072@TK2MSFTNGP10.phx.gbl...
  You are correct. In Exchange 2003 SP1, this registry key is controlled =
by the system, so it makes no sense to try to change it.
  What I would suggest to do is to check if your _GC_ server is =
listening on port 6004 - there is a registry key for that (for NTDS =
service) described in KB.
  Run the TCPView utility on all servers to check if they are all =
listening on all necessary ports.
  Another suggestion is to verify that your front end FQDN exactly =
matches the name on the certificate. This might be a problem. If for =
some reason tehy don't match, you can create a CNAME in your DNS =
matching the name on a certificate, and use this name in Outlook client =
confiiguration.
  Well, and I assume you haven't installed a certificate on the =
back-end, right? :)

  Good luck,
  Boris
    "Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl...
    Yes, the RPC virtual directory is set up the same as the others.  =
And the outlook client is set up for basic authentication. I am using =
Ex2K3 SP1 on both the front and the back ends.  And regarding the =
registry entry for valid ports, I guess it must be right with the back =
end for all three ports -- if I modify it, it quickly gets changed back =
to the back end server for all three.  The system must be controlling =
that registry entry.

    Bill
      "Ben Winzenz [Exchange MVP]" =
<ben_winzenz@NOSPAMdotmessageonedotcom> wrote in message =
news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl...
      What about the RPC virtual directory?  Also, is the Outlook client =
set up to use Basic to authenticate, or NTLM?  NTLM won't work through a =
firewall.

      Have you applied Exchange 2003 SP1?  It makes RPC/HTTP(s) tons =
easier by doing the configuration work for you.

      --=20
      Ben Winzenz
      Exchange MVP


------=_NextPart_000_0DA8_01C4ED40.27592520
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Thank you for replying, Boris.&nbsp; I =
had not used=20
that registry entry, so I checked using TCPView and didn't see =
6004.&nbsp; I put=20
the registry entry in all the Global Catalog servers (and could see that =
they=20
were now listening on 6004).&nbsp; The reaction was the same as I =
originally=20
described.&nbsp; The certificate and the FQDN do match exactly.&nbsp; =
And yes, I=20
do have a certificate on the back end as it has been the active OWA (and =

continues to be until I get this all figured out).&nbsp; Does that cause =
a=20
problem?&nbsp; I removed it and tried to connect, both before I put the =
registry=20
entries in and after-- got the same result.&nbsp; (So I reassigned it to =
the=20
OWA)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Thanks again and if you can think of =
anything else,=20
I'd sure appreciate it,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Boris Lokhvitsky" &lt;<A=20
  =
href=3D"mailto:msexpert@community.nospam">msexpert@community.nospam</A>&g=
t;=20
  wrote in message <A=20
  =
href=3D"news:uKdaRoU7EHA.4072@TK2MSFTNGP10.phx.gbl">news:uKdaRoU7EHA.4072=
@TK2MSFTNGP10.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>You are correct. In Exchange 2003 =
SP1, this=20
  registry key is controlled by the system, so it makes no sense to try =
to=20
  change it.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>What&nbsp;I would suggest to do is to =
check if=20
  your _GC_ server is listening on port 6004 - there is a registry key =
for that=20
  (for NTDS service) described in KB.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>Run the TCPView utility on all =
servers to check=20
  if they are all listening on all necessary ports.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>Another suggestion is to verify that =
your front=20
  end FQDN exactly matches the name on the certificate. This might be a =
problem.=20
  If for some reason tehy don't match, you can create a CNAME in your =
DNS=20
  matching the name on a certificate, and use this name in Outlook =
client=20
  confiiguration.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>Well, and I assume you haven't =
installed a=20
  certificate on the back-end, right? :)</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Good luck,</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>Boris</FONT></DIV>
  <BLOCKQUOTE dir=3Dltr=20
  style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
    <DIV>"Bill Schleifer" &lt;<A=20
    href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
    message <A=20
    =
href=3D"news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl">news:OV7aeZU7EHA.2032=
@tk2msftngp13.phx.gbl</A>...</DIV>
    <DIV><FONT face=3DArial size=3D2>Yes, the RPC virtual directory is =
set up the=20
    same as the others.&nbsp; And the outlook client is set up for basic =

    authentication. I am using Ex2K3 SP1 on both the front and the back=20
    ends.&nbsp; And regarding the registry entry for valid ports, I =
guess it=20
    must be right with the back end for all three ports -- if I modify =
it, it=20
    quickly gets changed back to the back end server for all =
three.&nbsp; The=20
    system must be controlling that registry entry.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
    <BLOCKQUOTE dir=3Dltr=20
    style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
      <DIV>"Ben Winzenz [Exchange MVP]" &lt;<A=20
      =
href=3D"mailto:ben_winzenz@NOSPAMdotmessageonedotcom">ben_winzenz@NOSPAMd=
otmessageonedotcom</A>&gt;=20
      wrote in message <A=20
      =
href=3D"news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl">news:esMYJQT7EHA.3504=
@TK2MSFTNGP12.phx.gbl</A>...</DIV>
      <DIV><FONT face=3DArial size=3D2>What about the RPC virtual =
directory?&nbsp;=20
      Also, is the Outlook client set up to use Basic to authenticate, =
or=20
      NTLM?&nbsp; NTLM won't work through a firewall.</FONT></DIV>
      <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
      <DIV><FONT face=3DArial size=3D2>Have you applied Exchange 2003 =
SP1?&nbsp; It=20
      makes RPC/HTTP(s) tons easier by doing the configuration work for=20
      you.</FONT></DIV>
      <DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
      <DIV>&nbsp;</DIV>
      =
<DIV>&nbsp;</DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0DA8_01C4ED40.27592520--

0
bschleifer (15)
12/29/2004 5:48:45 AM
This is a multi-part message in MIME format.

------=_NextPart_000_007E_01C4ED88.1C0C4D80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Oops. The reason I put a smiley after my last sentence was that you =
should _NOT_ put a certificate on the back-end. This is most probably =
the reason why your RPC/HTTPS does not work. This is the basic thing. =
Every paper states that you use certificate on the front-end only, to =
secure client-server communications; if you want to secure front-end / =
back-end server communications, you should implement IPSec.
For OWA, you are supposed to use front-end servers as well.

Regards and good luck,
Boris


  "Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:%23ZCSXoW7EHA.3148@TK2MSFTNGP10.phx.gbl...
  Thank you for replying, Boris.  I had not used that registry entry, so =
I checked using TCPView and didn't see 6004.  I put the registry entry =
in all the Global Catalog servers (and could see that they were now =
listening on 6004).  The reaction was the same as I originally =
described.  The certificate and the FQDN do match exactly.  And yes, I =
do have a certificate on the back end as it has been the active OWA (and =
continues to be until I get this all figured out).  Does that cause a =
problem?  I removed it and tried to connect, both before I put the =
registry entries in and after-- got the same result.  (So I reassigned =
it to the OWA)

  Thanks again and if you can think of anything else, I'd sure =
appreciate it,

  Bill
    "Boris Lokhvitsky" <msexpert@community.nospam> wrote in message =
news:uKdaRoU7EHA.4072@TK2MSFTNGP10.phx.gbl...
    You are correct. In Exchange 2003 SP1, this registry key is =
controlled by the system, so it makes no sense to try to change it.
    What I would suggest to do is to check if your _GC_ server is =
listening on port 6004 - there is a registry key for that (for NTDS =
service) described in KB.
    Run the TCPView utility on all servers to check if they are all =
listening on all necessary ports.
    Another suggestion is to verify that your front end FQDN exactly =
matches the name on the certificate. This might be a problem. If for =
some reason tehy don't match, you can create a CNAME in your DNS =
matching the name on a certificate, and use this name in Outlook client =
confiiguration.
    Well, and I assume you haven't installed a certificate on the =
back-end, right? :)

    Good luck,
    Boris
      "Bill Schleifer" <bschleifer@rivier.edu> wrote in message =
news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl...
      Yes, the RPC virtual directory is set up the same as the others.  =
And the outlook client is set up for basic authentication. I am using =
Ex2K3 SP1 on both the front and the back ends.  And regarding the =
registry entry for valid ports, I guess it must be right with the back =
end for all three ports -- if I modify it, it quickly gets changed back =
to the back end server for all three.  The system must be controlling =
that registry entry.

      Bill
        "Ben Winzenz [Exchange MVP]" =
<ben_winzenz@NOSPAMdotmessageonedotcom> wrote in message =
news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl...
        What about the RPC virtual directory?  Also, is the Outlook =
client set up to use Basic to authenticate, or NTLM?  NTLM won't work =
through a firewall.

        Have you applied Exchange 2003 SP1?  It makes RPC/HTTP(s) tons =
easier by doing the configuration work for you.

        --=20
        Ben Winzenz
        Exchange MVP


------=_NextPart_000_007E_01C4ED88.1C0C4D80
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1476" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Oops. The reason I put a smiley after =
my last=20
sentence was that you should _NOT_ put a certificate on the back-end. =
This is=20
most probably the reason why your RPC/HTTPS does not work. This is the =
basic=20
thing. Every paper states that you use certificate on the front-end =
only, to=20
secure client-server communications; if you want to secure front-end / =
back-end=20
server communications, you should implement IPSec.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>For OWA, you are supposed to use =
front-end servers=20
as well.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Regards and good luck,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Boris</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Bill Schleifer" &lt;<A=20
  href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
  message <A=20
  =
href=3D"news:%23ZCSXoW7EHA.3148@TK2MSFTNGP10.phx.gbl">news:%23ZCSXoW7EHA.=
3148@TK2MSFTNGP10.phx.gbl</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>Thank you for replying, Boris.&nbsp; =
I had not=20
  used that registry entry, so I checked using TCPView and didn't see=20
  6004.&nbsp; I put the registry entry in all the Global Catalog servers =
(and=20
  could see that they were now listening on 6004).&nbsp; The reaction =
was the=20
  same as I originally described.&nbsp; The certificate and the FQDN do =
match=20
  exactly.&nbsp; And yes, I do have a certificate on the back end as it =
has been=20
  the active OWA (and continues to be until I get this all figured =
out).&nbsp;=20
  Does that cause a problem?&nbsp; I removed it and tried to connect, =
both=20
  before I put the registry entries in and after-- got the same =
result.&nbsp;=20
  (So I reassigned it to the OWA)</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Thanks again and if you can think of =
anything=20
  else, I'd sure appreciate it,</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
  <BLOCKQUOTE dir=3Dltr=20
  style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
    <DIV>"Boris Lokhvitsky" &lt;<A=20
    =
href=3D"mailto:msexpert@community.nospam">msexpert@community.nospam</A>&g=
t;=20
    wrote in message <A=20
    =
href=3D"news:uKdaRoU7EHA.4072@TK2MSFTNGP10.phx.gbl">news:uKdaRoU7EHA.4072=
@TK2MSFTNGP10.phx.gbl</A>...</DIV>
    <DIV><FONT face=3DArial size=3D2>You are correct. In Exchange 2003 =
SP1, this=20
    registry key is controlled by the system, so it makes no sense to =
try to=20
    change it.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2>What&nbsp;I would suggest to do is =
to check if=20
    your _GC_ server is listening on port 6004 - there is a registry key =
for=20
    that (for NTDS service) described in KB.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2>Run the TCPView utility on all =
servers to check=20
    if they are all listening on all necessary ports.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2>Another suggestion is to verify =
that your front=20
    end FQDN exactly matches the name on the certificate. This might be =
a=20
    problem. If for some reason tehy don't match, you can create a CNAME =
in your=20
    DNS matching the name on a certificate, and use this name in Outlook =
client=20
    confiiguration.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2>Well, and I assume you haven't =
installed a=20
    certificate on the back-end, right? :)</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT face=3DArial size=3D2>Good luck,</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2>Boris</FONT></DIV>
    <BLOCKQUOTE dir=3Dltr=20
    style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
      <DIV>"Bill Schleifer" &lt;<A=20
      =
href=3D"mailto:bschleifer@rivier.edu">bschleifer@rivier.edu</A>&gt; =
wrote in=20
      message <A=20
      =
href=3D"news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl">news:OV7aeZU7EHA.2032=
@tk2msftngp13.phx.gbl</A>...</DIV>
      <DIV><FONT face=3DArial size=3D2>Yes, the RPC virtual directory is =
set up the=20
      same as the others.&nbsp; And the outlook client is set up for =
basic=20
      authentication. I am using Ex2K3 SP1 on both the front and the =
back=20
      ends.&nbsp; And regarding the registry entry for valid ports, I =
guess it=20
      must be right with the back end for all three ports -- if I modify =
it, it=20
      quickly gets changed back to the back end server for all =
three.&nbsp; The=20
      system must be controlling that registry entry.</FONT></DIV>
      <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
      <DIV><FONT face=3DArial size=3D2>Bill</FONT></DIV>
      <BLOCKQUOTE dir=3Dltr=20
      style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
        <DIV>"Ben Winzenz [Exchange MVP]" &lt;<A=20
        =
href=3D"mailto:ben_winzenz@NOSPAMdotmessageonedotcom">ben_winzenz@NOSPAMd=
otmessageonedotcom</A>&gt;=20
        wrote in message <A=20
        =
href=3D"news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl">news:esMYJQT7EHA.3504=
@TK2MSFTNGP12.phx.gbl</A>...</DIV>
        <DIV><FONT face=3DArial size=3D2>What about the RPC virtual =
directory?&nbsp;=20
        Also, is the Outlook client set up to use Basic to authenticate, =
or=20
        NTLM?&nbsp; NTLM won't work through a firewall.</FONT></DIV>
        <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
        <DIV><FONT face=3DArial size=3D2>Have you applied Exchange 2003 =
SP1?&nbsp;=20
        It makes RPC/HTTP(s) tons easier by doing the configuration work =
for=20
        you.</FONT></DIV>
        <DIV><BR>-- <BR>Ben Winzenz<BR>Exchange MVP</DIV>
        <DIV>&nbsp;</DIV>
        =
<DIV>&nbsp;</DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BO=
DY></HTML>

------=_NextPart_000_007E_01C4ED88.1C0C4D80--

0
msexpert1 (171)
12/29/2004 5:23:51 PM
Okay.  I got it working with the help of Gwen from Microsoft PSS.  For 
reasons that neither of us can even guess at, the rpcproxy.dll was listed in 
the wrong directory under Web Service Extentions in IIS.  The path should 
have been C:\\windows\system32\rpcproxy\rpcproxy.dll.  Instead, it was 
listed in both the general tab and the required files tab as 
C:\\windows\system32\rpcproxy.dll.  We corrected the problem under required 
files and the system works.  Oddly enough, under the general tab, it is 
still listed incorrectly -- even after restarting everything. (Perhaps it 
will correct on a reboot. . .)  At any rate, it's something they hadn't seen 
before, so it may be  something new. It is a brand new server and everything 
was installd, essentially, to the default.

By the way, for Boris.  It will work, in fact, with a certificate on the 
back-end.  What you can't do is set it to require SSL.  The only reaons it 
became an issue for me is because until the new server, the front end, was 
working properly, my users were still accessing OWA directly on the 
back-end.   With SSL not required, they can still check their mail until I 
get the word out on the new way to access OWA and the RPC over HTTP works.

Thanks to those who tried to help!  I really appreciate it.  And Happy New 
Year!

Bill Schleifer




"Boris Lokhvitsky" <msexpert@community.nospam> wrote in message 
news:OwnLrsc7EHA.2540@TK2MSFTNGP09.phx.gbl...
Oops. The reason I put a smiley after my last sentence was that you should 
_NOT_ put a certificate on the back-end. This is most probably the reason 
why your RPC/HTTPS does not work. This is the basic thing. Every paper 
states that you use certificate on the front-end only, to secure 
client-server communications; if you want to secure front-end / back-end 
server communications, you should implement IPSec.
For OWA, you are supposed to use front-end servers as well.

Regards and good luck,
Boris


"Bill Schleifer" <bschleifer@rivier.edu> wrote in message 
news:%23ZCSXoW7EHA.3148@TK2MSFTNGP10.phx.gbl...
Thank you for replying, Boris.  I had not used that registry entry, so I 
checked using TCPView and didn't see 6004.  I put the registry entry in all 
the Global Catalog servers (and could see that they were now listening on 
6004).  The reaction was the same as I originally described.  The 
certificate and the FQDN do match exactly.  And yes, I do have a certificate 
on the back end as it has been the active OWA (and continues to be until I 
get this all figured out).  Does that cause a problem?  I removed it and 
tried to connect, both before I put the registry entries in and after-- got 
the same result.  (So I reassigned it to the OWA)

Thanks again and if you can think of anything else, I'd sure appreciate it,

Bill
"Boris Lokhvitsky" <msexpert@community.nospam> wrote in message 
news:uKdaRoU7EHA.4072@TK2MSFTNGP10.phx.gbl...
You are correct. In Exchange 2003 SP1, this registry key is controlled by 
the system, so it makes no sense to try to change it.
What I would suggest to do is to check if your _GC_ server is listening on 
port 6004 - there is a registry key for that (for NTDS service) described in 
KB.
Run the TCPView utility on all servers to check if they are all listening on 
all necessary ports.
Another suggestion is to verify that your front end FQDN exactly matches the 
name on the certificate. This might be a problem. If for some reason tehy 
don't match, you can create a CNAME in your DNS matching the name on a 
certificate, and use this name in Outlook client confiiguration.
Well, and I assume you haven't installed a certificate on the back-end, 
right? :)

Good luck,
Boris
"Bill Schleifer" <bschleifer@rivier.edu> wrote in message 
news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl...
Yes, the RPC virtual directory is set up the same as the others.  And the 
outlook client is set up for basic authentication. I am using Ex2K3 SP1 on 
both the front and the back ends.  And regarding the registry entry for 
valid ports, I guess it must be right with the back end for all three 
ports -- if I modify it, it quickly gets changed back to the back end server 
for all three.  The system must be controlling that registry entry.

Bill
"Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote 
in message news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl...
What about the RPC virtual directory?  Also, is the Outlook client set up to 
use Basic to authenticate, or NTLM?  NTLM won't work through a firewall.

Have you applied Exchange 2003 SP1?  It makes RPC/HTTP(s) tons easier by 
doing the configuration work for you.

-- 
Ben Winzenz
Exchange MVP 


0
bschleifer (15)
12/31/2004 11:28:55 PM
Thanks for the update Bill, and I am glad you were able to get things
working.

As for the certificate on the back-end - yes indeed I meant you should not
require SSL on it. Why else might you need a certificate? :)

Happy New Year,
Boris


"Bill Schleifer" <bschleifer@rivier.edu> wrote in message
news:uVP3BC57EHA.1400@TK2MSFTNGP11.phx.gbl...
> Okay.  I got it working with the help of Gwen from Microsoft PSS.  For
> reasons that neither of us can even guess at, the rpcproxy.dll was listed
in
> the wrong directory under Web Service Extentions in IIS.  The path should
> have been C:\\windows\system32\rpcproxy\rpcproxy.dll.  Instead, it was
> listed in both the general tab and the required files tab as
> C:\\windows\system32\rpcproxy.dll.  We corrected the problem under
required
> files and the system works.  Oddly enough, under the general tab, it is
> still listed incorrectly -- even after restarting everything. (Perhaps it
> will correct on a reboot. . .)  At any rate, it's something they hadn't
seen
> before, so it may be  something new. It is a brand new server and
everything
> was installd, essentially, to the default.
>
> By the way, for Boris.  It will work, in fact, with a certificate on the
> back-end.  What you can't do is set it to require SSL.  The only reaons it
> became an issue for me is because until the new server, the front end, was
> working properly, my users were still accessing OWA directly on the
> back-end.   With SSL not required, they can still check their mail until I
> get the word out on the new way to access OWA and the RPC over HTTP works.
>
> Thanks to those who tried to help!  I really appreciate it.  And Happy New
> Year!
>
> Bill Schleifer
>
>
>
>
> "Boris Lokhvitsky" <msexpert@community.nospam> wrote in message
> news:OwnLrsc7EHA.2540@TK2MSFTNGP09.phx.gbl...
> Oops. The reason I put a smiley after my last sentence was that you should
> _NOT_ put a certificate on the back-end. This is most probably the reason
> why your RPC/HTTPS does not work. This is the basic thing. Every paper
> states that you use certificate on the front-end only, to secure
> client-server communications; if you want to secure front-end / back-end
> server communications, you should implement IPSec.
> For OWA, you are supposed to use front-end servers as well.
>
> Regards and good luck,
> Boris
>
>
> "Bill Schleifer" <bschleifer@rivier.edu> wrote in message
> news:%23ZCSXoW7EHA.3148@TK2MSFTNGP10.phx.gbl...
> Thank you for replying, Boris.  I had not used that registry entry, so I
> checked using TCPView and didn't see 6004.  I put the registry entry in
all
> the Global Catalog servers (and could see that they were now listening on
> 6004).  The reaction was the same as I originally described.  The
> certificate and the FQDN do match exactly.  And yes, I do have a
certificate
> on the back end as it has been the active OWA (and continues to be until I
> get this all figured out).  Does that cause a problem?  I removed it and
> tried to connect, both before I put the registry entries in and after-- 
got
> the same result.  (So I reassigned it to the OWA)
>
> Thanks again and if you can think of anything else, I'd sure appreciate
it,
>
> Bill
> "Boris Lokhvitsky" <msexpert@community.nospam> wrote in message
> news:uKdaRoU7EHA.4072@TK2MSFTNGP10.phx.gbl...
> You are correct. In Exchange 2003 SP1, this registry key is controlled by
> the system, so it makes no sense to try to change it.
> What I would suggest to do is to check if your _GC_ server is listening on
> port 6004 - there is a registry key for that (for NTDS service) described
in
> KB.
> Run the TCPView utility on all servers to check if they are all listening
on
> all necessary ports.
> Another suggestion is to verify that your front end FQDN exactly matches
the
> name on the certificate. This might be a problem. If for some reason tehy
> don't match, you can create a CNAME in your DNS matching the name on a
> certificate, and use this name in Outlook client confiiguration.
> Well, and I assume you haven't installed a certificate on the back-end,
> right? :)
>
> Good luck,
> Boris
> "Bill Schleifer" <bschleifer@rivier.edu> wrote in message
> news:OV7aeZU7EHA.2032@tk2msftngp13.phx.gbl...
> Yes, the RPC virtual directory is set up the same as the others.  And the
> outlook client is set up for basic authentication. I am using Ex2K3 SP1 on
> both the front and the back ends.  And regarding the registry entry for
> valid ports, I guess it must be right with the back end for all three
> ports -- if I modify it, it quickly gets changed back to the back end
server
> for all three.  The system must be controlling that registry entry.
>
> Bill
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
> in message news:esMYJQT7EHA.3504@TK2MSFTNGP12.phx.gbl...
> What about the RPC virtual directory?  Also, is the Outlook client set up
to
> use Basic to authenticate, or NTLM?  NTLM won't work through a firewall.
>
> Have you applied Exchange 2003 SP1?  It makes RPC/HTTP(s) tons easier by
> doing the configuration work for you.
>
> -- 
> Ben Winzenz
> Exchange MVP
>
>


0
msexpert1 (171)
1/4/2005 5:58:15 PM
Reply:

Similar Artilces:

sumifs help
I have the following formula. =SUMIFS(Table1[2],$A$11:$A$22,$A38,$B$11:$B$22,$B38) It now needs to be changed to a formula that can handle text instead of numbers. How do i do it? Use Countif instead of Sumif from =SUMIF(Table1[2],$A$11:$A$22,$A38,$B$11:$B$22,$B38) to =CountIF(Table1[2],$A$11:$A$22,$A38,$B$11:$B$22,$B38) Do you really have a function Countifs with an "S" at the end? thie maybe an UDF that needs to be modified. -- joel ------------------------------------------------------------------------ joel's Profile: 229 View this th...

Help !
I need to create a data input screen on excel where multiple users at the same time will use them & input data. This data then needs to be stored as a database as well, where i can use it to understand trends Thank you. and the question is ...? <abrahamsaj@gmail.com> wrote in message news:1132155054.927936.191640@z14g2000cwz.googlegroups.com... >I need to create a data input screen on excel where multiple users > at the same time will use them & input data. > This data then needs to be stored as a database as well, where i can > use it to understand trends >...

Help with this thing
It was working in the window "Transactions >> Sales >> Transactions of Sales", but exactly were publishing a Quotation, which i wanna print, more nevertheless was shut up to me network, then I closed the window and it threw several messages to me of error, and from that then it was blocked the quotation that was working. My question is as I can unblock this document? ...

Help with Outlook Setup!!!
I have XP Professional installed and Office XP Professional. I have several users setup for kids, as well as my admin account. I want to setup a Limited Account in addition to the Admin account for myself for daily use. Am I just suppose to pick a different account name and login password and then setup my MSN Messenger and Outlook POP email with same username and password that I used to setup the Admin account? I don't need to share any contacts or anything, I just setup the admin email in order to setup Outlook. I want to input my contact info etc., into the Limited account and use ...

sequence numbers #2
how i can put sequence number after applying filter. if anyone can help me on this matter, i'll be very thankful. If your list begins in cell A1.... Insert a column and put SEQ in the "new" cell A1. Then put this formula in Cell A2 and copy down: =SUBTOTAL(3,B$2:B2) Now filter your list. That formula will count the number of non-blank, visible cells. Note the dollar sign in the formula. Cell A3 will count the non-blank, visible cells from A2:A3. Cell A5 will count them from A2:A5, etc. Does that help? -- Regards, Ron "Ashley" wrote: > how i can put se...

HELP !!! I have a ARRAY Formula HELP !!!
Hello, Here is the ARRAY Formula I have and this is what I am using it for. The situation is that it worked 1 time and than not again. =INDEX(D48:K48,,MAX(IF(D48:K48<>"",COLUMN(D48:K48)))-COLUMN(D48)+1 Duty: I have a row of number that appear hourly (DOLLAR AMOUNTS), the numbe are anything from nothing to 10000. I want the hourly number to appea in specified cell. Here is an example. (I am using EXCEL 2000) Row D48:K48 answer in cell G2 1st hour D48 = $100.00 G2 Should be $100.00 2nd Hour D48 = $100.00 E48 = (nothing) G2 Should be (nothing) 3rd Hour D48 = $1...

exch 5.5 help
I am in a progress to upgrade Exchange 5.5 (on NT4) to Exhange 2k3 (on 2k3). I setup a test machine and upgrade the OS to w2k3. 1st I want to connect the 5.5 to AD, so I should install ADC. Can anyone tell me the steps? Frorestprep, domainprep, setup adc, and upgrade to exchange 2k3? If you run through the steps in the E2K3 deployment tools they will walk you through everything. -- Hope that helps. ------------------------- Jaclynn Hiranaka Enterprise Messaging Support This posting is provided "AS IS" with no warranties, and confers no rights. � 2004 Microsoft Corporation. Al...

1 email account, 2 mail address, 2 computers, Outlook 2000
Hi I have 1 email account, with is shared between me and my girlfreind, we each have our own email address, but all our mails go in to one joint inbox, using something called Email Alias, that our ISP use. The problem is that we get each others mails, and we would like to setup a rule so that the mails not intented for the person that recives them is automaticly deleted in his/her outlook and is left on the server so the other can get it when checking their mail. I have been looking for guides to do this for a while and have been able to find a few for Outlook 2002 and 2003, but none for th...

Help with Formula Please 02-19-10
Need a Formula for the following: Data Table A B C D E F G H I 1 Tom A W 2 H 30 84 30 2 Peter A W 3 H 3 Nick B L 1 A 70 Columns F1:I3 from Data Table has break scores for each player. Below is the Result Table where I need to show a summary report for high breaks. I have no problem with Break as I use the Large function. I need a formula to insert in A1 and A2 to place the name for the corresponding breaks below. Result Table High Breaks A B Name Break 1 ...

Need help in data copying.
Hi I have an invoicing file in excel (Sheet1). I need to store the dat which is invoiced into another sheet. My Invoice Data starting from Ro 8 and column B to F (The first item is from B8-F8, second item i B9-F9). B-Item Code, C-Item Name, D-Qty, E-Price, F-Total. Once I print the invoice, I need to transfer the data to another shee (Sheet2) . When I create another invoice, the new data should be added below t the previous data in Sheet2. So that I can have all the items I sol in Sheet2. Can someone help me sending a macro for it??? I will be grateful to you. Thanks in advance Tom -...

help...help...help
I just installed Microsoft Office XP Professionaql with no problem. However, whenever I try to perform any task such as opening contacts area in order to create an entry, I receive a dialog box with Microsoft Outlook and a yellow exclamation point. Also, included in the dialog box are the words could not open the item, try again. Other information that might be important is that I use a pst file. The error message also occurs when I try to open the Contact folder from the folder list as well as when I try to perform any function. It was a clean install not an upgrade. Could you ...

Macro Help
Hi, I had alot of help yesterday from Jacob with the following macro, but am getting a 'run time error 13' when trying to run the macro, and i cannot see why. Any help much appreciated Sub OLApp() Dim objOL As Object, objApp As Object, lngRow As Long Set objOL = CreateObject("Outlook.Application") For lngRow = 9 To Cells(Rows.Count, "A").End(xlUp).Row If Range("E" & lngRow) = "" Then Set objApp = objOL.CreateItem(1) With objApp ..Subject = "Change Password for system" & Range("A" & lngRow)...

#REF #2
I am using Excell 2002 at the office. I have a problem viewing a spreadsheet that a coworker sent me, which she prepared in Excell 2000. Some of the cells display #REF, instead of the formula value. Any ideas on how to resolve this would beappreciated. Thanks. Barry You may be missing an add-in such as the Analysis ToolPak Navigate: Tools,Addin "Barry" wrote: > I am using Excell 2002 at the office. I have a problem viewing a spreadsheet > that a coworker sent me, which she prepared in Excell 2000. Some of the > cells display #REF, instead of the formula valu...

Reg hiding such parameters in the properties of the mail #2
hi , I am using the outlook 2003 client for sending the email. when it reaches the destination end, the destined user is easily identifying the parameters like, from where the mail is coming like, public ip, machine name, and local ip address of the system which the mail is originated.. so i do not want to publisize such parameters to the outside world.. so how would i adjust the oulook such a way it should not take such parameters while sending the emails. i shal be thankfull if u help me on this! thanks in advance rizwan <rizwan_mk@hotmail.com> wrote in message news:#8ikqBqv...

help me #2
how to restrict entering of same values or data in excel cell Hi if you mean the 'preventing of duplicate entries' you may check the following site http://www.cpearson.com/excel/NoDupEntry.htm -- Regards Frank Kabel Frankfurt, Germany mangesh khati wrote: > how to restrict entering of same values or data in excel > cell ...

Picklist values #2
Is there a way to display a chosen picklist value from the lead entity in the account entity when the lead is converted to an account? I don't want to have to maintain two picklists just to view the value after the lead is converted. You can get only value through mapping and mapping betweent two field require some validation like both field should have same datatype so if you want to get this value you have to create same picklist in account and then you can set mapping for the same "Wendy" wrote: > Is there a way to display a chosen picklist value from the lead ent...

Problem with LeadTools CreateWindow inCFormView -Help !!!
Hi , I have been using LeadTools in Visual Studio 2005. I have a tabctrl and dialogs in each tab and developed using CFormView. So a tabCtrl is a child of CFromView and tab1 is a child of TabCtrl. I want to insert a LEAD control in one of the tabs .i.e, Dialog.I am unable to insert a leadcontrol but inserting a control in the view was easy.The problem is I am not able to get the HWND associated to a particular dialog which is super child of View. Can somebody help me in creating a lead control in the dialog configdlg .h LAnnotationWindow m_LAnnoWnd; FormView.cpp CMyTabCtrl m_myCtrlTab; ...

HelpProvider and HTML Help interaction
I have an application with a .chm help-file. But I have some questions about the behaviour of the help-window. I use a modal application window and I can start the help. The help windows appears but it is allways in foreground of my application window. I can set the input focus on my window, the help window becomes inactive but I cannot move my window over the help window. So I have to close the help window or minimize it or move it aside of my application window when I want to go on in my application. The other problem is when I minimize the help window and then open a dialog...

CString help
I'm looking at a website on CString Management: http://www.codeproject.com:80/string/cstringmgmt.asp In the section entitled, "CString to char * II: Using GetBuffer," the author stresses calling ReleaseBuffer after calling GetBuffer. Is this always necessary? I often use CString::GetBuffer when using CStrings in MessageBox dialogs like so: MessageBox(m_hWnd, cString.GetBuffer(0), lpTitle, MB_OK); Should I be adding a ReleaseBuffer after a MessageBox call? Should I be passing my string data to the MessageBox in another way? Regards, Joe > Is this always necessary?...

Your Help is Appreciated
Dear all I am using MS Excel 2003 and I am trying to plot a graph/chart/graphical representation of the following: I would like to somehow plot : Time Price Meetings 16/09/2002 23/09/2002 225 27-Sep-02 30/09/2002 07/10/2002 14/10/2002 368 21/10/2002 23-Oct-02 28/10/2002 04/11/2002 354 11/11/2002 18/11/2002 235 25/11/2002 02/12/2002 I dont mind how the data is displayed but I envisaged some kind of bar chart to represent the prices and a line chart / crosses to indicate the dates of the meetings. Can anyone help with this or am I being stupid? Thanks for everything i...

Money-Changing Account number to handle Vanguard changes
Hi: Vanguard has changed the account numbers for its brokerage accounts. This has caused money to download brand new accounts with nothing in them and stop updating my old account numbered accounts. I changed the account numbers in Account Detail page but still not working. Anyone who has any info on what I'm missing please pass along. I cannot lose years and years of past data by just switching to the newly downloaded accounts. Greg PS: Microsoft Money Plus Premium, most recent version On the old accounts, turn off on-line updates. You should then be able to merge the old accoun...

Sort Macro #2
I recorded this macro to sort a list according to a custom list. The problem I have is that it does not sort on another users Excel because they don't have the same customs list. Is there a way round this problem? Sub Macro1() Columns("N:N").Select Selection.Sort Key1:=Range("N1"), Order1:=xlDescending, Header:=xlGuess, _ OrderCustom:=12, MatchCase:=False, Orientation:=xlTopToBottom, _ DataOption1:=xlSortNormal End Sub Hi! Application.AddCustomList ListArray:=Range("A1:A10") will add a custo list to a workbook using a range y...

bcc help
can't seem to send mail to bcc? I copied e-mail addresses from an excel spreadsheet and pasted the into the bcc header. I made sure there was coma between each. I entered the form letter and "from" and "to" and "subject" fields an sent the mail. The "to" received the mail but the bcc did NOT receive the mail. What did I do wrong ----------------------------------------------- ~~ Message posted from http://www.ExcelTip.com ~~View and post usenet messages directly from http://www.ExcelForum.com ...

Rules Wizard Help
I have a rule in the Rules Wizard that forwards on an email to distribution list that is received from a certain person. I would like to have a rule that forwards on this email, but I woul like to forward it with some set text as well. For example, the email shows after being forwarded by the rule: > ---------- > From: Person1 > Sent: Friday, February 20, 2004 6:52:37 AM > To: DistributionList > Subject: DISCOVERER SHOULD NOW BE AVAILABLE > Auto forwarded by a Rule > > DISCOVERER SHOULD NOW BE AVAILABLE However, after I would like it to forward some text as ...

More help with formula
I need 2 formulas for the following: Problem 1: Columns "c" thru "g" contain numbers from 1 thru 100. If th numbers is those columns are 50 or less then I the sum to go in on column; then the sum of numbers between 51 to 100 to go into anothe column. Problem 2: Columns "c" thru "g" contain numbers from 1 thru 100. If th individual number 1-100 is used (3 times, 4 times, 5 times, etc.) tota the I need to show the number of times it was used in the columns. For example: If 1 is used 5 times in columns C thru G then the numbe is 5; the same with 2, th...