|
|
SBS with sp2 in place. Exchange on the same box. External access through
Pix.
We have successfully implemented outlook over https for a while and it
works however some new users when setup cannot connect remotely. They
can access via OWA however they cannot connect via HTTPS. They normally
get the error 0x8004011D.
If they are on the LAN then no issues.
We have applied solutions and now we have run into a roadblock and do
not know where to go. Please help
--
gtech
------------------------------------------------------------------------
gtech's Profile: http://forums.techarena.in/members/gtech.htm
View this thread: http://forums.techarena.in/small-business-server/1088209.htm
http://forums.techarena.in
|
|
Hi,
Thanks for your post.
If the clients are using Outlook with PRC over HTTP and issue ONLY occurs
to some of new users NOT all clients/Users, then it should be a client
issue which means it might be a client Outlook configuration or workstation
network connection or client authentication issue.
Sometimes, Outlook 2003 clients fail to connect to Exchange 2003 using RPC
over HTTPS because there is a problem with the certificate assigned to the
destination website. When you connect to an Outlook Web Access website if
there is a problem with the certificate you will receive a pop up box
informing you of what the problem is. With RPC over HTTPS no such pop up
box appears and the connection to the Exchange server fails.
One of the most common explanations for the inability of client PCs to
reach Exchange 2003 Server when using Microsoft Outlook 2003 with RPC over
HTTPS is that the certificate is invalid for one of three common reasons:
1. The certificate name does not match the Internet FQDN of the server
being accessed. For example, the certificate is issued to
"server.domain.local" and the network administrators have published the
site as "webmail.domain.com";
2. The certificate root authority is not trusted by the workstation being
used;
3. The certificate has expired;
Suggestions:
1. Ensure that the certificate shows the correct name. Even if your local
Active Directory domain is "domain.local" you can still generate a Windows
Certificate Authority certificate for "webmail.domain.com" by following the
wizard within IIS Manager.
2. Ensure that the root certificate exists in the "Trusted Root
Certification Authorities" folder on the local PC. The server certificate
does not necessarily have to be imported to the PC but the PC must trust
the root authority. Those PCs that are part of an Active Directory domain
should trust the root certificate as a matter of course but RPC over HTTPS
could just as easily be used by home PCs and PCs that are not part of the
corporate Active Directory forest.
3. Ensure that the certificate remains in date and that network
administrators renew the certificate before expiry.
4. In IIS the properties of the RPC virtual directory => Directory Security
tab, make sure it is set as "ignore client certificates".
5. Reran the CEICW wizard on the SBS server and make sure the created
certificate is correct which the RPC virtual directory uses.
6. Reconfigure the Outlook profile to use RPC over HTTP connection, follow
the instructions in below articles.
Now, please use Outlook /rpcdiag switch to open Outlook in Run box. Please
see in the popup window, if the client can connect to your GC and Exchange
server using HTTPS type.
More related information, please see:
To use Outlook 2003 RPC over HTTPS your client PCs must trust the root
certificate
http://support.microsoft.com/kb/555261/en-us
Troubleshooting RPC over HTTP Communications
http://technet.microsoft.com/en-us/library/bb124649(EXCHG.65).aspx
How can I configure Outlook 2003 to use RPC over HTTP/S?
http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm
How can I configure RPC over HTTP/S on Exchange 2003 (single server
scenario)?
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
How can I test RPC over HTTP/S on Exchange 2003?
http://www.petri.co.il/testing_rpc_over_http_connection.htm
Exchange Server - Remote Connectivity Analyzer
http://www.testexchangeconnectivity.com
Hope this helps.
Best regards,
Robbin Meng(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
Robbin:
First off thank you for taking time to give me such meticulous details.
I am sure folks will benefit from this thread. I will check and follow
what you have indicated and come back to you.
One more specific thing. Only XP professional machines with serive pack
2 and outlook 2003 are doing this. Also, it has so happened on one
laptop that the user was working fine and then the helpdesk folks for
some reason had to redo his profile and the RPC/HTTPS connection stopped
working. Every thing else works except this connection and it was
working fine before the change when it was intially setup on this new
laptop. The exact same thing has happened with another one few months
ago so I think there is some common ground here.
If you have seen this before or rings any bell then it would be of
additional help.
SBS 2003 server with service pack 2 is in place at the server.
Regards
George
--
gtech
------------------------------------------------------------------------
gtech's Profile: http://forums.techarena.in/members/gtech.htm
View this thread: http://forums.techarena.in/small-business-server/1088209.htm
http://forums.techarena.in
|
|
Hi George,
Thanks for response with extra information.
As we discussed, it should be a certain client only issue , so let's focus
on the step 2, 4, 6 to troubleshoot it.
However, I am not very sure about the "redo his profile" you mentioned, do
you mean the helpdesk folks reinstalled the operating system on the laptop?
or deleted the old Outlook Profile and re-created a new Outlook Profile for
PRC over HTTP(RoH)?
If so, please check whether the root CA Digital Certificate is installed on
the client or not. Regarding certificate issue, please refer to the "Very
important note regarding SSL" part in the following link which I have
posted:
To use Outlook 2003 RPC over HTTPS your client PCs must trust the root
certificate
http://support.microsoft.com/kb/555261/en-us
How can I configure Outlook 2003 to use RPC over HTTP/S?
http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm
After checking the root certificate, please re-create a new RoH Outlook
profile and use the following link to test if it works:
How can I test RPC over HTTP/S on Exchange 2003?
http://www.petri.co.il/testing_rpc_over_http_connection.htm
If there is any update or any errors, please let me know the exact symptoms
and error messages.
Best regards,
Robbin Meng(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
|
|
|
|
Hi,
You are welcome George.
Please double confirm to make sure they did use the correct steps to
rejoined the client. Removed the client from SBS server console, disjoined
it to WorkGroup, then add a new client computer in SBS server console, on
the client use http://SBSservername/connectcomputer and following the
Connect Computer Wizard to rejoin the client to SBS domain.
After that, let's re-create a new Outlook profile to use RPC over HTTP
connection by following the steps in the links.
Thanks for your time.
Best regards,
Robbin Meng(MSFT)
|
|
robbin
It was the ceritificate on the client causing the issue. I did not even
create a new profile. All I did first was to check if the certificate
was on the client or not. This is the way I did it:
I used owa on the client and it came back that the certificate was not
trusted. on the right side of the address bar was indicater "certificate
error". I clicked on it there to save the ceritificate on the client by
clicking browse and saving it in the certificate authoritity folder
which shows up after you click browse.
Then I started the HTTPS connection via outlook and it worked.
Thank you for all your help. I really appreciate it. Have a very Happy
New Year!!
--
gtech
------------------------------------------------------------------------
gtech's Profile: http://forums.techarena.in/members/gtech.htm
View this thread: http://forums.techarena.in/small-business-server/1088209.htm
http://forums.techarena.in
|
|
|