Exchange 2003 + Not able to connect via HTTPS

M

marley1

Supreme [H]ardness
Joined
Jul 18, 2000
Messages
5,447
Quick detail of systems:
Server 1 - DC, DNS, DHCP, Company Files
Server 2 - Secondary DC, Exchange
Server 3- BES (when I get the Exchange working properly)

FIrewall - Freeguard 100

Okay so anyway I deployed Exchange 2003 SP1 and it was working internally, but I wanted to get the HTTPS working so I can connect at home without a VPN. I followed http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm and I created a SSL Cert using the CA built into Server 03 R2.

So I went to test and on the LAN I can connect to the Exchange server fine. So I created another profile to test the HTTPS setup. I added the Exchange server went to More Settings and checked Connect to my Exchange mailbox using HTTP and then in the connection settings i have the https://servername.domainname and have it set to Basic Authentication. The outlook /rpcdiag it showing its connected over tcp/ip.

I have checked on Fast or Slow Networks connect using HTTP and it connects still via TCP/IP but under the Req/Fail table it has Fails.

Any suggestions?
 
In the Secure Communications dialog box, click the Require secure channel (SSL) check box, click the Require 128-bit encryption check box, and then click OK.


You did this step right?

Also dont test on your outlook client because SSL is for OWA (outlook web access) not Outlook.
Open a web browser and go to https://servername and if its cnofigured right it should prompt for a username and password
 
shade_star said:
In the Secure Communications dialog box, click the Require secure channel (SSL) check box, click the Require 128-bit encryption check box, and then click OK.


You did this step right?

Also dont test on your outlook client because SSL is for OWA (outlook web access) not Outlook.
Open a web browser and go to https://servername and if its cnofigured right it should prompt for a username and password
Click to expand...


Yes I did that step. I am trying to do HTTPs over RPC so that I can setup Outlook and not have to VPN in.

if i go to http or https://servername/exchange I can get into OWA.

However it isn't asking me for a username and password but it is just going right in. If i log off and go back in it still automatically connects me.

So thats another problem.
 
if you want owa to ask you for password every time you need to disable integrated user authentication, open iis admin go to owa page, directory security, disable integrated and allow basic

as far as the rpc of https goes, did you do the registry modifications? it won't work without it, by default rpc syncing is designed for frontend / backend exchange server scenario if you want it working on single server you have to do some registry modification, I had to do that at work, had the rpc up and running in few hours.
 
axan said:
if you want owa to ask you for password every time you need to disable integrated user authentication, open iis admin go to owa page, directory security, disable integrated and allow basic

as far as the rpc of https goes, did you do the registry modifications? it won't work without it, by default rpc syncing is designed for frontend / backend exchange server scenario if you want it working on single server you have to do some registry modification, I had to do that at work, had the rpc up and running in few hours.
Click to expand...

yeah i have did the reg edits.

its very weird.

I even tried to redo it but still connects via TCP/IP.
 
wait wait, you're trying to test rpc over https from a computer on teh same network as exchange server? that will never work, you have to test it over internet.
 
why shouldn't it work? their is an option under connection settings for fast network or slow networks to connect over HTTP instead of TCP/IP
 
fast slow refers to dialup/broadband not lan/wan anywya rpc over https is designed to allow users to sync their email outside of local network, like for example your road warriors. If client and exchange are on same network outlook will always use regular tcp connection
 
axan said:
wait wait, you're trying to test rpc over https from a computer on teh same network as exchange server? that will never work, you have to test it over internet.
Click to expand...

That statement is inaccurate....You CAN connect to Exchange via RPC over HTTPS while on the LAN. It is true that RPC over HTTPS is usually ment to be used over the Internet, however it does not prevent you from connecting on the LAN.

My advice to the OP is, since you're using a homegrown certificate, make sure your certificate is installed properly (on the server and workstation). To test to see whether your certificate is installed properly, go to your OWA site and if you get ANY prompts (Security Alerts, etc.) about your certificate then RPC will not work. In order for RPC to work properly, you must be able to hit the server (via https) without any security prompts.
 
ac0403 said:
That statement is inaccurate....You CAN connect to Exchange via RPC over HTTPS while on the LAN. It is true that RPC over HTTPS is usually ment to be used over the Internet, however it does not prevent you from connecting on the LAN.

My advice to the OP is, since you're using a homegrown certificate, make sure your certificate is installed properly (on the server and workstation). To test to see whether your certificate is installed properly, go to your OWA site and if you get ANY prompts (Security Alerts, etc.) about your certificate then RPC will not work. In order for RPC to work properly, you must be able to hit the server (via https) without any security prompts.
Click to expand...


That is 100 percent correct ac

It is definetly a cert issue - I have seen this setup many times and it always comes down to a cert error.
 
Make sure you have the proper SSL port forwarded as well.

Port 443 I believe.
 
Okay guys so we bought a SSL from godaddy.

And if i go to https://domain/exchange it works, doesn't prompt and I can login and see the OWA.

So then I went to test HTTPS over lan. I created a profile, entered the local domain name, checked my name, went to More Settings, entered the domain name thats in the cert, and I can connect.

Looking at the connection status the Mail is connected via HTTPS but Directory is not and I have some Fails.

https.JPG


So thats problem #1. Why do i have fails, and why is directory connected over TCP/IP.

Problem #2 - How the hell do you set this up not over lan. I connected to my home computer, it says to enter the internal domain name, and then enter the HTTPS name. SO i did that but it wont accept the user name and password. I enter domainname/user and password no go.

Any suggestions?
 
it's domainname\user , also do you have the right port(443) forwarded to the server?
 
port is fowarded.

what i dont get is why over lan its still connecting directory as tcp/ip and has some fails.

and on the wan side, when i setup outlook, what do i put for hte exchange server? all the guides say to use the internal domain name, then go to more settings and click connect over https and then type in the https://server
 
on the wanside you put the internal name of the exchange server go to more setting click through any error msgs go to connection tab, and in exchange proxy settings for the server put your external domain name or ip of the router that forwards port 443 to your exchange server
 
So thats what I have

name.domain.local then under Exchange Proxy Settings i have name on the certificate exch.domain.com

When i go to https://exch.domain.com/exchange I can log in and get the email fine.

So when I go to connect with the WAN side in outlook I get:

"outlook could not log on. Check to make sure you are connected to the network and using the proper server and mailbox name. The connection ot the Exchagne Server is unavailble. outlook must be online or connected to complete this action."

Any more suggestions? I so badly want this to work
 
So the WAN side doesn't work. And I still dont get why the LAN side connects the mail with HTTPS but no the Directory and has some fails on the Directory.
 
ok just throwing some troubleshooting ideas around
on ur exhange server in iis admin, do you have the cert installed for rpcwithcert website? alsa is directory security set up to only allow basic authentication?

in your outlook profile same place where u specify the proxy external addres did u pick basic authetication in the drop down box? (default is ntlm)

also when prompted do you login as domainname\username?
 
axan said:
ok just throwing some troubleshooting ideas around
on ur exhange server in iis admin, do you have the cert installed for rpcwithcert website? alsa is directory security set up to only allow basic authentication?

in your outlook profile same place where u specify the proxy external addres did u pick basic authetication in the drop down box? (default is ntlm)

also when prompted do you login as domainname\username?
Click to expand...

RPC w/ Cert didn't have Basic Authentication so I enabled that.

Outlook is set to Basic Authentication

When prompted i do domain\user yes.

Same problem however after changing the first part.
 
All the guides were showing to make changes to the RPC and RPCw/Cert and after examing pictures he was changing it on the Default Website.

Changed that and its working now.

Now I am trying to get GFI Mail Essentials working
 
You must log in or register to reply here.
Back
Top