Basic Troubleshooting for RPC/HTTP Publishing (Exchange 2003)

Troubleshooting RPC/HTTP is not an easy task. The reason for this is that there are so many moving parts to an RPC/HTTP solution it’s often hard to figure out which part is broken. The ISA Firewall’s log files are of no help at all, so you have to take a different approach to troubleshooting RPC/HTTP publishing failures.

If your RPC/HTTP isn’t working, try checking for the following things:

  • Make sure the ISA Firewall is joined to the domain — this is a basic ISA firewall security best practice
  • In ISA 2004, make sure you’re using a different Web listener than that used by OWA forms-based authentication publishing. In ISA 2006, you can use the same listener because the listener will fall back to basic for the RPC/HTTP client
  • Make sure you’re delegating Basic authentication in the RPC/HTTP Web Publishing Rule
  • Make sure that the RPC/HTTP Web Publishing Rule is for authenticated users only. That can be all authenticated users, or selected users or groups
  • Make sure your client is running Outlook 2003 on Windows XP SP1 and above
  • Make sure your client has the CA certificate of the CA that issued the Web site certificate bound to the Web Listener that’s accepting connections from the RPC/HTTP client. This CA (root) certificate should be installed in the client’s Trusted Root Certification Authorities\Certificates machine certificate store.
  • Make sure that you enter the correct name for the Web proxy in the client configuration. This may or may not be the same name of the mailbox server. It is always the common name on the certificate bound to the RPC/HTTP Web listener
  • Make sure that IIS is installed on the OWA Web site
  • Make sure that the RPC/HTTP Web Proxy service is installed on the OWA server
  • Make sure a Web site certificate is installed on the OWA server
  • Make sure that the name on the TO tab in the Web Publishing Rule is the same as the name on the Web site certificate bound to the OWA site
  • Make sure that the /rpc directory on the OWA Web site is configured to use Basic authentication only
  • Make sure the RPC over HTTP proxy service is starting by checking the Event Viewer
  • Make sure you have configured RPC/HTTP service correctly on the OWA Server by using the Properties dialog box of that Exchange Server

While not a totally comprehensive list, if you can check on each of these issues, I’d estimate that you have a 90% chance of finding out what the problem is.

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org

Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7

Email: [email protected]

MVP — Microsoft Firewalls (ISA)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top