Problem with RPC over HTTPS in Outlook
Thursday, January 4, 2007Problem
I can't get Outlook to connect to my Exchange 2003 SP2 (Windows 2003 SP1) single-server via RPC over HTTPS. Doesn't work on LAN or WAN. Exception 1818 occurs after about 10 minutes. Wireshark shows two authentication requests right at the beginning, and then nothing else after that.
RPCPing -t nacn_http -s <internalFQDN> -o RPCProxy=<externalFQDN> -P "login info" -I "login info" -H 1 -F 3 -a connect -u 10 -v 3 -e 6001
RPCPing v2.12 Copyright (C) Microsoft Corporation, 2002
OS Version is 5.1, Service Pack 2
Exception 1818 (0x0000071A)
Number of records is: 1
ProcessID is 1700
System Time is: 1/4/2007 17:1:0:842
Generating component is 14
Status is 1818
Detection location is 1390
Flags is 0
NumberOfParameters is 1
Long val: 900000
I've checked my configuration against every setup list I could Google (including Daniel's own excellent writeup and Microsoft's 833401)
1. RPC over HTTP is installed
2. IIS is running just fine.
3. RPC virtual folder is configured correctly; I get prompted for authentication endlessly when Scripts & Executables are enabled, as they should be.
4. Certificate is from RapidSSL, and is accepted just fine.
5. Valid ports include <internalFQDN> and <externalFQDN> on 6001-6002 and 6004, as should be
6. RPCPing -E runs fine (Response from server received: 200)
If I intentionally put an incorrect value for any of the server names, I get an Exception 5, as would be expected. I get the same error on an XP SP2 machine, too.
Standard MAPI connection over LAN works fine, OWA is on - all normal Exchange stuff is working fine.
What in the world else is there to check??
Solution
And here's why, it has to do with the Rpc virtual folder in IIS: I need the RPC folder in a different website, and I've now found that manually creating it doesn't work, but copying via configuration file does.
I had manually created the Rpc folder, pointing it to the proper location, setting access to Log and Index only, Execute permission to Scripts and Executables, removing anonymous and setting Basic only, and requiring 128-bit SSL. It looks just like the default folder.
However, when I export both the manually-created folder and default folder to config files, and compare, this difference breaks the manual one:
IIsWebVirtualDir UploadReadAheadSize="0"
When this exists, it works fine.
This was also different, but didn't seem to matter:
IIsWebVirtualDir AccessFlags
- manual folder: "AccessExecute | AccessScript"
- default folder: "AccessExecute"
The default folder also has a whole additional child node under the IIsWebVirtualDir, but it didn't seem to matter that it was missing:
<Custom
Name="win32Error"
ID="1099"
Value="0"
Type="DWORD"
UserType="IIS_MD_UT_SERVER"
Attributes="INHERIT"
/>
Bottom line: if you need the RPC folder in a website other than the default, copy via config file (new in IIS 6), and it'll work great and save you hours of needless frustration!
0 Comments
Comments are closed for this article.
Home
Activities
Calendar
Events
Related Links
This
is the permanent link to "Problem with RPC over HTTPS in Outlook". Clicking 