RPC over HTTP – some thoughts and gotchas

Having last  looked at this requirement for a client about two years ago –  it was a trip down Memory Pain not Memory Lane for this one. The server infrastructure was an exchange 2003 sp 2 server which was the backend server, proxy server and global catalog. After resolving an expired exchange ssl certificate it should have been a fairly simple process to allow access to the remote user. Instead it turned into an adventure try to locate which element was not working. Hopefully detailing the steps followed will help other admins setting this up.

for this example make sure you replace https://myserver.internetname.com/exchange/ with your servers address and make sure port 80 and 443 are open and point to the servers internal address

1) Check your cert. Make sure that you can open https://myserver.internetname.com/exchange/ without an error. if you cannot add the cert through IE – go into IE certificate settings and import into trusted root authorities. Check again.

2) check that you can access https://myserver.internetname.com/rpc/

3) check that you can access https://myserver.internetname.com/rpcproxy.dll – you will enter your password 3 times and get an error page at the end – thats to be expected.

4) make sure basic authentication is set on the rpc folder in IIS

5) check that the exchange server can resolve itself as the server listed above. For example if the server is mail.mydomain.com (for the delivery of mail etc) then check what ping mail.maildomain.com gives. If its the external ip address of the router then add a host entry for mail.mydomain.com with the internal ip address of the exchange server  or consider a split dns. The host entry is quick and easy to use to prove the server resolves.

6) Test your client access REMOTELY (not locally on the LAN) using the internal name of the exchange server for example myserver.internalnetwork.local and the short name of the email user ie johndoe. Make sure that the exchange acrosss the internet settings in the profile use the external name of the mail server for example mail.mydomain.com and that BASIC authentication is selected. Also turn of cached mode before testing unless the mailbox is empty !!

7) save the profile and start outlook using start / run and type outlook /rpcdiag

This will tell you if you are actually communicating with the server across the internet

8) If you are constantly asked for the username – check which machines the user is allowed to login on. you may need to allow access to all to prove that this is the issue before limiting to the correct machines.


I hope these condensed steps help you steer through what is a more complex arrangement than you would wish but thats the way Microsoft make it.