| Author |
Message |
Daren DiClaudio
Guest
|
 Posted:
Thu Jan 13, 2005 10:57 pm Post subject:
Help with RPC over HTTP and requests for Credentials |
|
|
Alright,
I have this set up at about 25 total locations, 20 of which are working
flawlessly. The other 5... well please let me know if you can help!
I have each location logging into a domain accross a VPN. I have implemented
RPC over HTTP to minimize the load on the VPN equipment. The issue is that
at 5 of these sites, they keep asking for the logon credentials when you go
into Exchange.
I have installed the certificate from the server, I have made sure that the
terminals are using credentials that have not expired. If I allow the
terminals to connect using the normal RPC method that would require the use
of the VPN it works fine, I am pulling my hair out trying to figure out this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last month or
so. I have experience with setting this up correctly, but there is something
else wrong.
Any and all suggestions will be appreciated.I have searched the newsgroups
for possible answers to my issue and the posted responces to previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
| Back to top |
|
 |
Tim Hackbart [MSFT]
Guest
|
| Posted:
Fri Jan 14, 2005 1:35 am Post subject:
Re: Help with RPC over HTTP and requests for Credentials |
|
|
Daren
What are the Proxy/Web Access differences from the 5 locations that do not
work?
I have seen that in locations that require you to provide authentication to
a Web Proxy to access the Internet, this will cause Rpc over Http to fail.
So check to see if these locations have Web Proxies that require
authentication.
Also make sure that you can access OWA using SSL from these locations, that
will ensure that you have a good SSL and TCP connection to the Web Server.
My guess is that it is a Web Proxy Authentication issue, and currently there
is no workaround except to modify the web proxy to NOT prompt for
credentials.
Let me know if this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl...
| Quote: | Alright,
I have this set up at about 25 total locations, 20 of which are working
flawlessly. The other 5... well please let me know if you can help!
I have each location logging into a domain accross a VPN. I have
implemented
RPC over HTTP to minimize the load on the VPN equipment. The issue is that
at 5 of these sites, they keep asking for the logon credentials when you
go
into Exchange.
I have installed the certificate from the server, I have made sure that
the
terminals are using credentials that have not expired. If I allow the
terminals to connect using the normal RPC method that would require the
use
of the VPN it works fine, I am pulling my hair out trying to figure out
this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last month or
so. I have experience with setting this up correctly, but there is
something
else wrong.
Any and all suggestions will be appreciated.I have searched the newsgroups
for possible answers to my issue and the posted responces to previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
|
| Back to top |
|
|
Daren DiClaudio
Guest
|
| Posted:
Fri Jan 14, 2005 3:53 am Post subject:
Re: Help with RPC over HTTP and requests for Credentials |
|
|
They do not use a proxy of any sort.
Each location has a direct connection to the internet through a transparent
firewall and connects to a public IP address for their server cia a DSL line
at each location.. It is as direct as you can go.
They can use OWA and I have installed the certificate and added the FQDN
into the trusted internet sites catagory in IE's security (that is how I set
up the 20 other sites).
I have researched this to death, I cannot seem to find what could be causing
the issue. The only thing I can guess is that there is some obscure registry
setting that is affecting the use of the current credentials (they are still
logging into the domain via the VPN).
Any other ideas?
Thanks you.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:ulPNUca%23EHA.2680@TK2MSFTNGP09.phx.gbl...
| Quote: | Daren
What are the Proxy/Web Access differences from the 5 locations that do not
work?
I have seen that in locations that require you to provide authentication
to
a Web Proxy to access the Internet, this will cause Rpc over Http to fail.
So check to see if these locations have Web Proxies that require
authentication.
Also make sure that you can access OWA using SSL from these locations,
that
will ensure that you have a good SSL and TCP connection to the Web Server.
My guess is that it is a Web Proxy Authentication issue, and currently
there
is no workaround except to modify the web proxy to NOT prompt for
credentials.
Let me know if this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl...
Alright,
I have this set up at about 25 total locations, 20 of which are working
flawlessly. The other 5... well please let me know if you can help!
I have each location logging into a domain accross a VPN. I have
implemented
RPC over HTTP to minimize the load on the VPN equipment. The issue is
that
at 5 of these sites, they keep asking for the logon credentials when you
go
into Exchange.
I have installed the certificate from the server, I have made sure that
the
terminals are using credentials that have not expired. If I allow the
terminals to connect using the normal RPC method that would require the
use
of the VPN it works fine, I am pulling my hair out trying to figure out
this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last month or
so. I have experience with setting this up correctly, but there is
something
else wrong.
Any and all suggestions will be appreciated.I have searched the
newsgroups
for possible answers to my issue and the posted responces to previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
|
| Back to top |
|
|
Tim Hackbart [MSFT]
Guest
|
| Posted:
Fri Jan 14, 2005 4:04 am Post subject:
Re: Help with RPC over HTTP and requests for Credentials |
|
|
What are your Authentication settings on the RPC virtual Directory in the
ISM.
Also what are your settings in Outlook 2003 for Authentication.
How far do you get into the Outlook session?
If you launch Outlook with \rpcdiag switch, what do you see in the
connection status dialog box?
827330 How to troubleshoot client RPC over HTTP connection issues in Office
http://support.microsoft.com/?id=827330
I am curious if we are getting past the RPC Proxy Server and then the
Exchange Server is the one that does not like your Credentials.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:#1SaRpb#EHA.2192@TK2MSFTNGP14.phx.gbl...
| Quote: |
They do not use a proxy of any sort.
Each location has a direct connection to the internet through a
transparent
firewall and connects to a public IP address for their server cia a DSL
line
at each location.. It is as direct as you can go.
They can use OWA and I have installed the certificate and added the FQDN
into the trusted internet sites catagory in IE's security (that is how I
set
up the 20 other sites).
I have researched this to death, I cannot seem to find what could be
causing
the issue. The only thing I can guess is that there is some obscure
registry
setting that is affecting the use of the current credentials (they are
still
logging into the domain via the VPN).
Any other ideas?
Thanks you.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:ulPNUca%23EHA.2680@TK2MSFTNGP09.phx.gbl...
Daren
What are the Proxy/Web Access differences from the 5 locations that do
not
work?
I have seen that in locations that require you to provide authentication
to
a Web Proxy to access the Internet, this will cause Rpc over Http to
fail.
So check to see if these locations have Web Proxies that require
authentication.
Also make sure that you can access OWA using SSL from these locations,
that
will ensure that you have a good SSL and TCP connection to the Web
Server.
My guess is that it is a Web Proxy Authentication issue, and currently
there
is no workaround except to modify the web proxy to NOT prompt for
credentials.
Let me know if this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl...
Alright,
I have this set up at about 25 total locations, 20 of which are working
flawlessly. The other 5... well please let me know if you can help!
I have each location logging into a domain accross a VPN. I have
implemented
RPC over HTTP to minimize the load on the VPN equipment. The issue is
that
at 5 of these sites, they keep asking for the logon credentials when
you
go
into Exchange.
I have installed the certificate from the server, I have made sure that
the
terminals are using credentials that have not expired. If I allow the
terminals to connect using the normal RPC method that would require the
use
of the VPN it works fine, I am pulling my hair out trying to figure out
this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last month
or
so. I have experience with setting this up correctly, but there is
something
else wrong.
Any and all suggestions will be appreciated.I have searched the
newsgroups
for possible answers to my issue and the posted responces to previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
|
| Back to top |
|
|
Daren DiClaudio
Guest
|
| Posted:
Fri Jan 14, 2005 4:13 am Post subject:
Re: Help with RPC over HTTP and requests for Credentials |
|
|
I will get you more info a little later, but as soon as I try to connect to
the server is when it asks. I can run outlook in offline mode just fine.
I use NTLM authentication at all my sites (eventhough RPC over HTTP requires
SSL I still like having the added protection) The server and clients are all
set up to accept NTLM Authentication. I tried using Basic Auth as a tshoot
measure but it didn't change the request for username/password (which if I
manually supply it, outlook connects without a problem).
Just a little frusterating :-)
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:uqJEevb%23EHA.3820@TK2MSFTNGP11.phx.gbl...
| Quote: | What are your Authentication settings on the RPC virtual Directory in the
ISM.
Also what are your settings in Outlook 2003 for Authentication.
How far do you get into the Outlook session?
If you launch Outlook with \rpcdiag switch, what do you see in the
connection status dialog box?
827330 How to troubleshoot client RPC over HTTP connection issues in
Office
http://support.microsoft.com/?id=827330
I am curious if we are getting past the RPC Proxy Server and then the
Exchange Server is the one that does not like your Credentials.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:#1SaRpb#EHA.2192@TK2MSFTNGP14.phx.gbl...
They do not use a proxy of any sort.
Each location has a direct connection to the internet through a
transparent
firewall and connects to a public IP address for their server cia a DSL
line
at each location.. It is as direct as you can go.
They can use OWA and I have installed the certificate and added the FQDN
into the trusted internet sites catagory in IE's security (that is how I
set
up the 20 other sites).
I have researched this to death, I cannot seem to find what could be
causing
the issue. The only thing I can guess is that there is some obscure
registry
setting that is affecting the use of the current credentials (they are
still
logging into the domain via the VPN).
Any other ideas?
Thanks you.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:ulPNUca%23EHA.2680@TK2MSFTNGP09.phx.gbl...
Daren
What are the Proxy/Web Access differences from the 5 locations that do
not
work?
I have seen that in locations that require you to provide
authentication
to
a Web Proxy to access the Internet, this will cause Rpc over Http to
fail.
So check to see if these locations have Web Proxies that require
authentication.
Also make sure that you can access OWA using SSL from these locations,
that
will ensure that you have a good SSL and TCP connection to the Web
Server.
My guess is that it is a Web Proxy Authentication issue, and currently
there
is no workaround except to modify the web proxy to NOT prompt for
credentials.
Let me know if this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl...
Alright,
I have this set up at about 25 total locations, 20 of which are
working
flawlessly. The other 5... well please let me know if you can help!
I have each location logging into a domain accross a VPN. I have
implemented
RPC over HTTP to minimize the load on the VPN equipment. The issue is
that
at 5 of these sites, they keep asking for the logon credentials when
you
go
into Exchange.
I have installed the certificate from the server, I have made sure
that
the
terminals are using credentials that have not expired. If I allow the
terminals to connect using the normal RPC method that would require
the
use
of the VPN it works fine, I am pulling my hair out trying to figure
out
this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last month
or
so. I have experience with setting this up correctly, but there is
something
else wrong.
Any and all suggestions will be appreciated.I have searched the
newsgroups
for possible answers to my issue and the posted responces to previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
|
| Back to top |
|
|
Tim Hackbart [MSFT]
Guest
|
| Posted:
Fri Jan 14, 2005 4:41 am Post subject:
Re: Help with RPC over HTTP and requests for Credentials |
|
|
Ok, I gotcha..
So you can connect when you supply the correct credentials, I thought you
were NOT able to connect, even after supplying credentials.
In that case I do think it may be an issue with the VPN and the Domain
Authentication interacting with both the Auth on the RPC Virtual Directory
and Auth for Exchange.
Setting Outlook and RPC to use Basic Auth will of course prompt you for
credentials, then it should work,
I have seen that using Basic Authentication is by far the most robust
solution, and the one we use here at Microsoft. Using NTLM with VPN can
cause issues as we are not totally in charge of the credentials that are
sent. I have seen where the incorrect credentials are sent using NTLM, so
we go to Basic only on the RPC Virtual Directory, then Always Prompt and
only use NTLM on the Ol2003 client, and that works. You will be prompted,
but then you are totally in charge of the credentials sent to the server.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:ea0mL0b#EHA.3616@TK2MSFTNGP11.phx.gbl...
| Quote: |
I will get you more info a little later, but as soon as I try to connect
to
the server is when it asks. I can run outlook in offline mode just fine.
I use NTLM authentication at all my sites (eventhough RPC over HTTP
requires
SSL I still like having the added protection) The server and clients are
all
set up to accept NTLM Authentication. I tried using Basic Auth as a tshoot
measure but it didn't change the request for username/password (which if I
manually supply it, outlook connects without a problem).
Just a little frusterating :-)
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:uqJEevb%23EHA.3820@TK2MSFTNGP11.phx.gbl...
What are your Authentication settings on the RPC virtual Directory in
the
ISM.
Also what are your settings in Outlook 2003 for Authentication.
How far do you get into the Outlook session?
If you launch Outlook with \rpcdiag switch, what do you see in the
connection status dialog box?
827330 How to troubleshoot client RPC over HTTP connection issues in
Office
http://support.microsoft.com/?id=827330
I am curious if we are getting past the RPC Proxy Server and then the
Exchange Server is the one that does not like your Credentials.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:#1SaRpb#EHA.2192@TK2MSFTNGP14.phx.gbl...
They do not use a proxy of any sort.
Each location has a direct connection to the internet through a
transparent
firewall and connects to a public IP address for their server cia a DSL
line
at each location.. It is as direct as you can go.
They can use OWA and I have installed the certificate and added the
FQDN
into the trusted internet sites catagory in IE's security (that is how
I
set
up the 20 other sites).
I have researched this to death, I cannot seem to find what could be
causing
the issue. The only thing I can guess is that there is some obscure
registry
setting that is affecting the use of the current credentials (they are
still
logging into the domain via the VPN).
Any other ideas?
Thanks you.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:ulPNUca%23EHA.2680@TK2MSFTNGP09.phx.gbl...
Daren
What are the Proxy/Web Access differences from the 5 locations that
do
not
work?
I have seen that in locations that require you to provide
authentication
to
a Web Proxy to access the Internet, this will cause Rpc over Http to
fail.
So check to see if these locations have Web Proxies that require
authentication.
Also make sure that you can access OWA using SSL from these
locations,
that
will ensure that you have a good SSL and TCP connection to the Web
Server.
My guess is that it is a Web Proxy Authentication issue, and
currently
there
is no workaround except to modify the web proxy to NOT prompt for
credentials.
Let me know if this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl...
Alright,
I have this set up at about 25 total locations, 20 of which are
working
flawlessly. The other 5... well please let me know if you can help!
I have each location logging into a domain accross a VPN. I have
implemented
RPC over HTTP to minimize the load on the VPN equipment. The issue
is
that
at 5 of these sites, they keep asking for the logon credentials when
you
go
into Exchange.
I have installed the certificate from the server, I have made sure
that
the
terminals are using credentials that have not expired. If I allow
the
terminals to connect using the normal RPC method that would require
the
use
of the VPN it works fine, I am pulling my hair out trying to figure
out
this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last
month
or
so. I have experience with setting this up correctly, but there is
something
else wrong.
Any and all suggestions will be appreciated.I have searched the
newsgroups
for possible answers to my issue and the posted responces to
previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
|
| Back to top |
|
|
Daren DiClaudio
Guest
|
| Posted:
Fri Jan 14, 2005 4:56 am Post subject:
Re: Help with RPC over HTTP and requests for Credentials |
|
|
Strange, they why do the 20 other sites I am working with not prompt me?
I have taken the vpn offline at the store I am currently working on to make
sure all traffic runs throught the RPC over HTTP setup. I have done this to
another store that is working without prompting for the password as well, to
test the functionality of RPC over HTTP and making sure the store is not
reliant upon the VPN being up to have the ability to interact with their
mail. It works great at the "test" store, but still prompts me at the
"problem" store.
My goal is to not prompt for credentials. That is another reason I am using
NTLM Auth instead of Basic. I am 99% sure it is an issue on the client
machine becuase the other stores do not have to provide their passwords to
connect.
I am confused as to why using NTLM auth over a VPN would cause issues? The
VPN equipment we use is transparent and the client machine can talk directly
to the internal IP Address of the Domain Controller. When using RPC over
HTTP, the client machine will just connect to the public IP address that
belongs to the mail cunstions of the Domain Controller and run the RPC
conmands over the HTTPS tunnel... or at least that is how I thought it was
working at the other stores.
Any idea why this is one of only 5 stores that are exhibiting this behavior?
All 25 stores have XP SP2, MS Office 2003 SBS edition with all the updates
applied, and do not rely on the VPN to interact with their e-mail. Just 5 of
those stores keeps prompting for a password.
Hehe, I am almost bald from this problem :-P
Thanks for your help, I appreciate that someone is responding to my posts.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:eBe3QEc%23EHA.2596@tk2msftngp13.phx.gbl...
| Quote: | Ok, I gotcha..
So you can connect when you supply the correct credentials, I thought you
were NOT able to connect, even after supplying credentials.
In that case I do think it may be an issue with the VPN and the Domain
Authentication interacting with both the Auth on the RPC Virtual Directory
and Auth for Exchange.
Setting Outlook and RPC to use Basic Auth will of course prompt you for
credentials, then it should work,
I have seen that using Basic Authentication is by far the most robust
solution, and the one we use here at Microsoft. Using NTLM with VPN can
cause issues as we are not totally in charge of the credentials that are
sent. I have seen where the incorrect credentials are sent using NTLM, so
we go to Basic only on the RPC Virtual Directory, then Always Prompt and
only use NTLM on the Ol2003 client, and that works. You will be prompted,
but then you are totally in charge of the credentials sent to the server.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:ea0mL0b#EHA.3616@TK2MSFTNGP11.phx.gbl...
I will get you more info a little later, but as soon as I try to connect
to
the server is when it asks. I can run outlook in offline mode just fine.
I use NTLM authentication at all my sites (eventhough RPC over HTTP
requires
SSL I still like having the added protection) The server and clients are
all
set up to accept NTLM Authentication. I tried using Basic Auth as a
tshoot
measure but it didn't change the request for username/password (which if
I
manually supply it, outlook connects without a problem).
Just a little frusterating :-)
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:uqJEevb%23EHA.3820@TK2MSFTNGP11.phx.gbl...
What are your Authentication settings on the RPC virtual Directory in
the
ISM.
Also what are your settings in Outlook 2003 for Authentication.
How far do you get into the Outlook session?
If you launch Outlook with \rpcdiag switch, what do you see in the
connection status dialog box?
827330 How to troubleshoot client RPC over HTTP connection issues in
Office
http://support.microsoft.com/?id=827330
I am curious if we are getting past the RPC Proxy Server and then the
Exchange Server is the one that does not like your Credentials.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:#1SaRpb#EHA.2192@TK2MSFTNGP14.phx.gbl...
They do not use a proxy of any sort.
Each location has a direct connection to the internet through a
transparent
firewall and connects to a public IP address for their server cia a
DSL
line
at each location.. It is as direct as you can go.
They can use OWA and I have installed the certificate and added the
FQDN
into the trusted internet sites catagory in IE's security (that is how
I
set
up the 20 other sites).
I have researched this to death, I cannot seem to find what could be
causing
the issue. The only thing I can guess is that there is some obscure
registry
setting that is affecting the use of the current credentials (they are
still
logging into the domain via the VPN).
Any other ideas?
Thanks you.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:ulPNUca%23EHA.2680@TK2MSFTNGP09.phx.gbl...
Daren
What are the Proxy/Web Access differences from the 5 locations that
do
not
work?
I have seen that in locations that require you to provide
authentication
to
a Web Proxy to access the Internet, this will cause Rpc over Http to
fail.
So check to see if these locations have Web Proxies that require
authentication.
Also make sure that you can access OWA using SSL from these
locations,
that
will ensure that you have a good SSL and TCP connection to the Web
Server.
My guess is that it is a Web Proxy Authentication issue, and
currently
there
is no workaround except to modify the web proxy to NOT prompt for
credentials.
Let me know if this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl...
Alright,
I have this set up at about 25 total locations, 20 of which are
working
flawlessly. The other 5... well please let me know if you can help!
I have each location logging into a domain accross a VPN. I have
implemented
RPC over HTTP to minimize the load on the VPN equipment. The issue
is
that
at 5 of these sites, they keep asking for the logon credentials
when
you
go
into Exchange.
I have installed the certificate from the server, I have made sure
that
the
terminals are using credentials that have not expired. If I allow
the
terminals to connect using the normal RPC method that would require
the
use
of the VPN it works fine, I am pulling my hair out trying to figure
out
this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last
month
or
so. I have experience with setting this up correctly, but there is
something
else wrong.
Any and all suggestions will be appreciated.I have searched the
newsgroups
for possible answers to my issue and the posted responces to
previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
|
| Back to top |
|
|
Tim Hackbart [MSFT]
Guest
|
| Posted:
Fri Jan 14, 2005 5:52 am Post subject:
Re: Help with RPC over HTTP and requests for Credentials |
|
|
Can you see any differences between the stores at all?
Are they the exact same VPN clients, exact same internet connection etc?
The other thing to look at is where the prompt is coming from.
You could check the event logs on the RPC Proxy Server and then on the Back
End Server to see if we have any issues there.
You could also check the IISlogs on the RPC Proxy server to see what error
codes we are getting back.
I am not aware of any registry key that would affect this issue, the only
thing I could think of was something that is different in the environment
between the two stores.
One thing to try is to start OL2003 with the /rpcdiag switch, and when you
get the Authentication prompt, look at the Connection Status box and see if
we are connecting to a server, or if we are not even showing a server
connection yet. This may let us know who is prompting, RPC or Exchange.
Try to figure out if there is any difference at all between the stores as
far as VPN and internet connection goes, and then where we are being
prompted
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:eDZQbMc#EHA.2316@TK2MSFTNGP15.phx.gbl...
| Quote: |
Strange, they why do the 20 other sites I am working with not prompt me?
I have taken the vpn offline at the store I am currently working on to
make
sure all traffic runs throught the RPC over HTTP setup. I have done this
to
another store that is working without prompting for the password as well,
to
test the functionality of RPC over HTTP and making sure the store is not
reliant upon the VPN being up to have the ability to interact with their
mail. It works great at the "test" store, but still prompts me at the
"problem" store.
My goal is to not prompt for credentials. That is another reason I am
using
NTLM Auth instead of Basic. I am 99% sure it is an issue on the client
machine becuase the other stores do not have to provide their passwords to
connect.
I am confused as to why using NTLM auth over a VPN would cause issues? The
VPN equipment we use is transparent and the client machine can talk
directly
to the internal IP Address of the Domain Controller. When using RPC over
HTTP, the client machine will just connect to the public IP address that
belongs to the mail cunstions of the Domain Controller and run the RPC
conmands over the HTTPS tunnel... or at least that is how I thought it was
working at the other stores.
Any idea why this is one of only 5 stores that are exhibiting this
behavior?
All 25 stores have XP SP2, MS Office 2003 SBS edition with all the updates
applied, and do not rely on the VPN to interact with their e-mail. Just 5
of
those stores keeps prompting for a password.
Hehe, I am almost bald from this problem :-P
Thanks for your help, I appreciate that someone is responding to my posts.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:eBe3QEc%23EHA.2596@tk2msftngp13.phx.gbl...
Ok, I gotcha..
So you can connect when you supply the correct credentials, I thought
you
were NOT able to connect, even after supplying credentials.
In that case I do think it may be an issue with the VPN and the Domain
Authentication interacting with both the Auth on the RPC Virtual
Directory
and Auth for Exchange.
Setting Outlook and RPC to use Basic Auth will of course prompt you for
credentials, then it should work,
I have seen that using Basic Authentication is by far the most robust
solution, and the one we use here at Microsoft. Using NTLM with VPN can
cause issues as we are not totally in charge of the credentials that are
sent. I have seen where the incorrect credentials are sent using NTLM,
so
we go to Basic only on the RPC Virtual Directory, then Always Prompt and
only use NTLM on the Ol2003 client, and that works. You will be
prompted,
but then you are totally in charge of the credentials sent to the
server.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:ea0mL0b#EHA.3616@TK2MSFTNGP11.phx.gbl...
I will get you more info a little later, but as soon as I try to
connect
to
the server is when it asks. I can run outlook in offline mode just
fine.
I use NTLM authentication at all my sites (eventhough RPC over HTTP
requires
SSL I still like having the added protection) The server and clients
are
all
set up to accept NTLM Authentication. I tried using Basic Auth as a
tshoot
measure but it didn't change the request for username/password (which
if
I
manually supply it, outlook connects without a problem).
Just a little frusterating :-)
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in message
news:uqJEevb%23EHA.3820@TK2MSFTNGP11.phx.gbl...
What are your Authentication settings on the RPC virtual Directory in
the
ISM.
Also what are your settings in Outlook 2003 for Authentication.
How far do you get into the Outlook session?
If you launch Outlook with \rpcdiag switch, what do you see in the
connection status dialog box?
827330 How to troubleshoot client RPC over HTTP connection issues in
Office
http://support.microsoft.com/?id=827330
I am curious if we are getting past the RPC Proxy Server and then the
Exchange Server is the one that does not like your Credentials.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:#1SaRpb#EHA.2192@TK2MSFTNGP14.phx.gbl...
They do not use a proxy of any sort.
Each location has a direct connection to the internet through a
transparent
firewall and connects to a public IP address for their server cia a
DSL
line
at each location.. It is as direct as you can go.
They can use OWA and I have installed the certificate and added the
FQDN
into the trusted internet sites catagory in IE's security (that is
how
I
set
up the 20 other sites).
I have researched this to death, I cannot seem to find what could be
causing
the issue. The only thing I can guess is that there is some obscure
registry
setting that is affecting the use of the current credentials (they
are
still
logging into the domain via the VPN).
Any other ideas?
Thanks you.
"Tim Hackbart [MSFT]" <Timhack@online.microsoft.com> wrote in
message
news:ulPNUca%23EHA.2680@TK2MSFTNGP09.phx.gbl...
Daren
What are the Proxy/Web Access differences from the 5 locations
that
do
not
work?
I have seen that in locations that require you to provide
authentication
to
a Web Proxy to access the Internet, this will cause Rpc over Http
to
fail.
So check to see if these locations have Web Proxies that require
authentication.
Also make sure that you can access OWA using SSL from these
locations,
that
will ensure that you have a good SSL and TCP connection to the Web
Server.
My guess is that it is a Web Proxy Authentication issue, and
currently
there
is no workaround except to modify the web proxy to NOT prompt for
credentials.
Let me know if this helps.
--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers
no
rights.
Please do not send email directly to this alias. This alias is for
newsgroup
purposes only.
"Daren DiClaudio" <duomenox@newsgroups.nospam> wrote in message
news:uykL4DZ#EHA.1564@TK2MSFTNGP09.phx.gbl...
Alright,
I have this set up at about 25 total locations, 20 of which are
working
flawlessly. The other 5... well please let me know if you can
help!
I have each location logging into a domain accross a VPN. I have
implemented
RPC over HTTP to minimize the load on the VPN equipment. The
issue
is
that
at 5 of these sites, they keep asking for the logon credentials
when
you
go
into Exchange.
I have installed the certificate from the server, I have made
sure
that
the
terminals are using credentials that have not expired. If I allow
the
terminals to connect using the normal RPC method that would
require
the
use
of the VPN it works fine, I am pulling my hair out trying to
figure
out
this
issue.
I suspect it has something to do with a registry setting or other
configuration issue that I have not been able to find i the last
month
or
so. I have experience with setting this up correctly, but there
is
something
else wrong.
Any and all suggestions will be appreciated.I have searched the
newsgroups
for possible answers to my issue and the posted responces to
previous
questions did not resolve my issue.
Again, thank you for your help.
Daren
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in