I ran into this problem a while back and thought I’d share my troubleshooting steps with the other professionals out there.
When trying to configure Outlook Anywhere at Some Company and using the https://www.testexchangeconnectivity.com/ to test, I kept getting the following error:
| Testing Http Authentication Methods for URL https://mail.domain.ca/rpc/rpcproxy.dll |
| Http Authentication Test failed |
|
| Additional Details | | Exception Details: Message: The underlying connection was closed: The connection was closed unexpectedly. Type: System.Net.WebException Stack Trace: at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.GetSupportedHttpAuthMethods() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.PerformTestReally() |
|
Here’s the detailed test results:
| Connectivity Test Failed |
|
|
|
| Testing RPC/HTTP connectivity | | RPC/HTTP test failed | |
| Test Steps | |
| Attempting to test Autodiscover for mailto:tluk@domain.ca | | Successfully tested Autodiscover | |
| Test Steps | |
| Attempting each method of contacting the AutoDiscover Service | | The AutoDiscover Service was successfully tested. | |
| Test Steps | |
| Attempting to test potential AutoDiscover URL https://domain.ca/AutoDiscover/AutoDiscover.xml | | Failed testing this potential AutoDiscover URL | |
| Test Steps | |
| Attempting to resolve the host name domain.ca in DNS. | | Host successfully resolved | |
| Additional Details | | IP(s) returned: 99.999.999.99 |
|
| Testing TCP Port 443 on host domain.ca to ensure it is listening and open. | | The port was opened successfully. |
| Testing SSL Certificate for validity. | | The SSL Certificate failed one or more certificate validation checks. | |
| Test Steps | |
| Validating certificate name | | Certificate name validation failed | | Tell me more about this issue and how to resolve it | |
| Additional Details | | Host name domain.ca does not match any name found on the server certificate CN=webmail.domain.ca, OU=Domain Control Validated, O=webmail.domain.ca |
|
|
|
|
|
| Attempting to test potential AutoDiscover URL https://autodiscover.domain.ca/AutoDiscover/AutoDiscover.xml | | Testing AutoDiscover URL succeeded | |
| Test Steps | |
| Attempting to resolve the host name autodiscover.domain.ca in DNS. | | Host successfully resolved | |
| Additional Details | | IP(s) returned: 99.999.999.99 |
|
| Testing TCP Port 443 on host autodiscover.domain.ca to ensure it is listening and open. | | The port was opened successfully. |
| Testing SSL Certificate for validity. | | The certificate passed all validation requirements. | |
| Test Steps | |
| Validating certificate name | | Successfully validated the certificate name | |
| Additional Details | | Found hostname autodiscover.domain.ca in Certificate Subject Alternative Name entry |
|
| Validating certificate trust | | The test passed with some warnings encountered. Please expand additional details. | |
| Additional Details | | Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information. |
|
| Testing certificate date to ensure validity | | Date Validation passed. The certificate is not expired. | |
| Additional Details | | Certificate is valid: NotBefore = 5/6/2010 3:34:15 PM, NotAfter = 5/6/2013 3:34:15 PM" |
|
|
|
| Attempting to send AutoDiscover POST request to potential autodiscover URLs. | | Successfully Retrieved AutoDiscover Settings by sending AutoDiscover POST. | |
| Test Steps | | |
|
|
|
|
|
|
|
| Validating Autodiscover Settings for Outlook Anywhere | | Outlook Anywhere Autodiscover Settings validated |
| Attempting to resolve the host name mail.domain.ca in DNS. | | Host successfully resolved | |
| Additional Details | | IP(s) returned: 99.999.999.99 |
|
| Testing TCP Port 443 on host mail.domain.ca to ensure it is listening and open. | | The port was opened successfully. |
| Testing SSL Certificate for validity. | | The certificate passed all validation requirements. | |
| Test Steps | |
| Validating certificate name | | Successfully validated the certificate name | |
| Additional Details | | Found hostname mail.domain.ca in Certificate Subject Alternative Name entry |
|
| Validating certificate trust | | The test passed with some warnings encountered. Please expand additional details. | |
| Additional Details | | Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information. |
|
| Testing certificate date to ensure validity | | Date Validation passed. The certificate is not expired. | |
| Additional Details | | Certificate is valid: NotBefore = 5/6/2010 3:34:15 PM, NotAfter = 5/6/2013 3:34:15 PM" |
|
|
|
| Testing Http Authentication Methods for URL https://mail.domain.ca/rpc/rpcproxy.dll | | Http Authentication Test failed | |
| Additional Details | | Exception Details: Message: The underlying connection was closed: The connection was closed unexpectedly. Type: System.Net.WebException Stack Trace: at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.GetSupportedHttpAuthMethods() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.PerformTestReally() |
|
|
|
|
As it turns out, when the RPC Windows component is installed, “Enable anonymous access” is enabled. The correct setting should be “Integrated Windows authentication” and “Basic authentication”.
Once the proper settings were checked and iisreset was ran, the test ran correctly with:
| Testing Http Authentication Methods for URL https://mail.domain.ca/rpc/rpcproxy.dll |
| Http Authentication Methods are correct |
|
| Additional Details | | Found all expected authentication methods and no disallowed methods. Methods Found: Basic, Negotiate, NTLM |
|
10 comments:
Thank you very much for this information. I recently worked on an active sync issue which was resolved after installing sp2 for exchange 2003. Unfortunately this broke RPCoverHTTP. I had searched several webistes prior to with no success. Your permissions on the RPC directory was spot on!
Glad that the post helped. :)
Just helped me out as well. Much appreciated Terence. I had ripped out IIS and client access and reinstalled them, and set up virtual directories again. RPC over HTTP had defaulted to anonymous after reinstalling just like you said.
Thanks for posting!
Thank you for taking the time to post this.
I had already checked a bunch of IIS settings (including this one) from the excellent article at http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html. The settings was right, and after a reboot the problem persisted. I wouldn't have checked the settings again except for you having the exact cause listed here. I checked again and sure enough anonymous was set! It's as though the change was made but the UI didn't update until a restart. In any event unticking it fixed the issue.
This worked for me too. Thanks. This worked on a SBS 2003 server.
Greatly appreciated! Worked for me as well. Exchange 2003 on Windows 2003 Server Standard Edition SP2.
TTTHHHHAANNNNNK you!!!!!! :-)
TTTHHAANNNNKKK YOU!!!!!
indeed...
Thank you so much for leaving this topic live on your blog. It just saved my bacon. You da man!
Post a Comment