Free Microsoft Outlook Resources & Whitepapers

Repeated Authentication with Outlook 2003 and RPC over HTTPS

Hello all, I'm right on the verge of a migration from Open Exchange to a brand new Exchange 2003 installation. It is a 100% Windows 2003 / XP pro / Exchange 2003 / Outlook 2003 installation. I followed the articles on how to install RPC over HTTPS available here and at Microsoft, with the exception of using "Mutually Authenticate SSL" or whatever that option is. I have tried it with though and that doesn't seem to be it.

Our server is repeatedly asking for username/password authentication from Outlook. It will not save the password, and it wants to re-authenticate every few hours it seems. Is this normal behavior? I really want to tell my users they won't have to do this all the time. It doesn't matter whether they are inside our network or outside, VPN or not. It works as long as they re-authenticate, but it's a PITA to our users.

Any ideas?

Thanks all!


Post your answer or comment

comments powered by Disqus
I am having an issue with Outlook 2007 and RPC over Https. The box can
either be XP or Vista with 2007 installed on it. I can connect Outlook when
connected with a VPN but when external it fails to connect. With Outlook
2003 and RPC over Https there are no issues.

It is frustrating that there is no easy searchable solution with MS for this
as this problem exisits on any box we build with any of our clients with
Outlook 2007.

Any ideas?

I'm trying to configure RPC over HTTP and I believe (according to the documentation I've followed) that I have the FE and BE servers setup properly. The problem I'm having is that I don't have the option under the Connection tab in Outlook (2003 with SP1) "Connect to my Exchange mailbox using HTTP". It's not greyed out, it just simply isn't there. I ran the Custom Maintenance Wizard in an attempt to add it and it seemed to run through ok, but still no option. Any thoughts?
TIA, Tony.

Hello I have an SBS2003 Server that I am setting up. I have successfully connected over the internet using Outlook 2003 via rpc over HTTPS.
I was trying different Global Address list settings and know when configure A new client and then try to connect after putting the username & password
Outlook gives me an error "The Bookmark is invalid" and won't connect. I can however connect using a client that was prieviously configured and working.
Only new clients seem to have trouble. I am not sure if yhe global address list has anything to do with it. Any input would be helpful  

Hi

my prospective clients are testing Outlook 2003 (rpc over https) at their
site. Their internet access is through an outsourced proxy server.
For internet access, each user needs to enter a username and password
before they are connected to the websites.

However, when testing Outlook 2003 access(rpc over https), they are not able
to connect to the Exchange server.

For 1 hour, they asked their vendor to lower the security level. That means
internet access do not require proxy authentication.
The Outlook 2003 access(rpc over https) also worked successfully.

However, the security setting was set to the original setting. This is what
the vendor provides for its client... high level security.

Anyone knows if this problem can be overcome?

regards
Raymond

I am trying to setup some of my laptop users to connect to exchange 2003 with
outlook 2003 using RPC over HTTP

we have

1 x windows 2003 server std (Domain controller) 192.168.16.2
1 x windows 2003 server std running exchange 2003 192.168.16.3

my netgear firewall has port 443 open and my domain controller then forwards
this port to the exchange server

we can use OWA ok
we have imported the certificate on the laptop and we run OWA with out it
prompting that the sites not safe...

After I have configured outlook to RPC over HTTP iam keep getting prompted
to enter my password and I never get connected to my mail box

Before i had SSL setup on exchange I connected ok using my PSA windows
mobile 5. I have tried today so get this to synch but it just keeps asking
for my password

Hope you are able to assist further

Thanks

Current Environment one front end and two backend Exchange 2003 servers. https url running on front end for both owa and RPC over HTTP.

Transitioning to Exchange 2007SP1 with HT&CAS –NLB and CCR cluster for mailboxes.

When is the best time to move owa and rpc over http url from Exchange 2003 front end  to Exchange 2007 CAS without affecting users on Exchange 2003? Are there any known issues?

Main concerned is with RPC over HTTP users, few hundred users outlook running with RPC over HTTP settings.

Appreciate sharing your experiences on this.

Current Environment one front end and two backend Exchange 2003 servers. https url running on front end for both owa and RPC over HTTP.

Transitioning to Exchange 2007SP1 with HT&CAS –NLB and CCR cluster for mailboxes.

When is the best time to move owa and rpc over http url from Exchange 2003 front end  to Exchange 2007 CAS without affecting users on Exchange 2003? Are there any known issues?

Main concerned is with RPC over HTTP users, few hundred users outlook running with RPC over HTTP settings.

Appreciate sharing your experiences on this.

I would like to setup my Outlook 2003 to RPC over HTTP. I have Outlook Web
Access and for various reasons would like to be able to access it through my
Outlook as opposed to through IE.

If you could list steps required to set this up I would appreciate it.

I have an environment that now requires the use of Smart Card for logon.  When this is enabled, it eliminates the ability to use OWA and RPC over HTTPS.  Is anyone aware of documentation that would allow these two services to work even with the Smart Card Logon?  (Remember...when you enable this check box in AD, Windows creates a hidden password for the account that it passes to AD when the Smart Card is authenticated.  A user or Admin will never know what that PW is.) 

I know there are "sort of" workarouds out there, but I need something that is solid and supported by MS.

THanks!

CFR

Hi Everyone,
 
i hope you guys can help me, coz i'm quite stumped with this problem i'm encoutering with a client. The network is a SBS 2003 R2 Premium edition that we've setup recently. Exchange (SP2) is responsible for 3 domains, which are setup correctly and are working fine. Workstations are configured with Windows XP SP2 and Office 2007.
 
One user has to have the ability to send e-mails from two different domains (lets call them domainA.com and domainB.com for now). After searching online for a while i've read up on the subject and did the following actions:
- Added a new user account for user@domainB.com and set user@domainB.com as the primary SMTP address
- gave the primary logon account that the user uses Full Mailbox Rights on the useraccount user@domainB.com and gave explicit Send As & Receive As allowed rights. (Yes through AD Users & Computers, Advenced Features, etc...)
- setup automatic forwarding in exchange features for user@domainB.com to send all incoming mail to the primary logon account for the user and added the primary logon account to Send on behalf in user@domainB.com
 
After i waited for Exchange to update it's security policy i tested from my current location with Outlook 2003 using RPC over HTTPS logging on as the primary user account. In this configuration i was able to send mails as user@domainB.com without any problems, just filling in the name in the From field.
 
Now here comes the kicker. When the user logs on on the network, fires up Outlook 2007and tries to send an e-mail using user@domainB.com in the from field she almost immediatly gets an NDR stating she doesnt have the permission to send to these recipients.
 
I have looked everywhere for a solution for this problem, but cant find anything. Short of just installing Outlook 2003 on the users machine i dont have a clue of what i could do to get this working. If anyone could please help me on this, they'd receive instand-god standing in my book ;)
 
Hope for many usefull replies!
 
Kind regards,
Philipp

 

As we are testing out migration to Exchange 2007 from Echange 2003, we have decided to publish OWA, ActiveSync, and Outlook Anywhere using separate URLs. We currently have an Exchange 2003 front-end/back-end environment using one URL for OWA, ActiveSync, and RPC over HTTP. We would like to transition our current Exchange 2003 environment to the multiple URL scenario, but we are having a problem finding any documentation detailing moving from a single URL to a multiple URL environment. Does anyone know of any documentation?

Is there anything that can be done to get instant "echo" back while typing
an email in Outlook when it's connected via RPC over HTTPS?
Now I can type two senteces, see nothing on the screen, wait another minute,
and then of a sudden it all shows up at once...

Very annoying.

Any advice?

TIA!

/ Per

Hi, fellow Outlook users,

I'm using Outlook 2003 on Windows XP SP2 and I'm trying to connect to
an Exchange mailbox using OWA. As far as instructions in MS TechNet and
MSDN are concerned, I should only need to open one port in the client
machine, that is, TCP 80 or 443. I understand that after that, Outlook
should channel ALL its traffic through that port, right?

So I followed the "Configuring Outlook 2003 for RPC Over HTTP" article
(http://office.microsoft.com/en-us/as...402731033.aspx)
word-by-word to set up an account in Outlook, opened port 80 ... and
yet I couldn't log in; the "Connecting to (someserver)" dialog refused
to accept my username and password.

A brief look with the TCPView utility showed that Outlook tried to
connect not only to port 80, but also to 135 (RPC) and several random
ports in the high (1024+) port range. However, I absolutely cannot open
any other ports than 80 or 443 in the client machine, so either I can
somehow trick Outlook into using nothing but those ports, or .. well,
fail miserably and make several people unhappy.

What I'm hoping for, if you'd be so kind, is that you could explain to
me whether I got it all wrong and Outlook in OWA mode must still have
access to as many outgoing ports as it pleases, or is there a way to
persuade it into using only 80 and/or 443.

Thank you for your time, I'll be grateful for your answers.

--
Ivo Thamdrup

I'm having a problem with IIS crashing and taking out OWA and RPC over HTTPS

IIS Admin, FTP, Exchange POP3 and the SMTP services all stop at the same time for no apparent reason i can find the error in the event log are all exactly the same

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date:  6/03/2007
Time:  7:53:37 AM
User:  N/A
Computer: MAIL
Description:
The IIS Admin Service service terminated unexpectedly.  It has done this 16 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

the service restarts fine but then the WWW service the logs the following 2 message and stops, it is also configured to restart but doesn't

Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 1013
Date:  6/03/2007
Time:  7:55:06 AM
User:  N/A
Computer: MAIL
Description:
A process serving application pool 'ExchangeApplicationPool' exceeded time limits during shut down. The process id was '9944'.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 1030
Date:  6/03/2007
Time:  7:55:07 AM
User:  N/A
Computer: MAIL
Description:
Inetinfo terminated unexpectedly and the system was not configured to restart IIS Admin.  The World Wide Web Publishing Service has shut down.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

any help would be appreciated   even if its just a work around to save me having to manually restart the WWW service as we have a large number of remote users working in different time zones around the world.  and I'm sick of getting call at 2AM to say the mail server is down again !!!!

edit - Typo

So, I've been going through these wlk-thru's, and I have asimple question:

The first time you set up a clients PC for RPC over HTTPs, does the client
need to be on the local network? You know when you go to the Exchange
Server Settings and you put in the Exchange Server name and the User name,
and you clikc on "Check Name"? If you're not on the local network, can you
still complete the setup?

Thanks

When I configure Outlook 2003 for RPC over HTTP it requires me to enter
username/password again. I have already entered it when I logged into the
domain so why should I have to re-enter it? It is very irritating. I am
assuming there is some workaround for this annoyance. Does anybody know how
to get around this problem or have you all accepted retyping your
username/password?
Any suggestions would be greatly appreciated.

Thanks,
Stephen

Greetings and thanks for reading

I recently rebuilt my system and decided to give Office 2007 a try. Works
great except for the RPC over HTTP piece. No configuration I have tried has
seemed to work. Others in my org have had the same issue. The common
pattern has been those that upgraded instead of fresh install work fine.
Those that did a fresh install do not. I have verified and re-verified
settings to no avail. Has anyone run into this issue and solved it?

I'm looking for a programatic way to create an Outlook profile using RPC
over HTTP for full Exchange Client connecting over the Internet.

I currently have a 24 page document explaining the process of creating the
Outlook profile using the Mail utility in Control Panel, but I know my
customers need a programatic method of making the profile quickly and
correctly.

Does anyone have a start of an example program of how to do this or
something similar using C# or VB?

Cyrus

I'm looking for a programatic way to create an Outlook profile using RPC
over HTTP for full Exchange Client connecting over the Internet.

I currently have a 24 page document explaining the process of creating the
Outlook profile using the Mail utility in Control Panel, but I know my
customers need a programatic method of making the profile quickly and
correctly.

Does anyone have a start of an example program of how to do this or
something similar using C# or VB?

Cyrus

I'm looking for a programatic way to create an Outlook profile using RPC
over HTTP for full Exchange Client connecting over the Internet.

I currently have a 24 page document explaining the process of creating the
Outlook profile using the Mail utility in Control Panel, but I know my
customers need a programatic method of making the profile quickly and
correctly.

Does anyone have a start of an example program of how to do this or
something similar using C# or VB?

Cyrus

Am I missing something here? 

Outlook 2003 provides for "HTTP services" for Internet mail settings for services such as Hotmail, MSN, etc.  How can I make this service work with Exchange 2003?  It looks like Hotmail uses a httpmail.asp and MSN uses a V/D under cgi-bin.  What would the server URL be for Exchange and how do I set up IIS on a front-end/back-end server architecture, already running RPC over HTTP.

The scenario is; I have multiple exchange domains with multiple customers and I would like to have intgrated calendaring.

I've read in a tutorial on this site that goes over the requirements for getting RPC over HTTP to work with Outlook & Exchange.

I have all of the prerequisites EXCEPT that I have a Windows 2000 server, not 2003. Has anyone got RPC over HTTP working with Windows 2000 Server?

Also, I've been reading some of the KB docs on Microsoft, and in all of the server configurations I've seen there have been all sorts of back/front end and other types of servers involved in a network. I have 1 server! Would it be possible to get things working with just one server?

Any input on this matter would be greatly appreciated. I am excited to get RPC over HTTP working because VPN just isn't cutting it (mainly because all internet traffic goes thru the VPN when I'm connected, slowing everything down just because I need to be in Outlook).

Thanks!
Ryan

Hi all,

I'm not sure if this is a SBS2003 issue or not, but as there seems to be a lot of other messages here regarding RPC over HTTP I thought it better to post here.

I already have RPC over HTTP configured and working on our Exchange 2003 server at our head office which runs the full version of Exchange and WIndows 2003. Our users are really enjoying the benifits of this, so I decided to configure it for a client that we share office space with. They run a Small Business Server 2003.

I've followed the same set of instructions (MS Article 833401) I used to configure our server and everything appears to be working fine. I can reproduce all the testing messages and I even get a ping response from the proxy using the RpcPing utility. The users of this server can access OWA with no problems from the same server I can confirm the rpcproxy.dll runs off.

The problem I have is that whenever I try to connect an Outlook 2003 client over the proxy it just locks up. Additionally, when I run the RpcPing test to simulate connecting to the mailbox (MS Article 831051) it freezes up. I get this even if I use the utility on the server itself. When I feed the same ping instructions to our server I get an echo back properly.

Anyone have any ideas why I can get a ping response from the proxy, but nothign back from the mailbox? Seems to me this is a port or permissoin problem, but I'm totally stumpped - I've exhausted every avenue I can think of!

Specific Details:
SBS 2003 Standard running Win 2003 SP1 and Exchange 2003 SP2
I have Routing and Remote Access setup to perform NAT across two NICs with NO FIREWALL
I have port 80 and 443 on the hardware firewall mapped to the server's external IP
The system runs IIS6, OWA and RPC over HTTP is installed all of which I can access remotely
I have a full purchased SSL certificate setup with the correct common name (I know this is 100% correct because the users can access webmail using SSL with this certificate from the same Virtual Server that hosts the /rcp/rcpproxy.dll)
I can confirm I get the correct behaviours and responses when accessing /rpc/ and /rpc/rpcproxy.dll and authentication is working
I run rpcping with -E and I get a ping response (203ms)
I run rcpping with -e 6001 I get no response - it just hangs until I press Ctrl+C

The registry settings for MSExchangeIS, MSExchangeSA, RpcProxy and NTDS all have the correct 6001, 6002 and 6004 settings (the strings/values are equivilant to those I put into our server).

I can also telnet into ports 6001, 6002 and 6004 and get the correct response.

The only step in the whole set of instructions (MS Article 833401) I cannot complete is the section referring to SBS 2003 where it asks me to select "Outlook via the Internet" - this is not listed in my avaliable options on the dialog indicated, but in any case to get to this screen I have to enable the firewall on the wizard - the firewall is not turned on in the first place.

Any help would be greatly appreciated!

I need to find a solution where I can use two-form authentication for OWA
and RPC over HTTP. I am new to RSA and new to ISA.

It seems that I can use ISA in conjunction with a RSA systems to provide RSA
authentication.
1) Can I use RSA auth with OWA? (It sounds like from reading others posts
that this configuration works. What is the users experience? Does a user use
forms based authentication using RSA and then again using Domain account
login or just the RSA auth?)

2) Can I use RSA auth with Outlook RPC over HTTP? If no, is there any other
solution for Outlook RPC over HTTP that provides two-form authentication?

The only other way I can think of to deploy a full Outlook client would be
to use a VPN solution that can use RSA auth instead of using the new
Exchange/Outlook 2003 RPC over HTTP solution. It seems like Microsoft
Outlook would support RSA auth.

Could someone give me a brief description of this scenario and/or any
pertinent articles?

Thanks
Ken


Not finding an answer? Try a Google search.