RPC over HTTPS: Common Problems
RPC over HTTPS is one of those features that either works or not. There is no middle ground where part of the feature may work.
Many problems can be resolved by following the best practises that we have outlined here. These are based on our experience with deploying this feature.
Most Common Problems
There are two problems that occur most frequently.
- Certificate errors.
Either because the certificate has been home grown and isn't trusted, the name doesn't match or there is no certificate.
- Registry Settings.
It only takes a very small error in the registry settings for the feature to fail.
The other major problem is trying to deploy the feature when you haven't met the minimum requirements. You cannot use this feature on Windows 2000, either workstation or server and the domain must have at least one Windows 2003 GC/DC.
Virtual Directory Settings
Check the permissions on the RPC virtual directory. They should be Integrated and Basic only. Anonymous access should be disabled.
On the "Home Directory" tab, ensure that the directory is set to use the "DefaultAppPool" (which should be greyed out) and is also set to Scripts and Executables.
Q: Clients are being prompted for username/password even when they are on the network or using a machine that belongs to our domain. Can we stop that?
A: Yes. There are two causes for this happening.
- Verify that the Authentication settings on the /rpc virtual directory in IIS Manager are correct. They should be Integrated and Basic Authentication only. Anonymous should not be enabled.
Access these settings by expanding the directory structure in IIS Manager, right click on the RPC virtual directory and choose Properties. Click on the "Directory Security tab", then the first "Edit" button next to "Authentication and Access Control."
- You may need to adjust the authentication level on the RPC host machine. Refer to MS KB ID 820281 for more information.
Q: Deleted Item Retention doesn't seem to be working.
A: This is by design. The feature is disabled on the client when you use RPC over HTTPS. You need to enable the feature before configuring Outlook to connect to Exchange. MS KB ID 886205 - enabling "Dumpster Always On"