Monday, December 8, 2008

Outlook Anywhere Failing - RPC End Points - 6004

It was brought to my attention that autodiscover was not behaving correctly externally.  I ran it through Microsoft's Exchange connectivity tester @ http://www.testexchangeconnectivity.com/ and received the following output:









To resolve this first simple part I just went into the EMS and gave it an ExternalURL via:

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl https://autodiscover.domain.com/Autodiscover/Autodiscover.xml

I now received this error:









"Failed to ping RPC Endpoint 6004 (NSPI Proxy Interface)"

..and also RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime

Most curious about an RPC error at this level.  Perhaps a connection between the Hub/Cas and MBX server or MBX server and AD/DCs/GCs?  The environment was not 2008, nor was it using IPv6.

The following is what fixed my issue:

Using the configurations here I was able to remedy the situation.  Basically what happened was that it could not use DSPROXY via HTTP, and it is a known issue.  The fix is to:

1. Changes for Mailbox servers..

a. create a DWORD called "Do Not Refer HTTP to DSProxy" at HKLM\System\CCS\Services\MSExchangeSA\Parameters\ and the value set to 1.  This will, as it spells out, stop it from trying to use DSProxy when using HTTP.
b. HKLM\System\CCS\Services\MSExchangeSA \Parameters key "NSPI Target Server" to the FQDN of the domain controller that you would like used for profile creation.

2. Changes for Client Access Servers..
a. Ensure that the "PeriodicPollingMinutes" key at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator\ is set to zero.  This will ensure that the system won't continue to over write our settings every 15 minutes.
3. b. Also modify "ValidPorts" at HKLM\Software\Microsoft\RPC\RPCProxy such that it lists the DCs which can be accessed via port 6004.  An example of this would be:










domaincontroller.domain.com:6004;domaincontroller2.domain.com:6004


4. Changes for all Global Catalog (GC) servers..
a. Be sure that there is an REG_MULTI_SZ entry created named NSPI interface protocol sequences at HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ and the value set to "ncacn_http:6004"


Testing autodiscover/Outlook anywhere now yields the following output in the connectivity tester:















You can double check these settings by configuring a profile in Outlook, then Ctrl+RightClicking the outlook icon on the system tray, and running "Test E-Mail Autoconfiguration."

For the full explanation I highly recommend reading the official blog post by Siddhartha Mathu at:



Good read!

13 comments:

Unknown said...

I confirm that this post fixed my problem. The only thing is that I had to reboot the Mailbox server after the registry entries were input for them to take effect.

plexustech said...

Great post. It corrected my problem. Thank you!

Unknown said...

Many Thanks for this Post. My Problems habe gone away!

Joshua Raymond said...

That can be caused by a few things. Often times it will be authentication, or the loopback. Usually the latter.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Create a new DWORD Value called DisableLoopbackCheck

Set the Value to 1 then reboot the CAS server

Umair said...

plzzz help me...i did everything but still i have same issue... its keep asking password... i did wht u mention here... but still textexchangeconnectivity cant ping RPC:

ttempting to ping RPC proxy webmail.abnigroup.com.
RPC Proxy can't be pinged.

Additional Details
A Web exception occurred because an HTTP 440 - 440 response was received from Unknown.

Joshua Raymond said...

Must have missed this comment. Feel free to drop me some details on my e-mail if you happen to still be having the issue.

Anonymous said...

thx it really worked magic

started working only after restarting the server


Colin

efurlong121 said...

You are the man! Thanks, worked like a charm for me too.

Anonymous said...

Really good explanation - fixed the issue first time after a reboot.
Had been baffled by this for hours before i cam across this blog - Excellent!!

Igor said...

RPC endpoint config together with timeout setting solved my problem! Thanks, very valuable post!

Eriks Trautmanis said...

Dude you are the man !!!!!!!!! It took us 2 days to have the system working again after a server crash (array destroyed). Thank you very much, posts like yours change people lives

niz said...

It really works. I appreciate very much

Anonymous said...

Thank you for posting this great article it helped a lot in a time of need