How to Verify RPC Virtual Directory Configuration

  • Article

 

This topic helps you troubleshoot an unsuccessful RPC over HTTP connection. The topic explains how to verify that the RPC virtual directory is properly configured in Internet Information Services (IIS) so that IIS can connect to the RPC application on the RPC proxy server by using Secure Sockets Layer (SSL) protocol.

In the task, a client computer running Windows XP Service Pack 1 (SP1) or later is used to connect to the RPC virtual directory in IIS. The task uses Internet Explorer to test RPC and Internet Information Services (IIS) connection to confirm that the RpcProxy.dll file on the RPC proxy server is working correctly. To test that the RPC virtual directory is properly configured in IIS, follow one of the following procedures that best suits your scenario.

  • Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on Windows Server 2003 or Windows Small Business Server 2003.

  • Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on Windows Server 2003 SP1.

    Note

    You can also test RPC, IIS functionality by browsing directly to the DLL file in the RPC Virtual Directory. Steps are included in the procedure below.

Procedure

Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on Windows Server 2003 or Windows Small Business Server 2003

  1. On the client computer, start Internet Explorer, type the fully qualified domain name (FQDN) address in Internet Explorer, and then click Go.

    For example, type: https://mail.contoso.com/rpc

    Note

    Substitute the FQDN of your RPC proxy server for mail.contoso.com.

  2. Do one of the following depending on the message you receive:

    • If you receive the following message, click OK:

      You are about to view pages over a secure connection.

      Any information you exchange with this site cannot be viewed by anyone else on the Web.

    • If you receive a message that states that the certificate was issued by a company that you have not chosen to trust, make sure that the client computer trusts the root certification authority that issued the certificate.

      Note

      Typically, you receive this message when you do not configure the server to use a third-party certificate. For more information about how to trust a root certification authority, view the article in the Microsoft Knowledge Base: This security certificate was issued by a company that you have not chosen to trust.

  3. When you are prompted for your credentials, type your user name in the Universal Naming Convention (UNC) format, type your password, and then click OK.

    For example, type your user name in the domain\username format. You receive the following error message:

    The page cannot be displayed

    HTTP Error 403.2 - Forbidden: Read access is denied.

    Internet Information Services (IIS)

Note

This error message is the expected behavior. This error message indicates that the RPC virtual directory on the server is correctly configured. IIS returns this error message because the client program does not have Read permissions to the RPC application on the RPC proxy server, although you can successfully access this application.

Procedure

Test RPC proxy server, IIS functionality where Exchange Server 2003 runs on Windows Server 2003 SP1

  • Option 1: Test the RPC proxy server, IIS connection to the RPC application through your Internet browser.

Note

If you have applied Windows Server 2003 SP1, you will find a new Virtual Directory in IIS. It is named RpcWithCertand is located under the Default Web Site. This new Virtual Directory does not effect the current RPC over HTTP configuration and you are not required to configure it.

  1. On the client computer, start Internet Explorer, type the fully qualified domain name (FQDN) address in Internet Explorer, and then click Go. For example, type

    https://mail.contoso.com/rpc

    Note

    Substitute the FQDN of your RPC proxy server for mail.contoso.com.

  2. Enter your credentials at the first prompt, click OK on the second and third prompts.

    Note

    You will receive a prompt to enter your credentials three times. After the first prompt, you do not have to enter your credentials again.

    After you click OK on the second and third prompts, you receive the following error message:

    You are not authorized to view this page. You do not have permission to view this directory or page due to the access control list (ACL) that is configured for this resource on the Web server.

    HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource.

    Internet Information Services (IIS)

    This error message is the expected behavior. This error message indicates that the RPC Virtual Directory on the server is correctly configured.

  • Option 2: You can test RPC, IIS functionality by browsing directly to the DLL file that is being hosted in the RPC Virtual Directory through your browser.

    1. On the client computer, start Internet Explorer, type the following FQDN address in Internet Explorer, and then click Go:

      https://mail.contoso.com/rpc/rpcproxy.dll

      Note

      Substitute the FQDN of your RPC proxy server for mail.contoso.com.

    2. When prompted for your credentials, type your user name by using the Universal Naming Convention (UNC) format (domain\username), type your password, and then click OK.

      You will see a blank page in your browser and there will be a lock icon in the Status Bar of your browser. This indicates that you have successfully established a secured (SSL) connection with the server. Again, this is the expected behavior and indicates that the RPC Virtual Directory is configured correctly on the server.

      Note

      If you receive a message that states that the certificate was issued by a company that you have not chosen to trust, your client computer is not configured to trust the root certification authority that issued the certificate. This behavior typically occurs when you do not configure the RPC proxy server to use a third-party certificate. For more information about how to trust a root certification authority, view the article in the Microsoft Knowledge Base 297681, This security certificate was issued by a company that you have not chosen to trust.

For More Information