How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2003 (831051)
The information in this article applies to:
- Microsoft Office Outlook 2003
- Microsoft Office Outlook 2003 with Business Contact Manager
SUMMARYThis article discusses how to use the RPC Ping Utility to
troubleshoot connectivity issues for Microsoft Office Outlook 2003 using the
Exchange over the Internet feature with nesting of Remote Program Calls (RPC)
in HTTP packets.MORE INFORMATIONYou can use the RPC Ping Utility to confirm the RPC
connectivity between the computer that is running Microsoft Exchange Server and
any one of the supported Microsoft Exchange Client workstations on the network.
Additionally, you can use the RPC Ping Utility to verify if the Microsoft
Exchange Server services are responding to RPC requests from the client
workstations through the network. The RPC Ping Utility is part of the
Microsoft Windows Server 2003 Resource Kit Tools. To download the Resource Kit,
visit the following Microsoft Web site: Arguments That Are Used for the RPC Ping UtilityThe following table lists the command line arguments that you can
use with the RPC Ping Utility:
|
| -t | ncacn_ip_tcp, ncacn_np, or ncacn_http | This argument sets the protocol that is used to try to
bind to the RPC Proxy server. This argument uses the standard RPC protocol
sequences. | | -s | ExchangeMBXServer | This
argument is the name of both the Microsoft Exchange 2003 server and the MBX
server. | | -o | RpcProxy=RpcProxyServer | This argument is
the name of the RPC Proxy server. | | -P | "username,domain,*"
or
"username,domain,password" | This
argument specifies the user account that is used to authenticate with the RPC
Proxy server. | | -I | "username,domain,*"
or
"username,domain,password" | This
argument specifies the user account that is used to authenticate with the
Microsoft Exchange server. | | -H | 1 or 2 | This argument is the authentication type that is used for
the RPC Proxy server. Use the value 1 for basic authentication, and use the value 2 for NTLM authentication. | | -u | 9, 10, 14, or 16 | RPC will use one of the security methods that are listed in this cell to authenticate the user account. The security package is identified as a number. The Negotiate
security package is 9, the NTLM security package is 10, the SChannel security package is 14, and the Kerberos security package is 16. If you use this argument, you must specify an authentication
level other than none. There is no default for this argument. If the argument is not
specified, RPC will not use security for the connectivity test. | | -a | connect, call, pkt, integrity, or privacy | This is the authentication level that is used to connect
to the RPC Proxy server. If this argument is specified, the security package id
(-u) must also be specified. There is no default for this
argument. If this argument is not specified, RPC will not use security for the
connectivity test. | | -F | 2 or 3 | These arguments are the flags that pass for RPC/HTTP
front end authentication. The No SSL flag is 2, and the Use SSL flag is 3. You must have Microsoft Windows XP Service Pack 1 or Microsoft
Windows Server 2003 or later to use this argument.
Additionally, you
must specify security package -u and authentication level (-a) to use this argument. If you use basic
authentication and no Secure Sockets Layer (SSL), you will be prompted to
confirm this choice. | | -v | 1, 2, or 3 | This argument turns on verbose logging. The value 1 is for minimal logging, the value 2 is for normal logging, and the value 3 is for complete logging. | | -E | | This argument takes no values. This
argument restricts the connectivity test to the RPC Proxy server only. | | -R | HTTP Proxy Server
or none | This argument specifies the HTTP Proxy server that is going to
be used. Use the value none to bypass the HTTP Proxy server and to try a direct connection to
the RPC Proxy server. | | -B | msstd:server_certificate_subject | This
argument is the server certificate subject. You must use SSL for this argument
to work (-F 3), and you must specify both the security package (-u) and the authentication level (-a) to use this argument. | | -f | interface
UUID[,MajorVer] | This argument
is the interface to test for connectivity. This argument is mutually exclusive
with the endpoint argument. The interface is specified as a
universally unique identifier (UUID). If the major version number of the UUID
(MajorVer) is not specified, version 1 of the
interface will be sought. When the interface is specified, RPC Ping Utility
will query the EndPoint Mapper (EMP) on the destination computer to retrieve
the endpoint for the specified interface. The EMP is queried with the options
that are specified in the command line. | | -e | endpoint | This
argument is the endpoint value to test for connectivity. If none is specified, the EMP on the destination computer will be tested.
This argument is mutually exclusive with the interface (-f) argument. | | -q | n/a | This argument is the Quiet mode.
The RPC Ping Utility does not issue any prompts, except for passwords, and
assumes "Yes" for all queries. |
Default Ports, Services, and RPC Service UUIDs The following table lists the standard services and their
associated port IDs, UUIDs, and major version:
|
| Store | 6001 | a4f1db00-ca47-1067-b31f-00dd010662da | 0 | | DsProxy | 6004 | f5cc5a18-4264-101a-8c59-08002b2f8426 | 56 | | End Point Mapper | 593 | n/a | n/a | | DsReferral | 1544 | f5e0-613c-11d1-93df-00c04fd7bd09 | 1 | | Directory | 6004 | f5cc5a18-4264-101a-8c59-08002b2f8426 | 56 |
How to Simulate Common Outlook 2003 RPC/HTTP RequestsThe following table lists the various arguments that are used by
the RPC Ping Utility. You can use these arguments to simulate the type and the
kind of RPC requests that are used by Outlook 2003 using the Exchange over the
Internet feature: |
| -B | Mutual authentication. You must specify the
server certificate subject that is being used. | | -H 1 -F 3 | Basic authentication with SSL. This is the
most common connection method. | | -H 1 -F 2 | Basic authentication with no SSL. You will
be prompted to confirm the no SSL choice (unless the -q argument is specified). You must configure the RPC
Proxy server to permit anonymous logons. | | -H 2 -F 3 or 2 | NTLM authentication with or without SSL.
Note NLTM cannot be used through reverse proxies if they end the Transmission
Control Protocol (TCP) session. | | -I & -P | Always specify this argument. If you use the
asterisk (*) wildcard character for the password, the RPC Ping Utility will
prompt you for a password. | | -e Port | The following are the most common ports to
test for this argument:
6001 (store)
6004 (dsproxy) | | -E | This argument only tests the RPC Proxy
server. Use this argument to determine where connection problem are. | | -R | By default, do not use this argument. This
argument picks up the clients HTTP Proxy settings. This argument can be used to
override the HTTP Proxy settings, such as a Microsoft Internet Explorer Proxy
setting. | | -R none | This argument forces no proxy to be used.
The RPC Ping Utility will ignore Internet Explorer proxy settings and try a
direct connection to the server that is specified in the -o switch. | | -f (or no -e) | This argument is used to test individual
UUIDs on computers that are behind a RPC Proxy server.
Note This argument will not work unless EMP is published. You cannot
use this argument in a default configuration because -f requires the RCP Ping Utility to query the EPM.
Additionally, if -e is not specified, this argument will also fail.
Without -e, the RPC Ping Utility will only try to access the
EPM (port 593). Again, the EMP may not be published. |
Testing the RPC Proxy ServerWhen you troubleshoot for connectivity problems in Outlook 2003
using the Exchange over the Internet feature, first determine if the RPC Proxy
server is responding correctly. The following sample shows how to determine if
the RPC Proxy server is responding correctly. Syntax: rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none You will receive a prompt to enter your password for your
Exchange server, and then you will receive a prompt for your password for the
RPC Proxy server. If the RPC Ping Utility test was successful, you will receive
the following reply: RPCPinging proxy server ExchServer with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in Response_Time ms
Verbose Responses This table lists some of the more common verbose responses and
why you may receive them from RPC Ping Utility tests:
|
Response from server received: 200
Pinging successfully
completed in 4106 ms | You receive this response if there is a successful
RPC Ping Utility test. | Response from server received: 401
Client is not
authorized to ping RPC proxy | You receive this response if the RPC Ping
Utility test failed. The PRC Ping Utility test may have failed if HTTP access
is denied, if there are incorrect credentials on the -P switch, or if the user exits. | | Error 12029 returned in the WinHttpSendRequest. | You
receive this response if the RPC Ping Utility test failed. The PRC Ping Utility
test may have failed because it could not contact ProxyServer Port 80 (-F 2), because 443 (-F 3) was blocked, or because the World Wide Web
Publishing Service (W3Svc) Server has stopped responding. | | Response from server received: 501 | The PRC Ping
Utility test may have failed because the RcpProxy.dll could not be contacted,
because the wrong virtual root folder (Vroot) was being accessed, if a RPC
Proxy server has not been installed, or if Vroot is not accessible. | | Error 12175 returned in the WinHttpSendRequest. | The
PRC Ping Utility test may have failed because the certificate is not trusted or
because it does not trust the certificate and root authority. The server
certificate subject from the RPC Proxy server does not match the one that is
specified by -B.
The PRC Ping Utility test may have
failed. The PRC Ping Utility test may have failed because a Mutual
Authentication failed because the subject on the certificate did not match the
expected subject. By default, the certificate subject should match the
published fully qualified domain name (FQDN) of the RPC Proxy server.
|
How to Verify That the Client Can Contact Backend Ports By default, the RPC Proxy server does not publish the EPM port
location. Therefore, you cannot ping the EPM from outside your intranet or use
the UUID of the service. However, you can specify the backend port
that you want to test. By default, the store is on port 6001 and DsProxy is on
port 6004. If these locations have been changed, the ports can be verified by
using the RpcDump utility. The RpcDump utility is available from the Microsoft
Windows Server 2003 Resource Kit package. Additionally, Microsoft does not
recommend publishing the global catalog Directory Service or the Exchange
referral service. The following RPC Ping Utility examples are typed in
at the command prompt. To access the command prompt, click
Start, point to All Programs, point to
Accessories, and then click Command Prompt. How to Use Basic Authentication and SSL to Connect to the Store's Port Syntax: RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 -F 3 -a connect -u 10 -v 3 -e 6001
How to Use Basic Authentication, SSL, and Mutual Authentication to Connect to the Store's Port Syntax: RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 -F 3 -a connect -u 10 -v 3 -e 6001 -B msstd:server_certificate_subject
How to use NTLM Authentication and Non-SSL to Connect to DsProxy Service Syntax : RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 2 -F 2 -a connect -u 10 -v 3 -e 6004
|
Completed 1 calls in 60 ms
16 T/S or 60.000
ms/T | The RPC Ping Utility test succeeded. | Exception 1722 (0x000006BA)
RPC Server is
unavailable | The RPC service cannot be contacted. You may receive this
response because there are problems with the RPC Proxy server (if this is the
case, you can use the -E argument to verify that the RPC Proxy server is
available), because the service stopped on Exchange 2003 backend server (for
example store), because the Exchange 2003 backend server is down, because the ValidPorts registry key does not permit access to this server, because the ValidPorts registry key does not permit this port, because you tried to to
access the EMP when it was not published (neither the -e switch or port 593 were available), or because you tried to
access UUID when EMP was not published (for example, you used the -a switch without port 593 being available.). | Exception 5 (0x00000005)
Access denied. | You
receive this response when you have incorrect -P credentials, you have incorrect -I credentials, if the user account is disabled, or if
the Mutual Authorization failed. For more details about this response, use the -E argument. |
How to Verify That the Client Can Contact Backend Server and Backend Services Through UUID By default, the EPM (port 593) is not published.
Therefore, the following samples are of limited use. However if the EPM is
published, the following commands can be used. How to Test the EPM
Syntax: RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 -F 3 -a connect -u 10 -v 3 -B msstd:server_certificate_subject How to Test the Store UUID Syntax: RpcPing -t ncacn_http -s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 -F 3 -a connect -u 10 -v 3 -f a4f1db00-ca47-1067-b31f-00dd010662da,0 -B msstd:server_certificate_subject
| Modification Type: | Minor | Last Reviewed: | 1/13/2006 |
|---|
| Keywords: | kbtshoot kbhowto KB831051 |
|---|
|