Exchange RPCoHTTP fails with L7 content switching

Hi,

I have the same problem and one client with Outlook 2010 (RPC Over HTTP) not able to connect.

Have you found a solution ?

David

Hello,

the regex is correct, it matches everything that begins with /rpc after the FQDN. 

Have you enabled Transparency for the virtual service? If so please disable.

And please check your persistence options set for the MAPI connection. If persistence is the root cause for the failure you could get a better indication by enabling:

System Configuration ==> System Log Files ==> Debug Options ==> Enable L7 Debug Traces

which would enable verbosity for the "System Message File". 

Please post your results here.

In addition, customers in evaluation are entitled to raise support tickets, so please consider this option if the above would not help in solving the issue.

With Kind Regards
KEMP Customer Service

Hi,

I've turned off transparency both at /RPC and /MAPI (although I would prefer to have client IPs in my logs on Exchange side), but this didn't help. Persistence mode is set to none.

I see the following errors in system log after enabling L7 debug traces:

l7_mangle_(replace)header failed '/mapi/emsmdb/?MailboxId=4d707369-fcf3-478c-bb1c-3d4747ba74f1@ex16test.neostratus.com'

l7_mangle_(replace)header failed '/rpc/rpcproxy.dll?4d707369-fcf3-478c-bb1c-3d4747ba74f1@ex16test.neostratus.com:6001'

Both errors are repeated multiple times while the MS RCA test is running and at the end timing out with the following RPC error:

MAPI over HTTP seems to be working fine:

...

Testing the MAPI Mail Store endpoint on the Exchange server.
We successfully tested the Mail Store endpoint.

Additional Details
Elapsed Time: 2321 ms.

Test Steps

Attempting to log on to the Mailbox.
We were able to log on to the Mailbox.

Additional Details
Elapsed Time: 2321 ms.

RPC over HTTP fails:

...

Testing HTTP Authentication Methods for URL https://ex16test.neostratus.com/rpc/rpcproxy.dll?4d707369-fcf3-478c-bb1c-3d4747ba74f1@ex16test.neostratus.com:6002.
The HTTP authentication methods are correct.

Additional Details

The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLM
HTTP Response Headers:
request-id: 9c7393c4-35fe-407c-89b9-f01ddd0fda8e
Cache-Control: private
Set-Cookie: ClientId=B4DP9U3DFECKV5A7MHYNVG; expires=Wed, 02-Nov-2016 13:22:48 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="ex16test.neostratus.com"
Date: Tue, 03 Nov 2015 13:22:48 GMT
Content-Length: 0
Elapsed Time: 146 ms.

Attempting to ping RPC proxy ex16test.neostratus.com.
RPC Proxy was pinged successfully.

Additional Details
Elapsed Time: 913 ms.

Attempting to ping the MAPI Mail Store endpoint with identity: 4d707369-fcf3-478c-bb1c-3d4747ba74f1@ex16test.neostratus.com:6001.
The attempt to ping the endpoint failed.

Additional Details
An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled
Elapsed Time: 33252 ms.

I'm evaluating and will try to open a support ticket as well.

BR,

Andras

KEMP support could resolve this quickly: the "Exchange 2013 HTTPS Offloaded" template creates a "HTTP header modification rule", which is redirecting the root URL to /owa. After removing this rule RPC testing with RCA works as expected. I still need to figure out how to make both root redirection and RPC work correctly together.

I've figured out the solution: the redirection rule needs to be added to the OWA subVS instead of the main VS and this way both RPC and root to OWA redirection seems to work fine. (The OWA subVS is selected for the root URL based on the content switching rules.)

Thank you.

KEMP Customer Service

Hi atudos, i tried it like you explain, but i don't will be redirected to owa after the changes. 

What did you mean with The OWA subVS is selected for the root URL based on the content switching rules?

Thanks

Daniel

Hi,

This is working for us correctly.

Here is a SubVS selector content rule pattern as an example: /^mail\.domain\.com(\/|\/owa.*)$/
Make sure you have "Include Host in URL" option checked or you can try it without the FQDN as well! This rule matches to root and to /owa as well.

The redirect rule is then applied within the subVS under "HTTP Header Modifications":

Type: Modify URL
Pattern: /^\/$/
Replacement: /owa

BR, Andras

Hi there,

I'm having the same problem, that Outlook clients won't connect using Outlook Anywhere. Using the MSRCA it stops saying:

Attempting to ping RPC proxy mail.tangro.de.
RPC Proxy can't be pinged.

Additional Details

An unexpected network-level exception was encountered. Exception details:
Message: The remote server returned an error: (401) Unauthorized.
Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
Stack trace:
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (401) Unauthorized.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
Elapsed Time: 665 ms.

What am I doing wrong here?

Regards,

Athi