How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003

Article translations Article translations
Article ID: 831051 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

This article discusses how to use the RPC Ping Utility to troubleshoot connectivity issues for Microsoft Office Outlook 2007 and for Microsoft Office Outlook 2003 using the Exchange over the Internet feature with nesting of Remote Program Calls (RPC) in HTTP packets.

MORE INFORMATION

You can use the RPC Ping Utility to confirm the RPC connectivity between the computer that is running Microsoft Exchange Server and any one of the supported Microsoft Exchange Client workstations on the network. Additionally, you can use the RPC Ping Utility to verify if the Microsoft Exchange Server services are responding to RPC requests from the client workstations through the network.

The RPC Ping Utility is part of the Microsoft Windows Server 2003 Resource Kit Tools. To download the Resource Kit, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en

Arguments That Are Used for the RPC Ping Utility

The following table lists the command line arguments that you can use with the RPC Ping Utility:
Collapse this tableExpand this table
ArgumentValueDescription
-tncacn_ip_tcp, ncacn_np, or ncacn_httpThis argument sets the protocol that is used to try to bind to the RPC Proxy server. This argument uses the standard RPC protocol sequences.
-sExchangeMBXServerThis argument is the name of both the Microsoft Exchange Server 2003 server and the MBX server.
-oRpcProxy=RpcProxyServerThis argument is the name of the RPC Proxy server.
-P"username,domain,*" or "username,domain,password"This argument specifies the user account that is used to authenticate with the RPC Proxy server.
-I"username,domain,*" or "username,domain,password"This argument specifies the user account that is used to authenticate with the Microsoft Exchange server.
-H1 or 2This argument is the authentication type that is used for the RPC Proxy server. Use the value 1 for basic authentication, and use the value 2 for NTLM authentication.
-u9, 10, 14, or 16RPC will use one of the security methods that are listed in this cell to authenticate the user account. The security package is identified as a number. The Negotiate security package is 9, the NTLM security package is 10, the SChannel security package is 14, and the Kerberos security package is 16. If you use this argument, you must specify an authentication level other than none. There is no default for this argument. If the argument is not specified, RPC will not use security for the connectivity test.
-aconnect, call, pkt, integrity, or privacyThis is the authentication level that is used to connect to the RPC Proxy server. If this argument is specified, the security package id (-u) must also be specified. There is no default for this argument. If this argument is not specified, RPC will not use security for the connectivity test.
-F2 or 3These arguments are the flags that pass for RPC/HTTP front end authentication. The No SSL flag is 2, and the Use SSL flag is 3. You must have Microsoft Windows XP Service Pack 1 or Microsoft Windows Server 2003 or later to use this argument.

Additionally, you must specify security package -u and authentication level (-a) to use this argument. If you use basic authentication and no Secure Sockets Layer (SSL), you will be prompted to confirm this choice.
-v1, 2, or 3This argument turns on verbose logging. The value 1 is for minimal logging, the value 2 is for normal logging, and the value 3 is for complete logging.
-EThis argument takes no values. This argument restricts the connectivity test to the RPC Proxy server only.
-RHTTP Proxy Server or noneThis argument specifies the HTTP Proxy server that is going to be used. Use the value none to bypass the HTTP Proxy server and to try a direct connection to the RPC Proxy server.
-Bmsstd:server_certificate_subjectThis argument is the server certificate subject. You must use SSL for this argument to work (-F 3), and you must specify both the security package (-u) and the authentication level (-a) to use this argument.
-finterface UUID[,MajorVer]This argument is the interface to test for connectivity. This argument is mutually exclusive with the endpoint argument. The interface is specified as a universally unique identifier (UUID). If the major version number of the UUID (MajorVer) is not specified, version 1 of the interface will be sought. When the interface is specified, RPC Ping Utility will query the EndPoint Mapper (EMP) on the destination computer to retrieve the endpoint for the specified interface. The EMP is queried with the options that are specified in the command line.
-eendpointThis argument is the endpoint value to test for connectivity. If none is specified, the EMP on the destination computer will be tested. This argument is mutually exclusive with the interface (-f) argument.
-qn/aThis argument is the Quiet mode. The RPC Ping Utility does not issue any prompts, except for passwords, and assumes "Yes" for all queries.

Default Ports, Services, and RPC Service UUIDs

The following table lists the standard services and their associated port IDs, UUIDs, and major version:
Collapse this tableExpand this table
ServiceDefault PortUUIDMajor Version
Store6001a4f1db00-ca47-1067-b31f-00dd010662da0
DsProxy6004f5cc5a18-4264-101a-8c59-08002b2f842656
End Point Mapper593n/an/a
DsReferral1544f5e0-613c-11d1-93df-00c04fd7bd091
Directory6004f5cc5a18-4264-101a-8c59-08002b2f842656

How to Simulate Common Outlook 2007 or Outlook 2003 RPC/HTTP Requests

The following table lists the various arguments that are used by the RPC Ping Utility. You can use these arguments to simulate the type and the kind of RPC requests that are used by Outlook 2007 or by Outlook 2003 using the Exchange over the Internet feature:
Collapse this tableExpand this table
ArgumentsWhen to Use
-BMutual authentication. You must specify the server certificate subject that is being used.
-H 1 –F 3Basic authentication with SSL. This is the most common connection method.
-H 1 –F 2Basic authentication with no SSL. You will be prompted to confirm the no SSL choice (unless the –q argument is specified). You must configure the RPC Proxy server to permit anonymous logons.
-H 2 –F 3 or 2NTLM authentication with or without SSL. Note NLTM cannot be used through reverse proxies if they end the Transmission Control Protocol (TCP) session.
-I & -PAlways specify this argument. If you use the asterisk (*) wildcard character for the password, the RPC Ping Utility will prompt you for a password.
-e PortThe following are the most common ports to test for this argument:
6001 (store)
6004 (dsproxy)
-EThis argument only tests the RPC Proxy server. Use this argument to determine where connection problem are.
-RBy default, do not use this argument. This argument picks up the clients HTTP Proxy settings. This argument can be used to override the HTTP Proxy settings, such as a Microsoft Internet Explorer Proxy setting.
–R noneThis argument forces no proxy to be used. The RPC Ping Utility will ignore Internet Explorer proxy settings and try a direct connection to the server that is specified in the –o switch.
-f (or no –e)This argument is used to test individual UUIDs on computers that are behind a RPC Proxy server.

Note This argument will not work unless EMP is published. You cannot use this argument in a default configuration because –f requires the RCP Ping Utility to query the EPM. Additionally, if –e is not specified, this argument will also fail. Without –e, the RPC Ping Utility will only try to access the EPM (port 593). Again, the EMP may not be published.

Testing the RPC Proxy Server

When you troubleshoot for connectivity problems in Outlook 2007 and in Outlook 2003 using the Exchange over the Internet feature, first determine if the RPC Proxy server is responding correctly. The following sample shows how to determine if the RPC Proxy server is responding correctly.

Syntax:
rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
You will receive a prompt to enter your password for your Exchange server, and then you will receive a prompt for your password for the RPC Proxy server. If the RPC Ping Utility test was successful, you will receive the following reply:
RPCPinging proxy server ExchServer with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in Response_Time ms

Verbose Responses

This table lists some of the more common verbose responses and why you may receive them from RPC Ping Utility tests:
Collapse this tableExpand this table
Verbose ResponsePossible Cause
Response from server received: 200
Pinging successfully completed in 4106 ms
You receive this response if there is a successful RPC Ping Utility test.
Response from server received: 401
Client is not authorized to ping RPC proxy
You receive this response if the RPC Ping Utility test failed. The PRC Ping Utility test may have failed if HTTP access is denied, if there are incorrect credentials on the –P switch, or if the user exits.
Error 12029 returned in the WinHttpSendRequest.You receive this response if the RPC Ping Utility test failed. The PRC Ping Utility test may have failed because it could not contact ProxyServer Port 80 (-F 2), because 443 (-F 3) was blocked, or because the World Wide Web Publishing Service (W3Svc) Server has stopped responding.
Response from server received: 501The PRC Ping Utility test may have failed because the RcpProxy.dll could not be contacted, because the wrong virtual root folder (Vroot) was being accessed, if a RPC Proxy server has not been installed, or if Vroot is not accessible.
Error 12175 returned in the WinHttpSendRequest.The PRC Ping Utility test may have failed because the certificate is not trusted or because it does not trust the certificate and root authority. The server certificate subject from the RPC Proxy server does not match the one that is specified by -B.

The PRC Ping Utility test may have failed. The PRC Ping Utility test may have failed because a Mutual Authentication failed because the subject on the certificate did not match the expected subject. By default, the certificate subject should match the published fully qualified domain name (FQDN) of the RPC Proxy server.

How to Verify That the Client Can Contact Backend Ports

By default, the RPC Proxy server does not publish the EPM port location. Therefore, you cannot ping the EPM from outside your intranet or use the UUID of the service.

However, you can specify the backend port that you want to test. By default, the store is on port 6001 and DsProxy is on port 6004. If these locations have been changed, the ports can be verified by using the RpcDump utility. The RpcDump utility is available from the Microsoft Windows Server 2003 Resource Kit package. Additionally, Microsoft does not recommend publishing the global catalog Directory Service or the Exchange referral service.

The following RPC Ping Utility examples are typed in at the command prompt. To access the command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt.

How to Use Basic Authentication and SSL to Connect to the Store’s Port

Syntax:
RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 –F 3 –a connect –u 10 –v 3 –e 6001

How to Use Basic Authentication, SSL, and Mutual Authentication to Connect to the Store’s Port

Syntax:
RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 –F 3 –a connect –u 10 –v 3 –e 6001 –B msstd:server_certificate_subject

How to use NTLM Authentication and Non-SSL to Connect to DsProxy Service

Syntax :
RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 2 –F 2 –a connect –u 10 –v 3 –e 6004
Collapse this tableExpand this table
Verbose ResponsePossible Cause
Completed 1 calls in 60 ms
16 T/S or 60.000 ms/T
The RPC Ping Utility test succeeded.
Exception 1722 (0x000006BA)
RPC Server is unavailable
The RPC service cannot be contacted. You may receive this response because there are problems with the RPC Proxy server (if this is the case, you can use the –E argument to verify that the RPC Proxy server is available), because the service stopped on Exchange 2003 backend server (for example store), because the Exchange 2003 backend server is down, because the ValidPorts registry key does not permit access to this server, because the ValidPorts registry key does not permit this port, because you tried to to access the EMP when it was not published (neither the –e switch or port 593 were available), or because you tried to access UUID when EMP was not published (for example, you used the –a switch without port 593 being available.).
Exception 5 (0x00000005)
Access denied.
You receive this response when you have incorrect –P credentials, you have incorrect –I credentials, if the user account is disabled, or if the Mutual Authorization failed. For more details about this response, use the –E argument.

How to Verify That the Client Can Contact Backend Server and Backend Services Through UUID



By default, the EPM (port 593) is not published. Therefore, the following samples are of limited use. However if the EPM is published, the following commands can be used.

How to Test the EPM

Syntax:
RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 –F 3 –a connect –u 10 –v 3 –B msstd:server_certificate_subject

How to Test the Store UUID

Syntax:
RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 –F 3 –a connect –u 10 –v 3 –f a4f1db00-ca47-1067-b31f-00dd010662da,0 –B msstd:server_certificate_subject

Properties

Article ID: 831051 - Last Review: May 13, 2010 - Revision: 3.0
APPLIES TO
  • Microsoft Office Outlook 2007
  • Microsoft Office Outlook 2007 with Business Contact Manager
  • Microsoft Office Outlook 2003
  • Microsoft Office Outlook 2003 with Business Contact Manager
Keywords: 
kbtshoot kbhowto KB831051

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com