The RPC Ping Utility is part of the Microsoft Windows Server 2003 Resource Kit Tools. To download the Resource Kit, visit the following Microsoft Web site:
Arguments That Are Used for the RPC Ping UtilityThe following table lists the command line arguments that you can use with the RPC Ping Utility:
|-t||ncacn_ip_tcp, ncacn_np, or ncacn_http||This argument sets the protocol that is used to try to bind to the RPC Proxy server. This argument uses the standard RPC protocol sequences.|
|-s||ExchangeMBXServer||This argument is the name of both the Microsoft Exchange Server 2003 server and the MBX server.|
|-o||RpcProxy=RpcProxyServer||This argument is the name of the RPC Proxy server.|
|-P||"username,domain,*" or "username,domain,password"||This argument specifies the user account that is used to authenticate with the RPC Proxy server.|
|-I||"username,domain,*" or "username,domain,password"||This argument specifies the user account that is used to authenticate with the Microsoft Exchange server.|
|-H||1 or 2||This argument is the authentication type that is used for the RPC Proxy server. Use the value 1 for basic authentication, and use the value 2 for NTLM authentication.|
|-u||9, 10, 14, or 16||RPC will use one of the security methods that are listed in this cell to authenticate the user account. The security package is identified as a number. The Negotiate security package is 9, the NTLM security package is 10, the SChannel security package is 14, and the Kerberos security package is 16. If you use this argument, you must specify an authentication level other than none. There is no default for this argument. If the argument is not specified, RPC will not use security for the connectivity test.|
|-a||connect, call, pkt, integrity, or privacy||This is the authentication level that is used to connect to the RPC Proxy server. If this argument is specified, the security package id|
(-u) must also be specified. There is no default for this argument. If this argument is not specified, RPC will not use security for the connectivity test.
|-F||2 or 3||These arguments are the flags that pass for RPC/HTTP front end authentication. The No SSL flag is 2, and the Use SSL flag is 3. You must have Microsoft Windows XP Service Pack 1 or Microsoft Windows Server 2003 or later to use this argument. |
Additionally, you must specify security package -u and authentication level (-a) to use this argument. If you use basic authentication and no Secure Sockets Layer (SSL), you will be prompted to confirm this choice.
|-v||1, 2, or 3||This argument turns on verbose logging. The value 1 is for minimal logging, the value 2 is for normal logging, and the value 3 is for complete logging.|
|-E||This argument takes no values. This argument restricts the connectivity test to the RPC Proxy server only.|
|-R||HTTP Proxy Server or none||This argument specifies the HTTP Proxy server that is going to be used. Use the value none to bypass the HTTP Proxy server and to try a direct connection to the RPC Proxy server.|
|-B||msstd:server_certificate_subject||This argument is the server certificate subject. You must use SSL for this argument to work (-F 3), and you must specify both the security package (-u) and the authentication level (-a) to use this argument.|
|-f||interface UUID[,MajorVer]||This argument is the interface to test for connectivity. This argument is mutually exclusive with the endpoint argument. The interface is specified as a universally unique identifier (UUID). If the major version number of the UUID (MajorVer) is not specified, version 1 of the interface will be sought. When the interface is specified, RPC Ping Utility will query the EndPoint Mapper (EMP) on the destination computer to retrieve the endpoint for the specified interface. The EMP is queried with the options that are specified in the command line.|
|-e||endpoint||This argument is the endpoint value to test for connectivity. If none is specified, the EMP on the destination computer will be tested. This argument is mutually exclusive with the interface (-f) argument.|
|-q||n/a||This argument is the Quiet mode. The RPC Ping Utility does not issue any prompts, except for passwords, and assumes "Yes" for all queries.|
Default Ports, Services, and RPC Service UUIDsThe following table lists the standard services and their associated port IDs, UUIDs, and major version:
|Service||Default Port||UUID||Major Version|
|End Point Mapper||593||n/a||n/a|
How to Simulate Common Outlook 2007 or Outlook 2003 RPC/HTTP RequestsThe following table lists the various arguments that are used by the RPC Ping Utility. You can use these arguments to simulate the type and the kind of RPC requests that are used by Outlook 2007 or by Outlook 2003 using the Exchange over the Internet feature:
|Arguments||When to Use|
|-B||Mutual authentication. You must specify the server certificate subject that is being used.|
|-H 1 –F 3||Basic authentication with SSL. This is the most common connection method.|
|-H 1 –F 2||Basic authentication with no SSL. You will be prompted to confirm the no SSL choice (unless the –q argument is specified). You must configure the RPC Proxy server to permit anonymous logons.|
|-H 2 –F 3 or 2||NTLM authentication with or without SSL. Note NLTM cannot be used through reverse proxies if they end the Transmission Control Protocol (TCP) session.|
|-I & -P||Always specify this argument. If you use the asterisk (*) wildcard character for the password, the RPC Ping Utility will prompt you for a password.|
|-e Port||The following are the most common ports to test for this argument: |
|-E||This argument only tests the RPC Proxy server. Use this argument to determine where connection problem are.|
|-R||By default, do not use this argument. This argument picks up the clients HTTP Proxy settings. This argument can be used to override the HTTP Proxy settings, such as a Microsoft Internet Explorer Proxy setting.|
|–R none||This argument forces no proxy to be used. The RPC Ping Utility will ignore Internet Explorer proxy settings and try a direct connection to the server that is specified in the –o switch.|
|-f (or no –e)||This argument is used to test individual UUIDs on computers that are behind a RPC Proxy server. |
Note This argument will not work unless EMP is published. You cannot use this argument in a default configuration because –f requires the RCP Ping Utility to query the EPM. Additionally, if –e is not specified, this argument will also fail. Without –e, the RPC Ping Utility will only try to access the EPM (port 593). Again, the EMP may not be published.
Testing the RPC Proxy ServerWhen you troubleshoot for connectivity problems in Outlook 2007 and in Outlook 2003 using the Exchange over the Internet feature, first determine if the RPC Proxy server is responding correctly. The following sample shows how to determine if the RPC Proxy server is responding correctly.
Sending ping to server
Response from server received: 200
Pinging successfully completed in Response_Time ms
Verbose ResponsesThis table lists some of the more common verbose responses and why you may receive them from RPC Ping Utility tests:
|Verbose Response||Possible Cause|
|Response from server received: 200|
Pinging successfully completed in 4106 ms
|You receive this response if there is a successful RPC Ping Utility test.|
|Response from server received: 401 |
Client is not authorized to ping RPC proxy
|You receive this response if the RPC Ping Utility test failed. The PRC Ping Utility test may have failed if HTTP access is denied, if there are incorrect credentials on the –P switch, or if the user exits.|
|Error 12029 returned in the WinHttpSendRequest.||You receive this response if the RPC Ping Utility test failed. The PRC Ping Utility test may have failed because it could not contact ProxyServer Port 80 (-F 2), because 443 (-F 3) was blocked, or because the World Wide Web Publishing Service (W3Svc) Server has stopped responding.|
|Response from server received: 501||The PRC Ping Utility test may have failed because the RcpProxy.dll could not be contacted, because the wrong virtual root folder (Vroot) was being accessed, if a RPC Proxy server has not been installed, or if Vroot is not accessible.|
|Error 12175 returned in the WinHttpSendRequest.||The PRC Ping Utility test may have failed because the certificate is not trusted or because it does not trust the certificate and root authority. The server certificate subject from the RPC Proxy server does not match the one that is specified by -B.|
The PRC Ping Utility test may have failed. The PRC Ping Utility test may have failed because a Mutual Authentication failed because the subject on the certificate did not match the expected subject. By default, the certificate subject should match the published fully qualified domain name (FQDN) of the RPC Proxy server.
How to Verify That the Client Can Contact Backend PortsBy default, the RPC Proxy server does not publish the EPM port location. Therefore, you cannot ping the EPM from outside your intranet or use the UUID of the service.
However, you can specify the backend port that you want to test. By default, the store is on port 6001 and DsProxy is on port 6004. If these locations have been changed, the ports can be verified by using the RpcDump utility. The RpcDump utility is available from the Microsoft Windows Server 2003 Resource Kit package. Additionally, Microsoft does not recommend publishing the global catalog Directory Service or the Exchange referral service.
The following RPC Ping Utility examples are typed in at the command prompt. To access the command prompt, click
Start, point to All Programs, point to
Accessories, and then click Command Prompt.
How to Use Basic Authentication and SSL to Connect to the Store’s PortSyntax:
How to Use Basic Authentication, SSL, and Mutual Authentication to Connect to the Store’s PortSyntax:
How to use NTLM Authentication and Non-SSL to Connect to DsProxy ServiceSyntax :
|Verbose Response||Possible Cause|
|Completed 1 calls in 60 ms|
16 T/S or 60.000 ms/T
|The RPC Ping Utility test succeeded.|
| Exception 1722 (0x000006BA) |
RPC Server is unavailable
|The RPC service cannot be contacted. You may receive this response because there are problems with the RPC Proxy server (if this is the case, you can use the –E argument to verify that the RPC Proxy server is available), because the service stopped on Exchange 2003 backend server (for example store), because the Exchange 2003 backend server is down, because the ValidPorts registry key does not permit access to this server, because the ValidPorts registry key does not permit this port, because you tried to to access the EMP when it was not published (neither the –e switch or port 593 were available), or because you tried to access UUID when EMP was not published (for example, you used the –a switch without port 593 being available.).|
|Exception 5 (0x00000005) |
|You receive this response when you have incorrect –P credentials, you have incorrect –I credentials, if the user account is disabled, or if the Mutual Authorization failed. For more details about this response, use the –E argument.|
How to Verify That the Client Can Contact Backend Server and Backend Services Through UUID
By default, the EPM (port 593) is not published. Therefore, the following samples are of limited use. However if the EPM is published, the following commands can be used.