An HTTP 401.3 Error occurs when you configure the RPC over HTTP/S feature on an Exchange Server 2003 server that is running Windows Server 2003 Service Pack 1

When you test the initial setup of the RPC Proxy component in Microsoft Windows Server 2003 Service Pack 1 (SP1), the result is not expected as outlined in KB article number 833401. Instead, you receive an HTTP 401.3 Error message.

RPC over HTTP/S is a feature in Microsoft Exchange Server 2003 that enables Outlook 2003 clients to connect to Exchange Server 2003 over the Internet or over a WAN. You can do this without establishing a VPN session to the corporate LAN and without opening many ports on your corporate firewall.

Note There are only two ports that you should open on your firewall. If you are using the HTTP protocol, you should open the TCP 80 port. If you are using the HTTP protocol with a Secured Socket Layer (SSL) connection, you should open the TCP 443 port.

When you install and configure the RPC over HTTP/S feature, you should install the RPC Proxy component on the Exchange server or on a different dedicated server. After you install the RPC Proxy component, you have to perform some changes on the RPC virtual directory in IIS. Then, you have to configure the default Web site to use a digital certificate.

After you have followed these steps, you connect to the RPC virtual directory by using Internet Explorer to check whether the connection is available or not. However, when you try to log on to the RPC virtual directory on IIS as one of the domain users, you receive the following error message:


When you input a correct user name and password in the <domain name>\<user name> logon pop-up window, the logon is denied by the operating system. After three failed login attempts, you receive the following HTTP error:

This issue occurs because Windows Server 2003 Service Pack 1 (SP1) changes how the RPC Proxy is integrated with IIS. One of the visual changes is that you cannot logon when you try to connect to the RPC virtual directory.

To help diagnose and resolve this issue, you can use the Exchange Remote Connectivity Analyzer tool. To do this, visit the following Microsoft Web site:
Note The Exchange Remote Connectivity Analyzer is a Web-based troubleshooting and diagnostic tool that will help identify the point of failure for Internet-based Exchange Server client connectivity scenarios. The tool simulates all the activities a client must be able to perform to connect, and then isolate the exact point of failure. Frequently, it will point out known configuration issues and provide suggested steps for resolution. The connectivity testing across the Internet (from outside your organization) is performed by a Web site hosted in a Microsoft datacenter

MORE INFORMATION

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.