Time for another round on referrals. When last we left off, we were able to get the MAPI download to request and receive referrals from Exchange 2007, but the settings didn’t work if MAPI was running locally on the Exchange 2007 server. Let’s take a closer look at why it fails:

The whole point of the Exchange 2007 specific settings was that RPC_C_AUTHN_WINNT was removed as an authentication mechanism for the referral interface, so we had to configure the profile to use a different authentication mechanism, RPC_C_AUTHN_GSS_NEGOTIATE. When we try these settings while running locally, we fail because  RPC_C_AUTHN_GSS_NEGOTIATE isn’t a valid authentication mechanism for local RPC.

If only we didn’t have to use local RPC when running locally! If we were connecting via TCP/IP, these settings would work. Turns out, we can do that. It’s an old trick – so old I had forgotten about it. We can set the RPC_BINDING_ORDER and remove local RPC as an option. Then the connection will be made over TCP/IP and the settings can work. Note that if you’re running on a 64 bit operating system (and you would be, since Exchange 2007 in production is 64 bit only), the reg key is slightly different. Here’s what I tested:

  • Key: HKLM\SOFTWARE\Wow6432Node\Microsoft\Exchange\Exchange Provider
  • Value: Rpc_Binding_Order
  • Setting: ncacn_ip_tcp

With this reg key set, I was able to use my GCReconnect tool to create a profile and log on, obtaining and using a referral to the GC in the process.