It is not long ago that I stepped into another “everyday IT problem”…All accounts in and out work perfect with RPC over ISA configuration except 2 of them.
Those two accounts had been initialized after a copy in the AD console from other users in the same departments, having exactly the same user permissions and Exchange advanced capabilities. However those 2 accounts had something in common between them, and different from the rest at the same time.
Hide from Exchange address lists checked in Exchange Advanced tab as in the snapshot below.
This seems logical of course, if you consider the fact that the RPC infrastructure uses the Exchange address lists for passing credentials from the Active Directory to your Global Catalog/RPC proxy. Thus if you hide a user from this list…no matter much you try, how correct your certificates are, along with your Outlook clients correct configuration, you will never initiate a NEW connection to your Exchange RPC over HTTPS.
I say NEW, since if the connection is established once (with the user visible to Exchange Address lists), then you may hide the user again. However don’t take this for granted, since I survived over two controversial examples. The one worked…the other did not.
Hope this saves you some timeJ.