RPC Error on ISA 2004

Hi all,

I have an ISA Proxy 2004 running on a Windows 2003 (standard edition)

When I am trying to add users to the firewall policy so they can authenticate to my AD, I get: EVENT_GPO_QUERY_FAILED in the event log. When I shut the ISA firewall down the queries go through no problem.

I tried all of the suggestions given by Microsoft to verify if I have conectivity with a domain controller and indeed even when the firewall is running I can connect to any domain controller in my AD. The problem is that when I connect to an AD and get the list of users or groups that I want to add to my firewall policy and then I click on "OK" or "Check names", it comes back with an error (only when the isa firewall is running):  "Windows cannot process the object with the name "internet access group" because of the following error: The remote procedure call failed and did not execute."

And in the event log:"Windows cannot bind to mydomain.com domain. (Timeout). Group Policy processing aborted. " and "Windows cannot determine the user or computer name. (The remote procedure call failed and did not execute. ). Group Policy processing aborted."

The ISA server is running as an "edge firewall" and I have opened up the rules to completly trust and communicate with all subnets within my network. I have also allowed all protocols to be used for communications.

Any Ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
In the monitoring tab, what traffic is being shown during this period? Are their any denied lines listed?
Gregory7711Author Commented:
I monitor both internal and extranal trafic and I don't see any denied lines.
I used to have similar problem with my ISA installation. I fixed it by specifying the internal DNS server on the internal interface (internal network) on my network card. I had 2 network cards on my ISA with the external interface having the default gateway and external DNS server. The internal interface didn't have any DNS specified but when I put in the internal DNS server address, it worked.
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Gregory7711Author Commented:
Thanks, I got it to work
Keith AlabasterEnterprise ArchitectCommented:
Please explain how you fixed the problem so a moderator can close the call and refund your points.
Gregory7711Author Commented:
I disable DNS on ISA and Publish DNS server allowing DNS protocol from anywhere to Internal network then create a policy that allow DNS protocol to all proctected network on local host.
Keith AlabasterEnterprise ArchitectCommented:
OK, that will do it. Please post here agin accepting one of the above answers. Post in the community section explaining that you answered your own question and shortly a moderator will refund the points from this call to your account.

PAQed with points (250) refunded

Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rajae Al NajjarNetwork And Systems AdministratorCommented:
what's the solution????

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.