RPC Error on ISA 2004
Hi all,
I have an ISA Proxy 2004 running on a Windows 2003 (standard edition)
When I am trying to add users to the firewall policy so they can authenticate to my AD, I get: EVENT_GPO_QUERY_FAILED in the event log. When I shut the ISA firewall down the queries go through no problem.
I tried all of the suggestions given by Microsoft to verify if I have conectivity with a domain controller and indeed even when the firewall is running I can connect to any domain controller in my AD. The problem is that when I connect to an AD and get the list of users or groups that I want to add to my firewall policy and then I click on "OK" or "Check names", it comes back with an error (only when the isa firewall is running): "Windows cannot process the object with the name "internet access group" because of the following error: The remote procedure call failed and did not execute."
And in the event log:"Windows cannot bind to mydomain.com domain. (Timeout). Group Policy processing aborted. " and "Windows cannot determine the user or computer name. (The remote procedure call failed and did not execute. ). Group Policy processing aborted."
The ISA server is running as an "edge firewall" and I have opened up the rules to completly trust and communicate with all subnets within my network. I have also allowed all protocols to be used for communications.
Any Ideas?
I have an ISA Proxy 2004 running on a Windows 2003 (standard edition)
When I am trying to add users to the firewall policy so they can authenticate to my AD, I get: EVENT_GPO_QUERY_FAILED in the event log. When I shut the ISA firewall down the queries go through no problem.
I tried all of the suggestions given by Microsoft to verify if I have conectivity with a domain controller and indeed even when the firewall is running I can connect to any domain controller in my AD. The problem is that when I connect to an AD and get the list of users or groups that I want to add to my firewall policy and then I click on "OK" or "Check names", it comes back with an error (only when the isa firewall is running): "Windows cannot process the object with the name "internet access group" because of the following error: The remote procedure call failed and did not execute."
And in the event log:"Windows cannot bind to mydomain.com domain. (Timeout). Group Policy processing aborted. " and "Windows cannot determine the user or computer name. (The remote procedure call failed and did not execute. ). Group Policy processing aborted."
The ISA server is running as an "edge firewall" and I have opened up the rules to completly trust and communicate with all subnets within my network. I have also allowed all protocols to be used for communications.
Any Ideas?
Keith Alabaster
In the monitoring tab, what traffic is being shown during this period? Are their any denied lines listed?
ASKER
I monitor both internal and extranal trafic and I don't see any denied lines.
I used to have similar problem with my ISA installation. I fixed it by specifying the internal DNS server on the internal interface (internal network) on my network card. I had 2 network cards on my ISA with the external interface having the default gateway and external DNS server. The internal interface didn't have any DNS specified but when I put in the internal DNS server address, it worked.
ASKER
Thanks, I got it to work
Please explain how you fixed the problem so a moderator can close the call and refund your points.
ASKER
I disable DNS on ISA and Publish DNS server allowing DNS protocol from anywhere to Internal network then create a policy that allow DNS protocol to all proctected network on local host.
OK, that will do it. Please post here agin accepting one of the above answers. Post in the community section explaining that you answered your own question and shortly a moderator will refund the points from this call to your account.
Thx
Keith
Thx
Keith
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
what's the solution????