Learn how to a build a cloud-first strategyRegister Now


Problem with RPC over HTTP through ISA2004

Posted on 2006-05-22
Medium Priority
Last Modified: 2010-05-19
Hi there,

Here is a brief overview of the setup. The ISA2004 (on w2k3 standard). The server is on the DMZ with a single NIC using a public address (no NAT).

The server publishing OWA, OMA and RPC over HTTPS is on the trusted side of the firewall.

I have setup a mail server rule using bridged SSL. This works perfectly for OWA and OMA. I have tried to test the RPC over HTTP with an Outlook client and it doesn't work. I found some notes on how to test this by using IE to browse to the following;

1) https://url/rpc/. This returns an error HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource. Which is meant to be normal and proves the Virtual directory is configured correctly.

2) https://url/rpc/rpcproxy.dll. This is meant to load a blank secured page. It does when attempted internally. But when tried from outside, via the ISA, you get Error Code 64: Host not available.

Is see the following in the firewall logs (sorry for the mess in formatting.. hopefully you will be able to read if pasted into notepad);
Log Time      Destination IP      Destination Port      Protocol      Action      Rule      Client IP      Client Username      Source Network      Destination Network      HTTP Method      URL      Original Client IP      Client Agent      Authenticated Client      Service      Server Name      Referring Server      Destination Host Name      Transport      MIME Type      Object Source      Source Proxy      Destination Proxy      Bidirectional      Client Host Name      Filter Information      Network Interface      Raw IP Header      Raw Payload      Source Port      Processing Time      Bytes Sent      Bytes Received      Result Code      HTTP Status Code      Cache Information      Error Information      Log Record Type
5/22/2006 10:41:30 AM      443      https      Failed Connection Attempt      OWA      anonymous      External            GET      http://email.stratford.tycofs.com:443/rpc/rpcproxy.dll      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)      No      Reverse Proxy      UKST1EX0001            email.stratford.tycofs.com      TCP            Internet      -      -            -            -      -      -      0      46      2302      661            64       0x8      0x180      Web Proxy Filter
5/22/2006 10:41:30 AM      443      https      Allowed Connection      OWA      anonymous      External            GET      http://email.stratford.tycofs.com:443/rpc/rpcproxy.dll      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)      No      Reverse Proxy      UKST1EX0001            email.stratford.tycofs.com      TCP      text/html      Internet      -      -            -            -      -      -      0      1      2048      481            401       0x44000008      0x580      Web Proxy Filter

Any ideas as to what may cause this?

Question by:Russellk
  • 4
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16736984

Have a look at this first then come back to me if you still have an issue

LVL 51

Expert Comment

by:Keith Alabaster
ID: 16737031
PS. I cannot resolve the address email.stratford.tycofs.com from the internet at all. I am also surprised you are calling the url with http rather than https.
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16737071
Sorry, thats not quite accurate but it does not resolve to the addresses in your log.

Author Comment

ID: 16750733
Looks like the issue was with Service Pack 2 (for ISA). Rolled back and it started to work perfectly.
LVL 51

Accepted Solution

Keith Alabaster earned 2000 total points
ID: 16754379

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question