Russellk
asked on
Problem with RPC over HTTP through ISA2004
Hi there,
Here is a brief overview of the setup. The ISA2004 (on w2k3 standard). The server is on the DMZ with a single NIC using a public address (no NAT).
The server publishing OWA, OMA and RPC over HTTPS is on the trusted side of the firewall.
I have setup a mail server rule using bridged SSL. This works perfectly for OWA and OMA. I have tried to test the RPC over HTTP with an Outlook client and it doesn't work. I found some notes on how to test this by using IE to browse to the following;
1) https://url/rpc/. This returns an error HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource. Which is meant to be normal and proves the Virtual directory is configured correctly.
2) https://url/rpc/rpcproxy.dll. This is meant to load a blank secured page. It does when attempted internally. But when tried from outside, via the ISA, you get Error Code 64: Host not available.
Is see the following in the firewall logs (sorry for the mess in formatting.. hopefully you will be able to read if pasted into notepad);
Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type
5/22/2006 10:41:30 AM 10.66.233.51 443 https Failed Connection Attempt OWA 193.131.240.250 anonymous External GET http://email.stratford.tycofs.com:443/rpc/rpcproxy.dll 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) No Reverse Proxy UKST1EX0001 email.stratford.tycofs.com TCP Internet - - - - - - 0 46 2302 661 64 0x8 0x180 Web Proxy Filter
5/22/2006 10:41:30 AM 10.66.233.51 443 https Allowed Connection OWA 193.131.240.250 anonymous External GET http://email.stratford.tycofs.com:443/rpc/rpcproxy.dll 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) No Reverse Proxy UKST1EX0001 email.stratford.tycofs.com TCP text/html Internet - - - - - - 0 1 2048 481 401 0x44000008 0x580 Web Proxy Filter
Any ideas as to what may cause this?
Thanks
Here is a brief overview of the setup. The ISA2004 (on w2k3 standard). The server is on the DMZ with a single NIC using a public address (no NAT).
The server publishing OWA, OMA and RPC over HTTPS is on the trusted side of the firewall.
I have setup a mail server rule using bridged SSL. This works perfectly for OWA and OMA. I have tried to test the RPC over HTTP with an Outlook client and it doesn't work. I found some notes on how to test this by using IE to browse to the following;
1) https://url/rpc/. This returns an error HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource. Which is meant to be normal and proves the Virtual directory is configured correctly.
2) https://url/rpc/rpcproxy.dll. This is meant to load a blank secured page. It does when attempted internally. But when tried from outside, via the ISA, you get Error Code 64: Host not available.
Is see the following in the firewall logs (sorry for the mess in formatting.. hopefully you will be able to read if pasted into notepad);
Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type
5/22/2006 10:41:30 AM 10.66.233.51 443 https Failed Connection Attempt OWA 193.131.240.250 anonymous External GET http://email.stratford.tycofs.com:443/rpc/rpcproxy.dll 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) No Reverse Proxy UKST1EX0001 email.stratford.tycofs.com
5/22/2006 10:41:30 AM 10.66.233.51 443 https Allowed Connection OWA 193.131.240.250 anonymous External GET http://email.stratford.tycofs.com:443/rpc/rpcproxy.dll 0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) No Reverse Proxy UKST1EX0001 email.stratford.tycofs.com
Any ideas as to what may cause this?
Thanks
PS. I cannot resolve the address email.stratford.tycofs.com from the internet at all. I am also surprised you are calling the url with http rather than https.
Sorry, thats not quite accurate but it does not resolve to the addresses in your log.
ASKER
Looks like the issue was with Service Pack 2 (for ISA). Rolled back and it started to work perfectly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have a look at this first then come back to me if you still have an issue
Regards
keith
ISA MCT