Problem with RPC over HTTP through ISA2004

Posted on 2006-05-22
Last Modified: 2010-05-19
Hi there,

Here is a brief overview of the setup. The ISA2004 (on w2k3 standard). The server is on the DMZ with a single NIC using a public address (no NAT).

The server publishing OWA, OMA and RPC over HTTPS is on the trusted side of the firewall.

I have setup a mail server rule using bridged SSL. This works perfectly for OWA and OMA. I have tried to test the RPC over HTTP with an Outlook client and it doesn't work. I found some notes on how to test this by using IE to browse to the following;

1) https://url/rpc/. This returns an error HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource. Which is meant to be normal and proves the Virtual directory is configured correctly.

2) https://url/rpc/rpcproxy.dll. This is meant to load a blank secured page. It does when attempted internally. But when tried from outside, via the ISA, you get Error Code 64: Host not available.

Is see the following in the firewall logs (sorry for the mess in formatting.. hopefully you will be able to read if pasted into notepad);
Log Time      Destination IP      Destination Port      Protocol      Action      Rule      Client IP      Client Username      Source Network      Destination Network      HTTP Method      URL      Original Client IP      Client Agent      Authenticated Client      Service      Server Name      Referring Server      Destination Host Name      Transport      MIME Type      Object Source      Source Proxy      Destination Proxy      Bidirectional      Client Host Name      Filter Information      Network Interface      Raw IP Header      Raw Payload      Source Port      Processing Time      Bytes Sent      Bytes Received      Result Code      HTTP Status Code      Cache Information      Error Information      Log Record Type
5/22/2006 10:41:30 AM      443      https      Failed Connection Attempt      OWA      anonymous      External            GET      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)      No      Reverse Proxy      UKST1EX0001        TCP            Internet      -      -            -            -      -      -      0      46      2302      661            64       0x8      0x180      Web Proxy Filter
5/22/2006 10:41:30 AM      443      https      Allowed Connection      OWA      anonymous      External            GET      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)      No      Reverse Proxy      UKST1EX0001        TCP      text/html      Internet      -      -            -            -      -      -      0      1      2048      481            401       0x44000008      0x580      Web Proxy Filter

Any ideas as to what may cause this?

Question by:Russellk
    LVL 51

    Expert Comment

    by:Keith Alabaster

    Have a look at this first then come back to me if you still have an issue

    LVL 51

    Expert Comment

    by:Keith Alabaster
    PS. I cannot resolve the address from the internet at all. I am also surprised you are calling the url with http rather than https.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Sorry, thats not quite accurate but it does not resolve to the addresses in your log.

    Author Comment

    Looks like the issue was with Service Pack 2 (for ISA). Rolled back and it started to work perfectly.
    LVL 51

    Accepted Solution


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now