Solved

ISA 2004 RPC issues

Posted on 2007-11-16
9
2,729 Views
Last Modified: 2010-05-18
My question would be:
How do I resolve the RPC/connectivity issues within my ISA 2004 server?
Details/Description:

After Installing ISA 2004, regardless of applying Service Packs, I receive Netlogon Errors (EVENT ID 1053): Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
If I try to add a domain user, to the Administrators group of the server, I receive a message:
RPC server unavailable.
The server logs the following error:
This computer was not able to set up a secure session with a domain controller in domain MYDOMAIN due to the following:
The RPC server is unavailable.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator
It's acting like ISA is blocking RPC traffic.
There is a trendomous pause when logging on to the machine with a Domain account.  ISA does function, though.  If I set up VPN, create a local user, then I can log in.  If I try to VPN using a domain account, I can not log in.
When I run netdiag, without ISA 2004, all looks ok (everything passes)
When I run netdiag, with ISA, I get error, referencing DSbind

Server/Device Info:
ISA 2004 (SP3)- ALthough Issue seems to occur on each SP
Windows Server 2003 R2

I appreciate any help and suggestions!
0
Comment
Question by:smcmcnutt
  • 4
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20300051
ISA WILL be blocking rpc traffic unless you have told it not to.

Have you got a rule from internal & local host TO internal & local host - all protocols?
Have you turned off RPC Strict Compliance?
0
 

Author Comment

by:smcmcnutt
ID: 20300122
Keith-
Yes, on rule
Yes, RPC Strict Compliance is turned off
Thank you!
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 20300168
Open the ISA gui, select monitoring - logging - click start query.
What do you see appear in the real time log?

Are you sure it is rpc that is failing rather than Kerberos calls etc?
What ISA SP are you running?
have you run the up the ISA BPA?
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en
needs .net 1.1

You are on 2003 R2? Are you running SP2 also?
This might be worth a look (ISA runs NAT as you can imagine)
http://support.microsoft.com/kb/927695
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:smcmcnutt
ID: 20300248
Keith-
Found these 2 failed events in logging (in order)
Failed Connection Attempt SVRDC026 11/16/2007 10:22:24 AM
Log type: Firewall service
Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
Rule: Allow RPC from ISA Server to trusted servers
Source: Local Host ( 192.168.28.10:1589)
Destination: Internal ( 192.168.28.3:135)
Protocol: RPC (all interfaces)
User:  

Denied Connection SVRDC026 11/16/2007 10:22:17 AM
Log type: Firewall service
Status: A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number.
Rule:  
Source: Internal ( 192.168.28.3:135)
Destination: Local Host ( 192.168.28.10:1589)
Protocol: Unidentified IP Traffic (TCP:1589)
User:  
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 192.168.28.3
Client agent:  


**.10 being ISA .3 being local DC
Not sure about Kerberos vs RPC.  I do not see Kerberos ERRORS, Just the RPC.
Yes 2003 R2, Yes SP 2.
Reading article, now.

I did run BPA.  DID squawk about RSS also (in regards to your comment)
Much Appreciated!
0
 

Author Comment

by:smcmcnutt
ID: 20300331
KEITH!
I think it was the RSS!!!
I just need to verify a few things before the reward.
I am no longer seeing the netlogon errors!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20300971
Excellent.
0
 

Author Closing Comment

by:smcmcnutt
ID: 31409580
Keith-
The MS article regarding RSS was the key.
I appreciate your help on this instance, as well as your other posts, which have help tremendously in the past!!
Cheers!
0
 
LVL 17

Expert Comment

by:Jared Luker
ID: 20787058
I had this exact same issue with Server 2003 R2 sp2.

The RSS reg tweak fixed it!  Thanks to Keith
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20790784
Welcome :)
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now