Solved

ISA 2004 RPC issues

Posted on 2007-11-16
9
2,715 Views
Last Modified: 2010-05-18
My question would be:
How do I resolve the RPC/connectivity issues within my ISA 2004 server?
Details/Description:

After Installing ISA 2004, regardless of applying Service Packs, I receive Netlogon Errors (EVENT ID 1053): Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
If I try to add a domain user, to the Administrators group of the server, I receive a message:
RPC server unavailable.
The server logs the following error:
This computer was not able to set up a secure session with a domain controller in domain MYDOMAIN due to the following:
The RPC server is unavailable.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator
It's acting like ISA is blocking RPC traffic.
There is a trendomous pause when logging on to the machine with a Domain account.  ISA does function, though.  If I set up VPN, create a local user, then I can log in.  If I try to VPN using a domain account, I can not log in.
When I run netdiag, without ISA 2004, all looks ok (everything passes)
When I run netdiag, with ISA, I get error, referencing DSbind

Server/Device Info:
ISA 2004 (SP3)- ALthough Issue seems to occur on each SP
Windows Server 2003 R2

I appreciate any help and suggestions!
0
Comment
Question by:smcmcnutt
  • 4
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
ISA WILL be blocking rpc traffic unless you have told it not to.

Have you got a rule from internal & local host TO internal & local host - all protocols?
Have you turned off RPC Strict Compliance?
0
 

Author Comment

by:smcmcnutt
Comment Utility
Keith-
Yes, on rule
Yes, RPC Strict Compliance is turned off
Thank you!
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
Comment Utility
Open the ISA gui, select monitoring - logging - click start query.
What do you see appear in the real time log?

Are you sure it is rpc that is failing rather than Kerberos calls etc?
What ISA SP are you running?
have you run the up the ISA BPA?
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en
needs .net 1.1

You are on 2003 R2? Are you running SP2 also?
This might be worth a look (ISA runs NAT as you can imagine)
http://support.microsoft.com/kb/927695
0
 

Author Comment

by:smcmcnutt
Comment Utility
Keith-
Found these 2 failed events in logging (in order)
Failed Connection Attempt SVRDC026 11/16/2007 10:22:24 AM
Log type: Firewall service
Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
Rule: Allow RPC from ISA Server to trusted servers
Source: Local Host ( 192.168.28.10:1589)
Destination: Internal ( 192.168.28.3:135)
Protocol: RPC (all interfaces)
User:  

Denied Connection SVRDC026 11/16/2007 10:22:17 AM
Log type: Firewall service
Status: A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number.
Rule:  
Source: Internal ( 192.168.28.3:135)
Destination: Local Host ( 192.168.28.10:1589)
Protocol: Unidentified IP Traffic (TCP:1589)
User:  
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 192.168.28.3
Client agent:  


**.10 being ISA .3 being local DC
Not sure about Kerberos vs RPC.  I do not see Kerberos ERRORS, Just the RPC.
Yes 2003 R2, Yes SP 2.
Reading article, now.

I did run BPA.  DID squawk about RSS also (in regards to your comment)
Much Appreciated!
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:smcmcnutt
Comment Utility
KEITH!
I think it was the RSS!!!
I just need to verify a few things before the reward.
I am no longer seeing the netlogon errors!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Excellent.
0
 

Author Closing Comment

by:smcmcnutt
Comment Utility
Keith-
The MS article regarding RSS was the key.
I appreciate your help on this instance, as well as your other posts, which have help tremendously in the past!!
Cheers!
0
 
LVL 17

Expert Comment

by:Jared Luker
Comment Utility
I had this exact same issue with Server 2003 R2 sp2.

The RSS reg tweak fixed it!  Thanks to Keith
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Welcome :)
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now