Solved

RPC issue ISA 2006 The RPC server is unavailable

Posted on 2007-11-27
8
4,813 Views
Last Modified: 2011-08-18
Hi Guys
Hope someone can help with this.

I have a new ISA 2006 Installation on W2k3.

The ISA server all looks to be working without issue. (Blocking and enabling require traffic.) The only problem I have is when I try to add users using the windows Users and groups option.

I am able to browse AD for the OU and can Find the Security group that I require. (Same issue for a user.) Yet once I click OK in the select user and groups windows the whole system locks up for 5 min then returns "The RPC server is unavailable."

I have found that if I disable Microsoft Firewall and they select the group that this works without an Issue. I can then enable Microsoft Firewall and every thing works as expect for about 15min. After that the system is unable to refresh the security group and access is stopped.

I did find and Artical that said to disable "EnableRSS" and I have done this on the ISA system. See below for artical.
"http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695"

Also I create a rule to allow all traffic from ISA to AD server yet still failed to resolve the issue.

Any suggestion would be appriciated.


Thanks
0
Comment
Question by:BrendanKing
8 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 20372598
Can you give a little more info because I have a hard time imagining your network / AD layout.
So where is the ISA positioned to the machine where you disable the firewall.
And is that 2K3 the DC?

J.
0
 
LVL 1

Author Comment

by:BrendanKing
ID: 20392361
Hi

The ISA has two nic cards.
one configured for the internet
two configured for the LAN.
I disable to Microsoft Firewall (Not Windows firewall) on the ISA system.

Only one DNS is configured and is pointing to the AD, DNS server.

All system are 2wk3 SP2, Domain functional level windows 2000 native, Forest Level windows 2000.


Let me know if you want any more information.

C
0
 
LVL 1

Author Comment

by:BrendanKing
ID: 20408872
Hi Guys

I managed to track down the solution. There is a require Registry change if W2k3 SP3 is installed for some Nic cards.

Registry changes
HK\LM\System\Currentcontrolset\services\tcpip\parameters.
 
Change Dwords (Or add)
EnableRSS=0
Enable TCPA=0
DisableTaskoffload=1

0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20409654
OK, nice find.
Some remarks: you have now disabled three of the new features of SP2 on 2K3 which were meant to improve network performance  but which sometimes did the reverse and slowed the network connection to a crawl. And XP SP2 can have the same problem, which means you can have it at the client side also.
The first one is Receive Side Scaling which is only relevant for NAT routing functions and so also to ISA.
By setting EnableRSS to 0 you turned of RSS.
The second one is part of the Scalable Network Pack and meant to increase general network performance. This is done by setting DisableTaskOffload=0.
The third one is TCPA which enables DMA on the PCI-bus to receive packets directly.

The fault itself is usually within the network driver or system dirvers.
So if you want to enable this again then update the drivers of you NIC's first and then give it a try after reversing the settings.
If you have the time and the machine is fre you can find out exactly which one of the 3 is causing this. RSS is only relevant to ISA itself. TCPA and TaskOffload are relevant to general network functionality.


J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20675065
I agree. Refund and keep the answer for future generations ;-)
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 20703239
PAQed with points refunded (500)

Computer101
EE Admin
0
 
LVL 1

Expert Comment

by:pdmills12
ID: 26108454
Thank you for keeping this up for "future generations", I had the same problem and it fixed it.

Thanks again!
PM
0

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now