• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4920
  • Last Modified:

RPC issue ISA 2006 The RPC server is unavailable

Hi Guys
Hope someone can help with this.

I have a new ISA 2006 Installation on W2k3.

The ISA server all looks to be working without issue. (Blocking and enabling require traffic.) The only problem I have is when I try to add users using the windows Users and groups option.

I am able to browse AD for the OU and can Find the Security group that I require. (Same issue for a user.) Yet once I click OK in the select user and groups windows the whole system locks up for 5 min then returns "The RPC server is unavailable."

I have found that if I disable Microsoft Firewall and they select the group that this works without an Issue. I can then enable Microsoft Firewall and every thing works as expect for about 15min. After that the system is unable to refresh the security group and access is stopped.

I did find and Artical that said to disable "EnableRSS" and I have done this on the ISA system. See below for artical.
"http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695"

Also I create a rule to allow all traffic from ISA to AD server yet still failed to resolve the issue.

Any suggestion would be appriciated.


Thanks
0
BrendanKing
Asked:
BrendanKing
1 Solution
 
PowerITCommented:
Can you give a little more info because I have a hard time imagining your network / AD layout.
So where is the ISA positioned to the machine where you disable the firewall.
And is that 2K3 the DC?

J.
0
 
BrendanKingAuthor Commented:
Hi

The ISA has two nic cards.
one configured for the internet
two configured for the LAN.
I disable to Microsoft Firewall (Not Windows firewall) on the ISA system.

Only one DNS is configured and is pointing to the AD, DNS server.

All system are 2wk3 SP2, Domain functional level windows 2000 native, Forest Level windows 2000.


Let me know if you want any more information.

C
0
 
BrendanKingAuthor Commented:
Hi Guys

I managed to track down the solution. There is a require Registry change if W2k3 SP3 is installed for some Nic cards.

Registry changes
HK\LM\System\Currentcontrolset\services\tcpip\parameters.
 
Change Dwords (Or add)
EnableRSS=0
Enable TCPA=0
DisableTaskoffload=1

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
PowerITCommented:
OK, nice find.
Some remarks: you have now disabled three of the new features of SP2 on 2K3 which were meant to improve network performance  but which sometimes did the reverse and slowed the network connection to a crawl. And XP SP2 can have the same problem, which means you can have it at the client side also.
The first one is Receive Side Scaling which is only relevant for NAT routing functions and so also to ISA.
By setting EnableRSS to 0 you turned of RSS.
The second one is part of the Scalable Network Pack and meant to increase general network performance. This is done by setting DisableTaskOffload=0.
The third one is TCPA which enables DMA on the PCI-bus to receive packets directly.

The fault itself is usually within the network driver or system dirvers.
So if you want to enable this again then update the drivers of you NIC's first and then give it a try after reversing the settings.
If you have the time and the machine is fre you can find out exactly which one of the 3 is causing this. RSS is only relevant to ISA itself. TCPA and TaskOffload are relevant to general network functionality.


J.
0
 
PowerITCommented:
I agree. Refund and keep the answer for future generations ;-)
0
 
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0
 
pdmills12Supervisor of Networks and TelecommCommented:
Thank you for keeping this up for "future generations", I had the same problem and it fixed it.

Thanks again!
PM
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now