Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

RPC issue ISA 2006 The RPC server is unavailable

Posted on 2007-11-27
8
Medium Priority
?
4,887 Views
Last Modified: 2011-08-18
Hi Guys
Hope someone can help with this.

I have a new ISA 2006 Installation on W2k3.

The ISA server all looks to be working without issue. (Blocking and enabling require traffic.) The only problem I have is when I try to add users using the windows Users and groups option.

I am able to browse AD for the OU and can Find the Security group that I require. (Same issue for a user.) Yet once I click OK in the select user and groups windows the whole system locks up for 5 min then returns "The RPC server is unavailable."

I have found that if I disable Microsoft Firewall and they select the group that this works without an Issue. I can then enable Microsoft Firewall and every thing works as expect for about 15min. After that the system is unable to refresh the security group and access is stopped.

I did find and Artical that said to disable "EnableRSS" and I have done this on the ISA system. See below for artical.
"http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695"

Also I create a rule to allow all traffic from ISA to AD server yet still failed to resolve the issue.

Any suggestion would be appriciated.


Thanks
0
Comment
Question by:BrendanKing
7 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 20372598
Can you give a little more info because I have a hard time imagining your network / AD layout.
So where is the ISA positioned to the machine where you disable the firewall.
And is that 2K3 the DC?

J.
0
 
LVL 1

Author Comment

by:BrendanKing
ID: 20392361
Hi

The ISA has two nic cards.
one configured for the internet
two configured for the LAN.
I disable to Microsoft Firewall (Not Windows firewall) on the ISA system.

Only one DNS is configured and is pointing to the AD, DNS server.

All system are 2wk3 SP2, Domain functional level windows 2000 native, Forest Level windows 2000.


Let me know if you want any more information.

C
0
 
LVL 1

Author Comment

by:BrendanKing
ID: 20408872
Hi Guys

I managed to track down the solution. There is a require Registry change if W2k3 SP3 is installed for some Nic cards.

Registry changes
HK\LM\System\Currentcontrolset\services\tcpip\parameters.
 
Change Dwords (Or add)
EnableRSS=0
Enable TCPA=0
DisableTaskoffload=1

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 18

Expert Comment

by:PowerIT
ID: 20409654
OK, nice find.
Some remarks: you have now disabled three of the new features of SP2 on 2K3 which were meant to improve network performance  but which sometimes did the reverse and slowed the network connection to a crawl. And XP SP2 can have the same problem, which means you can have it at the client side also.
The first one is Receive Side Scaling which is only relevant for NAT routing functions and so also to ISA.
By setting EnableRSS to 0 you turned of RSS.
The second one is part of the Scalable Network Pack and meant to increase general network performance. This is done by setting DisableTaskOffload=0.
The third one is TCPA which enables DMA on the PCI-bus to receive packets directly.

The fault itself is usually within the network driver or system dirvers.
So if you want to enable this again then update the drivers of you NIC's first and then give it a try after reversing the settings.
If you have the time and the machine is fre you can find out exactly which one of the 3 is causing this. RSS is only relevant to ISA itself. TCPA and TaskOffload are relevant to general network functionality.


J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20675065
I agree. Refund and keep the answer for future generations ;-)
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 20703239
PAQed with points refunded (500)

Computer101
EE Admin
0
 
LVL 1

Expert Comment

by:pdmills12
ID: 26108454
Thank you for keeping this up for "future generations", I had the same problem and it fixed it.

Thanks again!
PM
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Spectre and Meltdown, how it affects me and my clients?
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question