Solved

"RPC Server is unavailable" when atempting to remote into  ISA 2004 server

Posted on 2008-10-07
12
1,276 Views
Last Modified: 2012-05-05
Dear Experts,

We deployed a new ISA 2004 Standard Server with SP3 into our organization and it was functioning fine for about a month now. Today remote users reported that they are unable to VPN into the network (PPTP), I pointed some of the remote users to the old ISA server temporarily.
After rebooting the server everything seemed fine for about an hour, later I tried to remote into the server (mstsc) and I receive the following message:
"The system cannot log you onn due to the following error:
The RPC Server is unavailable.
Please try again or consult your system administrator"

I rebooted the server and tried again.. still no luck. I noticed that Routing and Remote Access were disabled on the ISA. I did run repair on the network connections, then started the Routing and Remote Access.
I had also started both services (which were disabled):
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator

Our internal network is 10.0.0.0- 10.0.0.255
I noticed that ISA is throwing a lot of error messages stating that:
"ISA Server detected routes through the network adapter outside LAN that do not correlate with the network to which this network adapter belong. Then later in the message it lists 10.0.1.0-10.255.255.254"
I had a similar issue on the old ISA server and when we corrected the LAN to 10.0.0.0 - 10.0.0.255 we started getting other error messages.
After the ISA server with the issue was restarted I noticed that users are now able to VPN in to our network, but we are still unable to remote into it.

ISA BPA Tool lists the following:
Policy rule blocks FTP Uploads
Policy rule blocks FTP Uploads
Receive Side SCaling (RSS) is enabled by the OS
TCP Accelerator (TCPA) is enabled by the OS
Configuration error - same as the error I listed above in the question
The lower and Upper limits of the source port range for an access rule are equal (Stream/Download/IM block on 1214)
The RADIUS server can not be accessed
VPN Connection failure signaled x times (users were not able to VPN in earlier)
There are no cvertificates in the local computer store (we will not be publiching any SSL certs on this server)
Outlook WebAccesspublishing rule listends on HTTP (this rule will be disabled once HTTPS and SSL are ready)
Path maximum Transmission Unit (MTU) discovery is disabled

All of the Firewall System Policy rules are enabled with the exception for the ones below:
4 Allow Remote Logging to trusted servers using NETBIOS
13 Allow VPN site-to-site traffic to ISA server
14 Allow VPN site-to-site traffic from ISA server
16 Allow remote SQL logging from ISA server to selected servers
18  Allow HTTP/HTTPS requests from ISA server to selected servers
19 Allow access from trusted computers to the firewall client installation share on ISA server
20 Allow remote performance monitoring of ISA server from trusted servers
24 Allow SecurID
25 Allow remote monitoring from ISA server to trusted servers, using MOM Agent
26 Allow HTTP traffic from IS server to all network (for CRL downloads)
29 Allow HTTP from ISA server to selected computers for Conetnet download jobs


Any help is greatly appreciated.
0
Comment
Question by:technomic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22663776
You have 2 NIC's installed -- 1 external and 1 internal? The RPC Server unavailable occurs with multiple interfaces and the binding order is not correct. Go to the advanced properties of the network interfaces and configure the binding order. You May have to play with it a bit...
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22663780
Ref this post for same issue,

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22643018.html

Let me know if you need any more help on this
0
 
LVL 2

Author Comment

by:technomic
ID: 22664022
I'm looking at it, but I'm not sure what to change.... If I go to the NIC properties > ADvanced, the only options i have there , are
Windows Firewall.. and Internet Connection sharing...
On the general Tab i have the following chacked:
Client for MS Networks
File and Print Sharing for MS Networks
HP Network Cofig Utility
Internet Protocol TCP/IP

I did notice that in the artcilce you referenced Keith was suggesting to create a rulke for TCP, I have already created that rule and verified that System Firewall Rule for RPC is also there, stil no luck.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 2

Author Comment

by:technomic
ID: 22664263
I also did not state in the question that I can not ping the ISA server, but I can only ping certain servers and clients from ISA server. I'm able to ping one of the Two DOmain Controllers. Also able to browse the web and users still able to VPN in.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22664322
Open the ISA gui, select monitoring - logging - click start query.
What do you see appear in the real time log?

Are you sure it is rpc that is failing rather than Kerberos calls etc?
What ISA SP are you running?
have you run the up the ISA BPA?
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en
needs .net 1.1

You are on 2003 R2? Are you running SP2 also?
This might be worth a look (ISA runs NAT as you can imagine)
http://support.microsoft.com/kb/927695
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22664325
0
 
LVL 2

Author Comment

by:technomic
ID: 22664394
ISA 2004 SP3
I did run the ISA BPA tool, I published the results in the bottom part of the question.
Will run the query right now and will also review those articles you posted in a few minutes.
Not sure if this is RPC or kerberos to be honest with you. No updates were installed recently.
2003 Server Standard Edition.
Right now in query, I only get results for ISA server`s public IP address and OWA`s external IP, nothign else..
Can't ping the ISA from any internal resources (servers, clients etc).
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22664490
What do you mean by cant ping isa form internal resource ? got to fix this first ? windows fireall should be turned off in ISA
0
 
LVL 2

Author Comment

by:technomic
ID: 22664553
Windows Firewall is turned off. I think we have updated the DNS server yesterday in the TCP/IP properties yesterday, this might be where this issue has started.
Exactly right, I'm unable to ping the isa by it`s IP or the FQDN from other servers or client PCs on the network. WEhen I attempt to remote in, I do get to the logon screen but after inserting the credentials, I get the error message about RPC server being unavailable.
0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 500 total points
ID: 22664781
did you try to provide your previous dns server on the properties and check ?
0
 
LVL 2

Author Closing Comment

by:technomic
ID: 31504014
Found the problem.- DNS. External nic had our ISP`s DNS. Internal NIC had DNS pointing to DCs that also has our ISP`s DNS. WSe left the DNS on th einternal NIC intact and removed the DNS fromthe External NIC on ISA. Once the services are stopped on the old ISA, then DNS settings may change on the new ISA firewall.
Thank you for your help, I really appreciate it.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22665483
glad that the issue was fixed....
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question