[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


"RPC Server is unavailable" when atempting to remote into  ISA 2004 server

Posted on 2008-10-07
Medium Priority
Last Modified: 2012-05-05
Dear Experts,

We deployed a new ISA 2004 Standard Server with SP3 into our organization and it was functioning fine for about a month now. Today remote users reported that they are unable to VPN into the network (PPTP), I pointed some of the remote users to the old ISA server temporarily.
After rebooting the server everything seemed fine for about an hour, later I tried to remote into the server (mstsc) and I receive the following message:
"The system cannot log you onn due to the following error:
The RPC Server is unavailable.
Please try again or consult your system administrator"

I rebooted the server and tried again.. still no luck. I noticed that Routing and Remote Access were disabled on the ISA. I did run repair on the network connections, then started the Routing and Remote Access.
I had also started both services (which were disabled):
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator

Our internal network is
I noticed that ISA is throwing a lot of error messages stating that:
"ISA Server detected routes through the network adapter outside LAN that do not correlate with the network to which this network adapter belong. Then later in the message it lists"
I had a similar issue on the old ISA server and when we corrected the LAN to - we started getting other error messages.
After the ISA server with the issue was restarted I noticed that users are now able to VPN in to our network, but we are still unable to remote into it.

ISA BPA Tool lists the following:
Policy rule blocks FTP Uploads
Policy rule blocks FTP Uploads
Receive Side SCaling (RSS) is enabled by the OS
TCP Accelerator (TCPA) is enabled by the OS
Configuration error - same as the error I listed above in the question
The lower and Upper limits of the source port range for an access rule are equal (Stream/Download/IM block on 1214)
The RADIUS server can not be accessed
VPN Connection failure signaled x times (users were not able to VPN in earlier)
There are no cvertificates in the local computer store (we will not be publiching any SSL certs on this server)
Outlook WebAccesspublishing rule listends on HTTP (this rule will be disabled once HTTPS and SSL are ready)
Path maximum Transmission Unit (MTU) discovery is disabled

All of the Firewall System Policy rules are enabled with the exception for the ones below:
4 Allow Remote Logging to trusted servers using NETBIOS
13 Allow VPN site-to-site traffic to ISA server
14 Allow VPN site-to-site traffic from ISA server
16 Allow remote SQL logging from ISA server to selected servers
18  Allow HTTP/HTTPS requests from ISA server to selected servers
19 Allow access from trusted computers to the firewall client installation share on ISA server
20 Allow remote performance monitoring of ISA server from trusted servers
24 Allow SecurID
25 Allow remote monitoring from ISA server to trusted servers, using MOM Agent
26 Allow HTTP traffic from IS server to all network (for CRL downloads)
29 Allow HTTP from ISA server to selected computers for Conetnet download jobs

Any help is greatly appreciated.
Question by:technomic
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
LVL 18

Expert Comment

ID: 22663776
You have 2 NIC's installed -- 1 external and 1 internal? The RPC Server unavailable occurs with multiple interfaces and the binding order is not correct. Go to the advanced properties of the network interfaces and configure the binding order. You May have to play with it a bit...
LVL 18

Expert Comment

ID: 22663780
Ref this post for same issue,


Let me know if you need any more help on this

Author Comment

ID: 22664022
I'm looking at it, but I'm not sure what to change.... If I go to the NIC properties > ADvanced, the only options i have there , are
Windows Firewall.. and Internet Connection sharing...
On the general Tab i have the following chacked:
Client for MS Networks
File and Print Sharing for MS Networks
HP Network Cofig Utility
Internet Protocol TCP/IP

I did notice that in the artcilce you referenced Keith was suggesting to create a rulke for TCP, I have already created that rule and verified that System Firewall Rule for RPC is also there, stil no luck.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 22664263
I also did not state in the question that I can not ping the ISA server, but I can only ping certain servers and clients from ISA server. I'm able to ping one of the Two DOmain Controllers. Also able to browse the web and users still able to VPN in.
LVL 18

Expert Comment

ID: 22664322
Open the ISA gui, select monitoring - logging - click start query.
What do you see appear in the real time log?

Are you sure it is rpc that is failing rather than Kerberos calls etc?
What ISA SP are you running?
have you run the up the ISA BPA?
needs .net 1.1

You are on 2003 R2? Are you running SP2 also?
This might be worth a look (ISA runs NAT as you can imagine)
LVL 18

Expert Comment

ID: 22664325

Author Comment

ID: 22664394
ISA 2004 SP3
I did run the ISA BPA tool, I published the results in the bottom part of the question.
Will run the query right now and will also review those articles you posted in a few minutes.
Not sure if this is RPC or kerberos to be honest with you. No updates were installed recently.
2003 Server Standard Edition.
Right now in query, I only get results for ISA server`s public IP address and OWA`s external IP, nothign else..
Can't ping the ISA from any internal resources (servers, clients etc).
LVL 18

Expert Comment

ID: 22664490
What do you mean by cant ping isa form internal resource ? got to fix this first ? windows fireall should be turned off in ISA

Author Comment

ID: 22664553
Windows Firewall is turned off. I think we have updated the DNS server yesterday in the TCP/IP properties yesterday, this might be where this issue has started.
Exactly right, I'm unable to ping the isa by it`s IP or the FQDN from other servers or client PCs on the network. WEhen I attempt to remote in, I do get to the logon screen but after inserting the credentials, I get the error message about RPC server being unavailable.
LVL 18

Accepted Solution

sk_raja_raja earned 2000 total points
ID: 22664781
did you try to provide your previous dns server on the properties and check ?

Author Closing Comment

ID: 31504014
Found the problem.- DNS. External nic had our ISP`s DNS. Internal NIC had DNS pointing to DCs that also has our ISP`s DNS. WSe left the DNS on th einternal NIC intact and removed the DNS fromthe External NIC on ISA. Once the services are stopped on the old ISA, then DNS settings may change on the new ISA firewall.
Thank you for your help, I really appreciate it.
LVL 18

Expert Comment

ID: 22665483
glad that the issue was fixed....

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question