RPC Server Unavailable

I am trying to figure out why I am receiving RPC server is unavailable errors when trying to connect to other domains DC's.

Here is the situation - I am trying to connect to domain2.work.com through Active Directory Users and Computers from a system on the domain1.work.com network.  The DC's on domain1.work.com talk to the DC's on domain2.work.com via IPSec.  

If I put my desktop in the same subnet that is set up with the IPSec filters and pull the IPSec policy then I can connect just fine. But if I move my system to another subnet (one that does not have IPSec filters set up on it) and remove the IPSec policy then I receive the RPC error.

Ultimately when I try and connect to domain2 from domain1 I receive the RPC server is unavailable error and I am trying to figure out how to troubleshoot this or what might be causing this to fail.  

DC's are Server 2003
Desktops are Vista and XP
netBoogerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason WatkinsIT Project LeaderCommented:
Hi,

is the router configured to allow IPSec pass-thru?
Are these domains in the same forest?
0
netBoogerAuthor Commented:
Yes IPSec works fine for the allowed subnet, but the subnet that this desktop is on does not have IPSec set up.

Yes these domains are in the same forest.  
0
netBoogerAuthor Commented:
I found that port 445 is blocked by policy due to vulnerabilities.  Is this possibly why it won't work?
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Jason WatkinsIT Project LeaderCommented:
Quite possible. If the remote subnet doesn't have IPSec enabled, or any IPSec devices, you must enable the IPSec client policy on the workstations.'

Port 445 is for SMB over IP, if you wanna file-share across that interface, the port should be open.

Good IPSec resource; http://technet.microsoft.com/en-us/network/bb531150.aspx
0
netBoogerAuthor Commented:
We don't want to file share and we don't want to add an IPSec filter for that subnet either for other reasons.

If we allow anything it would only be only to allow admins from that child domain to connect to another child domains DC via ADUC to manage groups. I am now just trying to figure out if 445 would have to be open for this to be possible or if maybe I am missing/misunderstanding something.

I guess my question now is if port 445 is required for this.

Thanks for the responses so far.
0
Jason WatkinsIT Project LeaderCommented:
File and printer sharing is going to have to be enabled for the mmc and aduc management across routed interfaces.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
netBoogerAuthor Commented:
Thanks Firebar for the help.
0
Jason WatkinsIT Project LeaderCommented:
Glad to help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.