Solved

RPC Server unavailable at new site

Posted on 2014-01-09
5
580 Views
Last Modified: 2014-01-13
This is an odd one, although I think it's a WAN connectivity, or firewall issue, while the Network Team looks at it I thought I'd ask....

We set up a new site with an Server 2012 AD controller, File Server, and SCCM server.  All of the servers are virtual guests running on a VMware 5.1 server on an "Office in a Box" Cisco UCS system.  We can connect to the site via http, telnet, etc. from any of our other sites.  We can connect to this new remote site similarly.  We can use UNC, Event Viewer, etc. (other RPC apps) from the other sites to the new remote site.  However, at the remote site anything using RPC, notably port 135, outward to another site will not work.  I get RPC 1722 "RPC server unavailable" errors for various things like replication, directory services, cannot access remote file shares out from the remote site.

Anything RPC I try in the internal remote site will work.   Anything RPC related outside the remote site will not work.

Cisco and the WAN provider say everything is going through.  If I use TraceTCP from the remote site out on port 135 it stops at the gateway at the remote site.  If I use TraceTCP to test other ports (53, 80, etc.) it will route out of the remote site network.  Of course, the WAN provider and Cisco say they don't see an issue.
0
Comment
Question by:Darthyw
5 Comments
 
LVL 19

Assisted Solution

by:Patricksr1972
Patricksr1972 earned 250 total points
ID: 39768573
Hi

Maybe the internet provider is blocking the use of port 135, did you ask them?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 250 total points
ID: 39768766
You need to check firewall \ router logs by generating test traffic where it is getting blocked

Issue must exists with new site switch \ router \ firewall only for outbound traffic, may be there is some loop issue or route issue. please check with network team end to end

You can try portqueryui tool as well to check

Mahesh
0
 

Author Comment

by:Darthyw
ID: 39769151
Thanks.  I had tried portqueryui earlier, a great tool, which helped see that only some ports were jacked.  We had opened a ticket with MS about the issue - just in case, although I doubted a MS issue - and they confirmed it's likely some underlying WAN, ISP, Firewall issue.  The firewall isn't on the Windows servers, and we aren't using a third party firewall on the servers themselves.

The network team is reviewing.  The ISP and Cisco say they can traceroute and telnet between using the very ports (135 particularly) we are seeing issues with.  Interestingly though, from the Windows servers using tracetcp on port 135 from the remote site back to any other site, the trace drops right after the gateway at the remote site.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39774298
Sounds like a routing problem on your gateway, make sure the gateway at remote site has the correct routes to your other sites..

DirkMare
0
 

Author Closing Comment

by:Darthyw
ID: 39777122
I split the points with Mahesh and Patricksr1972 for their prompt answers.  In my research any of these are likely RPC error causes.  And in our case it was something in a switch/router on the WAN service providers MPLS lines somewhere.  We got all parties involved on a call, launched Outlook on a computer from the remote site since our issue was specifically RPC traffic, and all the telecom and network guys got packet captures.  They narrowed the issue down to between two cities near the remote site, and sent a tech to get some better captures at one of the sites.   The issues were the WAN providers equipment, and once they made some quick setting change it all started working.

Thanks for the help all.  The portqueryUI tool is a great tool as well.  I didn't think it would be any issue from a Windows server side since at the site all the Windows servers communicated with one another fine.  So, I didn't see a protocol stack issue like some KBs mentioned could be a problem.  My only other thought was perhaps an AD Sites and Services configuration on this new site, although I never saw an issue.  Obviously it was our WAN.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
Resolve DNS query failed errors for Exchange
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now