RE: FW: DCOM thru ISA
- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 9 Jan 2002 10:24:06 -0600
Hi Nick,
Great info! Thanks!
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Nicholas Palmer [mailto:NICK@xxxxxxxxxxx]
Sent: Wednesday, January 09, 2002 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: DCOM thru ISA
http://www.ISAserver.org
You can get DCOM to work thru ISA, but you have to use whats called CIS
-
COM Internet services. Basically what this does is use a different
protocol
that allows you to tunnel thru a firewall. You don't have to change any
ports. If you search on Technet for CIS you should find a white paper
written by someone named Mark Levy that describes how this works and how
to
set it up. There are some limitations with what you can do, but we have
it
working, and it works fine. Now, when going thru ISA, you must use
server
publishing, and not web publishing when you publish the server that is
going
to be the DCOM server. Apparently, web publishing scans all HTTP
traffic
coming in (that's how CIS works, it uses HTTP) and it doesn't like the
information that is being generated by CIS.
Nick
-----Original Message-----
From: Johnny B. Blackmon [mailto:johnnyb@xxxxxxxxxxxxx]
Sent: Tuesday, January 08, 2002 2:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: DCOM thru ISA
http://www.ISAserver.org
Any assistance would be greatly appreciated.
Thanks,
JOhnnyB
-----Original Message-----
From: Johnny B. Blackmon
Sent: Monday, January 07, 2002 3:29 PM
To: 'isainfo@xxxxxxxxxxxxxx'
Cc: Johnny B. Blackmon
Subject: RE: DCOM thru ISA
Below is the problem. I appreciate any feedback that yopu can provide. I
didn't find any information regarding this within your web resources.
Thanks, JohnnyB
-----Original Message-----
From: Johnny B. Blackmon
Sent: Monday, January 07, 2002 3:27 PM
To: 'isainfo@xxxxxxxxxxxxxx'
Cc: Johnny B. Blackmon
Subject: DCOM thru ISA
Problem Description
===================
I am working a customer issue which they are setting up RPC server (Not
exchange server) behind ISA. There is a DCOM sample application as
client
and server. Client is on the external side of the ISA and the RPC server
is
behind ISA. Also I have setup a lab in my office and I am having the
same
problem. The ISA is installed in integrated mode. Site and content rules
allows all destinations and protocol rules allow all IP traffics applies
to
any request. The RPC filter under extension application filter is
enabled. I
have setup a server publishing rule by using "Any RPC Server". I have
created protocol definition for TCP port 135 inbound and outbound. Just
for
testing I have created ip packet filters for any protocol both direction
(UDP and TCP), again just for testing to make sure everything is open.
On
the RPC server I have installed firewall client. Also I tested as
SecNAT.
The result is the same.
The problem is when the client tries to access the RPC server is
receiving
an error mssg "the RPC server is unavailable". It works if there is no
ISA
in between.
Actions Taken #1
=============
I do see an RCP request going out in frame 115 but no response is coming
back. Have you taken a trace on the internal side on the ISA to see if
it
receives a response from the RPC server? Also please look at these
articles
and see if they apply here:
Multiple RPC servers publishing the same RPC interface is not su[idea]
ID: Q278606
RPC Clients Cannot Connect to the Servers Behind ISA Server [ntrelease]
ID: Q312893
I would take a simultaneuous trace on the internal and external
interfaces
to see what happens to the RPC Request..
Actions Taken #2
=============
Yes I have run the trace on the internal and external nic and there is
not
packects on the internal interface. Also I have checked those two and +
articles. I am at the customer site and still seeing the same problem.
Also
I have setup protocol definitions for port 1024 and higher.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nick@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
