RE: FW: DCOM thru ISA

• From: Nicholas Palmer <NICK@xxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 9 Jan 2002 09:28:31 -0800

No problem, just trying to repay the list for all the useful stuff I've
found here.

Nick.

-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, January 09, 2002 8:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: DCOM thru ISA


http://www.ISAserver.org


Hi Nick,

Great info! Thanks!

Tom
www.isaserver.org/shinder


-----Original Message-----
From: Nicholas Palmer [mailto:NICK@xxxxxxxxxxx] 
Sent: Wednesday, January 09, 2002 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: DCOM thru ISA

http://www.ISAserver.org


You can get DCOM to work thru ISA, but you have to use whats called CIS
-
COM Internet services.  Basically what this does is use a different protocol
that allows you to tunnel thru a firewall.  You don't have to change any
ports.  If you search on Technet for CIS you should find a white paper
written by someone named Mark Levy that describes how this works and how to
set it up.  There are some limitations with what you can do, but we have it
working, and it works fine.  Now, when going thru ISA, you must use server
publishing, and not web publishing when you publish the server that is going
to be the DCOM server.  Apparently, web publishing scans all HTTP traffic
coming in (that's how CIS works, it uses HTTP) and it doesn't like the
information that is being generated by CIS.  

Nick

-----Original Message-----
From: Johnny B. Blackmon [mailto:johnnyb@xxxxxxxxxxxxx] 
Sent: Tuesday, January 08, 2002 2:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: DCOM thru ISA


http://www.ISAserver.org


Any assistance would be greatly appreciated.
Thanks,
JOhnnyB

-----Original Message-----
From: Johnny B. Blackmon 
Sent: Monday, January 07, 2002 3:29 PM
To: 'isainfo@xxxxxxxxxxxxxx'
Cc: Johnny B. Blackmon
Subject: RE: DCOM thru ISA

Below is the problem. I appreciate any feedback that yopu can provide. I
didn't find any information regarding this within your web resources.
Thanks, JohnnyB

-----Original Message-----
From: Johnny B. Blackmon 
Sent: Monday, January 07, 2002 3:27 PM
To: 'isainfo@xxxxxxxxxxxxxx'
Cc: Johnny B. Blackmon
Subject: DCOM thru ISA

Problem Description
===================
I am working a customer issue which they are setting up RPC server (Not
exchange server) behind ISA. There is a DCOM sample application as client
and server. Client is on the external side of the ISA and the RPC server is
behind ISA. Also I have setup a lab in my office and I am having the same
problem. The ISA is installed in integrated mode. Site and content rules
allows all destinations and protocol rules allow all IP traffics applies to
any request. The RPC filter under extension application filter is enabled. I
have setup a server publishing rule by using "Any RPC Server". I have
created protocol definition for TCP port 135 inbound and outbound. Just for
testing I have created ip packet filters for any protocol both direction
(UDP and TCP), again just for testing to make sure everything is open. On
the RPC server I have installed firewall client. Also I tested as SecNAT.
The result is the same. 

The problem is when the client tries to access the RPC server is receiving
an error mssg "the RPC server is unavailable". It works if there is no ISA
in between.

Actions Taken #1
=============
I do see an RCP request going out in frame 115 but no response is coming
back. Have you taken a trace on the internal side on the ISA to see if it
receives a response from the RPC server? Also please look at these articles
and see if they apply here:

Multiple RPC servers publishing the same RPC interface is not su[idea] 
ID: Q278606 

RPC Clients Cannot Connect to the Servers Behind ISA Server [ntrelease] 
ID: Q312893 

I would take a simultaneuous trace on the internal and external interfaces
to see what happens to the RPC Request..

Actions Taken #2
=============
Yes I have run the trace on the internal and external nic and there is not
packects on the internal interface. Also I have checked those two and +
articles. I am at the customer site and still seeing the same problem. Also
I have setup protocol definitions for port 1024 and higher.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nick@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nick@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » FW: DCOM thru ISA
• » RE: FW: DCOM thru ISA
• » RE: FW: DCOM thru ISA
• » RE: FW: DCOM thru ISA
• » RE: FW: DCOM thru ISA

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---