Last chance, then I request that you get dropped from the list. I have no problem with ignorance - we all start from there. The problem I have is blatant, irretrievable stupidity. You've been handed an immense amount of information, of which you've made VERY selective use. Fact: RPC/HTTP DOES NOT USE TCP:135 ENDPOINT MAPPER. Fact: the OL2K3 client is configured to use TCP before HTTP by default - have you changed this? If the customer (who should consider a new consultant, IMHO) is able to provide SSL-based web services, then RPC/HTTP will also work, providing the client / server / ISA isn't completely horked. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, February 23, 2005 07:32 To: [ISAserver.org Discussion List] Subject: [isalist] ISP blocking RPC over HTTP? http://www.ISAserver.org [Internet IP 69.157.202.123] | | | [SS6300 Router IP 10.10.10.1] | |-- [Notebook IP 10.10.10.5 / GW 10.10.10.1 / DNS - 4.2.2.1] |-- [ISA Server IP 10.10.10.2 -- all DMZ traffic from Router] | [ISA Server IP 192.168.1.8 (internal) - IP 10.10.10.2 (external)] | [exchange.smoothrunnings.ca IP 192.168.1.4] | [Rest of the LAN] Problem: RPC over HTTP does not seem to work from the outside world. Testing: Notebook used: HP Omnibook 6000 P3-1Ghz/512/40/CD etc. Operating System: Windows XP SP2 with latest updates Software: Microsoft Office 2003 Professional SP1 with all updates TCP/IP Setup: look above If I set the host file on the notebook to point to my internet IP address (69.157.202.123) for exchange.smoothrunnings.ca since the owa.smoothrunnings.ca is registered I am not able to login to the RPC over HTTP server. If I set the hosts file on the notebook to point to my external IP on ISA Server (10.10.10.2) I am able to login via RPC over HTTP without any problems, which suggests to me that RPC over HTTP is working properly. Second phase: I setup a new user on AD and went to a totally external source for internet access, I setup the host file to point to the internet IP address and attempt to connect to the same account I was able to when using the ISA external IP. I waited, and waited some more then got the message that Outlook could not login. I then reconfigured the host file to the external IP of ISA Server and got the same error message. I also tried to connect to this company who has their DSL connected directly to their ISA box using the same methods on the host file as I did for my own setup, I got the same error message both times. We have put a cheap cable/dsl router between this companies internet connection and their ISA box and were able to successfully connect through ISA external LAN IP address, but not through the internet itself. Question: What are all the ports that RPC over HTTP uses? Its fair to ask the ISP if they are blocking them, as I already said in another message most ISP's block port 135 which is the standard port RPC uses. Thanks Andrew ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.