RE: RPC over HTTP authentication woes

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 16 Nov 2005 15:49:59 -0600

Hi Jeff,
 
Are you forcing authentication at the ISA firewall, or does the Web
Publishing Rule allow access to "all users"?
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] 
        Sent: Wednesday, November 16, 2005 3:42 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RPC over HTTP authentication woes
        
        
        http://www.ISAserver.org
        

        I have ISA 2004 sitting on the outside, with rules to allow RPC
over HTTP access to the Exchange FE server.  I think this is all
configured OK.  RPC over HTTP is working OK internally.  I also have OWA
working using a different listener (FBA).

        Whenever I try to make an external RPC connection it is failing.
I'm seeing my username shown in the ISA logs, but in the WWW logs for
the exchange proxy server  I am seeing entries with status 401.2 and
win32 error 2148074254, so I think something is wrong with the user
authentication.  from the logs (with time/date and ip info removed):

        RPC_IN_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 -
xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 
        RPC_OUT_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 -
xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 

        I have the RPC listener set to use basic authentication as well
as the exchange IIS rpc virtual directory.  The RPC listener also has a
certificate bearing the FQDN of the exchange front end server.

        Any help appreciated. This might not be an ISA issue since I
seem to be reaching the internal Exchange proxy. 

        Jeff 


        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2005