My guess is that the To tab and the certs don't match up. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 2:56 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > That code is a WinError: > "The specified network name is no longer available" > > This means the connection between the ISA and the Exch has > been broken. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 12:51 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > The ISA log has 64 for HTTP status code and 0xa03 for error > information. > there's just a "-" in the filter information field. > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 3:33 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > What's the code for the "failed" connection? > What's in the "Filter data" field for the failed connection? > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 12:27 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > I'm seeing 200's in the W3SVC1 logs on the Exchange front end server. > > On the ISA server logs I see two "initated connection" HTTPS > entries from ISA to FE. > > These are immediately followed by the "allowed connection" > (RPC_OUT_DATA) and "failed connection" (RPC_IN_DATA) attempt > log entries from my "RPC over HTTP" rule. > > Finally, two "Closed connection" entries for the HTTPS connections. > > Then the whole thing repeats as it tries to connect again. > > I'm thinking something is still screwed up with my ISA > configuration; RPC over HTTP is working internally. > > Jeff > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 11:44 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > ..maybe - it depends on the error code. > If you're seeing "200", then it's coming from the Exch server. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 07:50 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > same rule; is the data in the error code information column > on the ISA logs the value it is getting back from rpcproxy.dll? > > > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Wednesday, November 16, 2005 6:15 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > Unless you see different rules quoted for each, now you're > troubleshooting Exchange... > .. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Wednesday, November 16, 2005 15:12 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > Thanks Jim, I knew 200 was a good thing, so hoped I was > making some progress. > > I'm running outlook with the rpcdiag switch on the client. > Upon launching, Outlook prompts me for credentials and I and > see status of "connecting" for the exchange proxy and the > directory in the server connection status dialog. > These disappear after a little while and I get the "your > exchange server is unavailable" dialog. > > On the proxy server logs, I'm seeing "Failed Connection > Attempt" on the RPC_IN_DATA queries and "Allowed Connection" > on the RPC_OUT_DATA URL. > > Jeff > > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Wednesday, November 16, 2005 5:39 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > Er.. > > Result codes of "200" are success codes. > What exactly is the client experience? > Whjat do you find in the ISA logs for those recent tests? > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Wednesday, November 16, 2005 14:32 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > Tom, > > I had it set for all users. I tried switching it to only > authenticated & forward basic authentication and did get 200 > result codes in the front end server WWW logs, but it is > still failing. > > Thanks, > Jeff > > ________________________________ > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Wednesday, November 16, 2005 4:50 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > > http://www.ISAserver.org > > Hi Jeff, > > Are you forcing authentication at the ISA firewall, or does > the Web Publishing Rule allow access to "all users"? > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP > -- ISA Firewalls **Who is John Galt?** > > > > > ________________________________ > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Wednesday, November 16, 2005 3:42 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RPC over HTTP authentication woes > > > http://www.ISAserver.org > > > I have ISA 2004 sitting on the outside, with rules to > allow RPC over HTTP access to the Exchange FE server. I > think this is all configured OK. > RPC over HTTP is working OK internally. I also have OWA > working using a different listener (FBA). > > Whenever I try to make an external RPC connection it is failing. > I'm seeing my username shown in the ISA logs, but in the WWW > logs for the exchange proxy server I am seeing entries with > status 401.2 and win32 error 2148074254, so I think something > is wrong with the user authentication. > from the logs (with time/date and ip info removed): > > RPC_IN_DATA /rpc/rpcproxy.dll > frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 > 2148074254 > RPC_OUT_DATA /rpc/rpcproxy.dll > frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 > 2148074254 > > I have the RPC listener set to use basic authentication > as well as the exchange IIS rpc virtual directory. The RPC > listener also has a certificate bearing the FQDN of the > exchange front end server. > > Any help appreciated. This might not be an ISA issue > since I seem to be reaching the internal Exchange proxy. > > Jeff > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org > Discussion List > as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > bunting@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > bunting@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > bunting@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > bunting@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > bunting@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >