As if that was really needed !! Paul Nuernberger Baron Computer Systems -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, November 17, 2005 3:46 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org You're trying to goad me into getting myself into trouble, aren't you? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, November 17, 2005 13:23 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org OK, we'll see when the fat lady sings on this one :) Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 3:08 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > Nah - that's a 500 response from ISA. > What does the IIS log contain for the "RPC_IN_DATA" connections? > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, November 17, 2005 13:03 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > My guess is that the To tab and the certs don't match up. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 2:56 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > That code is a WinError: > > "The specified network name is no longer available" > > > > This means the connection between the ISA and the Exch has been > > broken. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 12:51 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > The ISA log has 64 for HTTP status code and 0xa03 for error > > information. > > there's just a "-" in the filter information field. > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 3:33 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > What's the code for the "failed" connection? > > What's in the "Filter data" field for the failed connection? > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 12:27 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > I'm seeing 200's in the W3SVC1 logs on the Exchange front > end server. > > > > On the ISA server logs I see two "initated connection" > HTTPS entries > > from ISA to FE. > > > > These are immediately followed by the "allowed connection" > > (RPC_OUT_DATA) and "failed connection" (RPC_IN_DATA) attempt log > > entries from my "RPC over HTTP" rule. > > > > Finally, two "Closed connection" entries for the HTTPS connections. > > > > Then the whole thing repeats as it tries to connect again. > > > > I'm thinking something is still screwed up with my ISA > configuration; > > RPC over HTTP is working internally. > > > > Jeff > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 11:44 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > ..maybe - it depends on the error code. > > If you're seeing "200", then it's coming from the Exch server. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 07:50 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > same rule; is the data in the error code information column > on the ISA > > logs the value it is getting back from rpcproxy.dll? > > > > > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Wednesday, November 16, 2005 6:15 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > Unless you see different rules quoted for each, now you're > > troubleshooting Exchange... > > .. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Wednesday, November 16, 2005 15:12 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > Thanks Jim, I knew 200 was a good thing, so hoped I was making some > > progress. > > > > I'm running outlook with the rpcdiag switch on the client. > > Upon launching, Outlook prompts me for credentials and I and see > > status of "connecting" for the exchange proxy and the > directory in the > > server connection status dialog. > > These disappear after a little while and I get the "your exchange > > server is unavailable" dialog. > > > > On the proxy server logs, I'm seeing "Failed Connection Attempt" on > > the RPC_IN_DATA queries and "Allowed Connection" > > on the RPC_OUT_DATA URL. > > > > Jeff > > > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Wednesday, November 16, 2005 5:39 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > Er.. > > > > Result codes of "200" are success codes. > > What exactly is the client experience? > > Whjat do you find in the ISA logs for those recent tests? > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Wednesday, November 16, 2005 14:32 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > Tom, > > > > I had it set for all users. I tried switching it to only > > authenticated & forward basic authentication and did get 200 result > > codes in the front end server WWW logs, but it is still failing. > > > > Thanks, > > Jeff > > > > ________________________________ > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Wednesday, November 16, 2005 4:50 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > http://www.ISAserver.org > > > > Hi Jeff, > > > > Are you forcing authentication at the ISA firewall, or does the Web > > Publishing Rule allow access to "all users"? > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org <http://www.isaserver.org/> > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP > > -- ISA Firewalls **Who is John Galt?** > > > > > > > > > > ________________________________ > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Wednesday, November 16, 2005 3:42 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RPC over HTTP authentication woes > > > > > > http://www.ISAserver.org > > > > > > I have ISA 2004 sitting on the outside, with rules to > allow RPC over > > HTTP access to the Exchange FE server. I think this is all > configured > > OK. > > RPC over HTTP is working OK internally. I also have OWA > working using > > a different listener (FBA). > > > > Whenever I try to make an external RPC connection it is failing. > > I'm seeing my username shown in the ISA logs, but in the > WWW logs for > > the exchange proxy server I am seeing entries with status > 401.2 and > > win32 error 2148074254, so I think something is wrong with the user > > authentication. > > from the logs (with time/date and ip info removed): > > > > RPC_IN_DATA /rpc/rpcproxy.dll > > frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 > > 2148074254 > > RPC_OUT_DATA /rpc/rpcproxy.dll > > frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 > > 2148074254 > > > > I have the RPC listener set to use basic authentication > as well as > > the exchange IIS rpc virtual directory. The RPC listener > also has a > > certificate bearing the FQDN of the exchange front end server. > > > > Any help appreciated. This might not be an ISA issue > since I seem to > > be reaching the internal Exchange proxy. > > > > Jeff > > > > > > ------------------------------------------------------ > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List > > as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > bunting@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > bunting@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > bunting@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > bunting@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > bunting@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pen@xxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx