RE: RPC over HTTP authentication woes

  • From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 16 Nov 2005 17:32:23 -0500

Tom,
 
I had it set for all users.  I tried switching it to only authenticated &
forward basic authentication and did get 200 result codes in the front end
server WWW logs, but it is still failing.

Thanks,
Jeff
 
  _____  

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, November 16, 2005 4:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RPC over HTTP authentication woes


http://www.ISAserver.org

Hi Jeff,
 
Are you forcing authentication at the ISA firewall, or does the Web
Publishing Rule allow access to "all users"?
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
<http://spaces.msn.com/members/drisa/> 
Book:  <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 


  _____  

From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] 
Sent: Wednesday, November 16, 2005 3:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RPC over HTTP authentication woes


http://www.ISAserver.org


I have ISA 2004 sitting on the outside, with rules to allow RPC over HTTP
access to the Exchange FE server.  I think this is all configured OK.  RPC
over HTTP is working OK internally.  I also have OWA working using a
different listener (FBA).

Whenever I try to make an external RPC connection it is failing.  I'm seeing
my username shown in the ISA logs, but in the WWW logs for the exchange
proxy server  I am seeing entries with status 401.2 and win32 error
2148074254, so I think something is wrong with the user authentication.
from the logs (with time/date and ip info removed):

RPC_IN_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 -
xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 
RPC_OUT_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 -
xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 

I have the RPC listener set to use basic authentication as well as the
exchange IIS rpc virtual directory.  The RPC listener also has a certificate
bearing the FQDN of the exchange front end server.

Any help appreciated. This might not be an ISA issue since I seem to be
reaching the internal Exchange proxy. 

Jeff 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bunting@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2005