The acorn didn't fall far from the tree on that one, huh??
http://www.ISAserver.org
Sounds like my daughter. I never knew anyone who could talk non-stop for three hours and not say anything I remember. :)
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, November 17, 2005 7:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes
http://www.ISAserver.org
Oh; she is... ..until she starts to tell a story. It's a verbal roller coaster if ever there was one... :-0
------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------------------
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, November 17, 2005 17:49 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes
http://www.ISAserver.org
LOL! See, I was convinced that she was a very pleasant and polite girl. I'll get you back by enjoying her stories.
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
> -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, November 17, 2005 7:39 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > I'll just wait till you come back in Jan and make you listen to my > daughter tell a story... > ..it's painful... > :-p > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, November 17, 2005 17:27 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: RPC over HTTP authentication woes > > http://www.ISAserver.org > > Hi Jeff, > > Ho boy. > > That is a very old article that I really need to update. It was > written in the days when you couldn't find information on how to > confiugre RPC/HTTP anywhere on the Microsoft site, except for some > cr*p references from the Office team (who understand networking like I > understand hog farming). > > Anyhow, the client configuration section in that article is weak at > best, incompetant at closer to the truth. If you look at the log file > entries, you'll see that the connection is made to the EXCHANGE2003BE > machine, which is the malibox server, not the FE machine. I showed the > name of the FE Exchange Server because that is how the client accesses > the RPC/HTTP proxy, which was kind enough to find the name of the BE > Exchange Server, but I didn't show that process. > > So, my bad. The name of the RPC proxy should be put in the proxy > sections, and the mailbox server should be placed in the SERVER NAME > section of the client. > > Jim can now beat we a Mullen noodle. > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 7:01 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > OK, since our favorite firewall has been exonerated, can I > step into > > OT land for a second and ask "would my likely suspect be > the front end > > exchange server?" > > > > I was going by this to configure outlook: > > http://www.msexchange.org/tutorials/outlookrpchttp.html > > > > Thanks, > > Jeff > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Thursday, November 17, 2005 7:13 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > http://www.ISAserver.org > > > > ARRRGGG! > > > > I should have realized the fact that 99% of the time its not an ISA > > firewall problem! > > > > Thanks for the update. > > > > Jim wins again :) > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > Sent: Thursday, November 17, 2005 4:33 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > http://www.ISAserver.org > > > > > > I got it working, but I'm not sure precisely why it > wasn't working. > > > > > > I noticed that there was nothing in the FE IIS logs going > to the BE > > > server. > > > > > > In my Outlook profile I changed the mailbox server to the > > name of the > > > BE server on which my mailbox physically resides and it worked! > > > Previously, I > > > had the FE server listed. I thought the FE would be able > > to look up > > > where the mailbox really is and redirect me. Is this what > > is supposed > > > to happen? > > > > > > Jeff > > > > > > > > > > > > -----Original Message----- > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > Sent: Thursday, November 17, 2005 4:08 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > http://www.ISAserver.org > > > > > > Nah - that's a 500 response from ISA. > > > What does the IIS log contain for the "RPC_IN_DATA" connections? > > > > > > ------------------------------------------------------- > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/Jim_Harrison/ > > > http://isatools.org > > > Read the help / books / articles! > > > ------------------------------------------------------- > > > > > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: Thursday, November 17, 2005 13:03 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > http://www.ISAserver.org > > > > > > My guess is that the To tab and the certs don't match up. > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > **Who is John Galt?** > > > > > > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: Thursday, November 17, 2005 2:56 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > That code is a WinError: > > > > "The specified network name is no longer available" > > > > > > > > This means the connection between the ISA and the Exch has been > > > > broken. > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Thursday, November 17, 2005 12:51 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > The ISA log has 64 for HTTP status code and 0xa03 for error > > > > information. > > > > there's just a "-" in the filter information field. > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: Thursday, November 17, 2005 3:33 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > What's the code for the "failed" connection? > > > > What's in the "Filter data" field for the failed connection? > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Thursday, November 17, 2005 12:27 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > I'm seeing 200's in the W3SVC1 logs on the Exchange front > > > end server. > > > > > > > > On the ISA server logs I see two "initated connection" > > > HTTPS entries > > > > from ISA to FE. > > > > > > > > These are immediately followed by the "allowed connection" > > > > (RPC_OUT_DATA) and "failed connection" (RPC_IN_DATA) > attempt log > > > > entries from my "RPC over HTTP" rule. > > > > > > > > Finally, two "Closed connection" entries for the HTTPS > > connections. > > > > > > > > Then the whole thing repeats as it tries to connect again. > > > > > > > > I'm thinking something is still screwed up with my ISA > > > configuration; > > > > RPC over HTTP is working internally. > > > > > > > > Jeff > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: Thursday, November 17, 2005 11:44 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > ..maybe - it depends on the error code. > > > > If you're seeing "200", then it's coming from the Exch server. > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Thursday, November 17, 2005 07:50 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > same rule; is the data in the error code information column > > > on the ISA > > > > logs the value it is getting back from rpcproxy.dll? > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: Wednesday, November 16, 2005 6:15 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > Unless you see different rules quoted for each, now you're > > > > troubleshooting Exchange... > > > > .. > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Wednesday, November 16, 2005 15:12 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > Thanks Jim, I knew 200 was a good thing, so hoped I was > > making some > > > > progress. > > > > > > > > I'm running outlook with the rpcdiag switch on the client. > > > > Upon launching, Outlook prompts me for credentials and > I and see > > > > status of "connecting" for the exchange proxy and the > > > directory in the > > > > server connection status dialog. > > > > These disappear after a little while and I get the > "your exchange > > > > server is unavailable" dialog. > > > > > > > > On the proxy server logs, I'm seeing "Failed Connection > > Attempt" on > > > > the RPC_IN_DATA queries and "Allowed Connection" > > > > on the RPC_OUT_DATA URL. > > > > > > > > Jeff > > > > > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: Wednesday, November 16, 2005 5:39 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > Er.. > > > > > > > > Result codes of "200" are success codes. > > > > What exactly is the client experience? > > > > Whjat do you find in the ISA logs for those recent tests? > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Wednesday, November 16, 2005 14:32 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > http://www.ISAserver.org > > > > > > > > Tom, > > > > > > > > I had it set for all users. I tried switching it to only > > > > authenticated & forward basic authentication and did get > > 200 result > > > > codes in the front end server WWW logs, but it is still failing. > > > > > > > > Thanks, > > > > Jeff > > > > > > > > ________________________________ > > > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > > Sent: Wednesday, November 16, 2005 4:50 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC over HTTP authentication woes > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > Hi Jeff, > > > > > > > > Are you forcing authentication at the ISA firewall, or > > does the Web > > > > Publishing Rule allow access to "all users"? > > > > > > > > Thomas W Shinder, M.D. > > > > Site: www.isaserver.org <http://www.isaserver.org/> > > > > Blog: http://spaces.msn.com/members/drisa/ > > > > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP > > > > -- ISA Firewalls **Who is John Galt?** > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Wednesday, November 16, 2005 3:42 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RPC over HTTP authentication woes > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > I have ISA 2004 sitting on the outside, with rules to > > > allow RPC over > > > > > > > HTTP access to the Exchange FE server. I think this is all > > > configured > > > > OK. > > > > RPC over HTTP is working OK internally. I also have OWA > > > working using > > > > a different listener (FBA). > > > > > > > > Whenever I try to make an external RPC > connection it is failing. > > > > I'm seeing my username shown in the ISA logs, but in the > > > WWW logs for > > > > the exchange proxy server I am seeing entries with > > status 401.2 and > > > > win32 error 2148074254, so I think something is wrong > > with the user > > > > authentication. > > > > from the logs (with time/date and ip info removed): > > > > > > > > RPC_IN_DATA /rpc/rpcproxy.dll > > > > frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 > > > > 2148074254 > > > > RPC_OUT_DATA /rpc/rpcproxy.dll > > > > frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 > > > > 2148074254 > > > > > > > > I have the RPC listener set to use basic authentication > > > as well as > > > > the exchange IIS rpc virtual directory. The RPC listener > > > also has a > > > > certificate bearing the FQDN of the exchange front end server. > > > > > > > > Any help appreciated. This might not be an ISA issue > > > since I seem to > > > > > > > be reaching the internal Exchange proxy. > > > > > > > > Jeff > > > > > > > > > > > > ------------------------------------------------------
> >
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx