same rule; is the data in the error code information column on the ISA logs the value it is getting back from rpcproxy.dll? -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 6:15 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Unless you see different rules quoted for each, now you're troubleshooting Exchange... .. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 15:12 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Thanks Jim, I knew 200 was a good thing, so hoped I was making some progress. I'm running outlook with the rpcdiag switch on the client. Upon launching, Outlook prompts me for credentials and I and see status of "connecting" for the exchange proxy and the directory in the server connection status dialog. These disappear after a little while and I get the "your exchange server is unavailable" dialog. On the proxy server logs, I'm seeing "Failed Connection Attempt" on the RPC_IN_DATA queries and "Allowed Connection" on the RPC_OUT_DATA URL. Jeff -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 5:39 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Er.. Result codes of "200" are success codes. What exactly is the client experience? Whjat do you find in the ISA logs for those recent tests? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 14:32 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Tom, I had it set for all users. I tried switching it to only authenticated & forward basic authentication and did get 200 result codes in the front end server WWW logs, but it is still failing. Thanks, Jeff ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, November 16, 2005 4:50 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Hi Jeff, Are you forcing authentication at the ISA firewall, or does the Web Publishing Rule allow access to "all users"? Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 3:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RPC over HTTP authentication woes http://www.ISAserver.org I have ISA 2004 sitting on the outside, with rules to allow RPC over HTTP access to the Exchange FE server. I think this is all configured OK. RPC over HTTP is working OK internally. I also have OWA working using a different listener (FBA). Whenever I try to make an external RPC connection it is failing. I'm seeing my username shown in the ISA logs, but in the WWW logs for the exchange proxy server I am seeing entries with status 401.2 and win32 error 2148074254, so I think something is wrong with the user authentication. from the logs (with time/date and ip info removed): RPC_IN_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 RPC_OUT_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 I have the RPC listener set to use basic authentication as well as the exchange IIS rpc virtual directory. The RPC listener also has a certificate bearing the FQDN of the exchange front end server. Any help appreciated. This might not be an ISA issue since I seem to be reaching the internal Exchange proxy. Jeff ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx