RE: RPC over HTTP problems

Think tunnel, think my internal DNS is foobarred!!!!

S 

-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, February 23, 2005 10:40 AM
To: ISA Mailing List
Subject: [isalist] RE: RPC over HTTP problems

http://www.ISAserver.org

Well I think its playing a role in the RPC over HTTP because here at my
home office I was able to get RPC over HTTP working which uses a
standardize domain (domain.com) though I had to use the external IP of
the ISA server (NIC) because I was trying to go out my router and back
in which always work. :) As soon as I set my Host file to be the
external IP of my ISA box (10.10.10.2) I was able to login as whoever I
wanted. 

At this companies site their internet IP is assigned to their external
NIC on ISA; the company that provides them DSL up sold them to use
crappy Netophia routers so they could better utilize their 4 extra IP's.
So the connection goes from the Netophia router to the ISA box and is
wide open (nothing is being blocked). 

Anyhow both my machine and the companies one are setup identically with
the exception they have their own cert and I have my own cert. I am able
to get connected to mine theirs won't connect. 

I do have a question: is there anyway for an ISP to block RPC over HTTP?
I know most ISP's today block port 135 on the edge of their firewalls,
thus most DSL customers end up with no port 135 traffic. Or does RPC
over HTTP only use 443 or 445, and port 80?

Andrew


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 11:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RPC over HTTP problems

http://www.ISAserver.org

Only if your internal name resolution sucks.

-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 4:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RPC over HTTP problems

http://www.ISAserver.org


Jim, 

 

I forgot to mention that the way these people had their server setup is
that its primary DNS is domain.local and their mail is owa.doman.com - I
have hear that when you use a local as the primary DNS that it can cause
problems for RPC/HTTP?? 

 

Andrew

 

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 4:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RPC over HTTP problems

 

http://www.ISAserver.org

Kb's are your friends:

http://support.microsoft.com/search/default.aspx?query=rpc+over+http&cat
alog=LCID%3D1033&qryWt=Microsoft+Office+2003&mode=r&cus=False&x=11&y=17 

 

What OS?

RPC/HTTP is only supported on WinXP and later.

 

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/> 

   http://isatools.org <http://isatools.org/> 

   Read the help / books / articles!

-------------------------------------------------------

 

________________________________

From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 13:30
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: RPC over HTTP problems

 

Hi Jim,

 

The client runs Office 2003 Pro, thus Outlook 2003. We are installing
SP1 as I type this message and will test it again, but can I be sure
that its related to not having SP1?

 

We have the client machine connected to a DSL modem in the same office
but non of the traffic goes through the server, it all goes out to over
the internet back into the office. 

 

Thanks

Andrew

 

 

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tue 2/22/2005 4:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RPC over HTTP problems

http://www.ISAserver.org

RPC/HTTP doesn't use the RPC application filter.

Any "real" RPC traffic you see is a result of client misconfiguration.

 

What is the client you're using (OS/SP/Office ver / patches)?

Where is the client operating from; internal or external to ISA?

 

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/> 

   http://isatools.org <http://isatools.org/> 

   Read the help / books / articles!

-------------------------------------------------------

 

________________________________

From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 13:14
To: [ISAserver.org Discussion List]
Subject: RPC over HTTP problems

 

Hi,

 

I have setup RPC over HTTP along with OWA using Tom's Exchange / ISA
info. Though I don't think there is any problem with his material I am
having a problem wirh RPC. The OWA with SSL works flawlessly. 

 

When I setup the log in ISA to only look at the machine that we are
using on the external side to connect to RPC over HTTP its able to
negoicate with HTTPS on 443 without any problems but the RPC (all
interfaces) id denied access by the default rule. I am wondering is
there something else I need to set on ISA to enable the RPC protocol to
work?

 

Thanks

Andrew

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.

All mail to and from this domain is GFI-scanned.


All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The haggis is unusual in that it is neither consistently nocturnal nor diurnal, 
but instead is active at dawn and dusk (crepuscular), with occasional forays 
forth during the day and night. 




Other related posts: