Are you serious? I guess that is kind of deceiving... There has got to be a way, to literally open up a remote network using a single setting, in order to let ALL traffic flow. Surely the creators of ISA 2004 must understand, that there ARE actually times, where you are connecting to another secure network - and that one would want to connect both together seamlessly - therefore creating a wizard or setting to do so. So do those articles I mentioned, cover all the stuff I need to do? Since everybody knows my setup, and also what I am trying to accomplish, could you all help me regarding setting up the proper protocols? What else do I need to do, in additional to "Allowing All Traffic" to and from the Internal network? Thanks for all your help, Mike -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Friday, November 19, 2004 5:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Can't run DCPROMO over a Remote Link? http://www.ISAserver.org You will probably have to disable the rpc filter, you have to allow a myriad of protocols, that are not covered by allow all, in fact allow all isn't really allow all..... -----Original Message----- From: Mike Anderson [mailto:mike@xxxxxxxxxxxx] Sent: Friday, November 19, 2004 6:21 PM To: ISA Mailing List Subject: [isalist] RE: Can't run DCPROMO over a Remote Link? http://www.ISAserver.org Thomas (I gotta ask the guru), If I have a standalone ISA Server, which connects to our main network across town, and then in turn, feeds our internal 192 network which my potential Backup DC belongs to, what must I do in order to have that server be promoted to a Backup DC? Joseph just mentioned RPC, and it's odd that he mentions that... If I run DCPROMO on that server, and tries to contact the PDC, it DOES attempt to begin the process, but then gives me an error message about the RPC. Now here is the weird part - if I keep hitting the "back" button on the Wizard (so I can change any settings), and then hit the "next" button to try again, after about the 10th or 11th attempt, it WILL finally contact the PDC, and then the Wizard proceeds with the ENTIRE upgrade process. Then when it's finished, of course it needs to reboot, and then that server is officially on the Domain as a Secondary DC. BUT, now that the machine is running NOW as a Backup DC, it hangs from time to time - like when you try to run any Administrative Console Apps - like DHCP manager, WINS, etc. It's almost like it works for a while, then slowly deteriorates. It can consistently contact all the machines on the network - including the ones on the other side, but there seems to be some other higher level communications that it's unable to perform - and then of course, it starts to affect the workstations on it's own side of the network. You know - workstations that are part of the domain, but used to authenticate across the WAN link (because that's where the PDC was) - but now, can make LOCAL auth requests since there is now a local Domain Controller. Like I mentioned before, I created Rules, that give FULL access from the Remote Network to the Localhost and Internal network, and also a reverse rule, that allows FULL access from the Localhost and Internal network to the Remote Network. The link works great overall - but only when there is Domain Controller related traffic, is when things start to get really bad. Is this in fact an RPC problem? Is there anything else I should be looking at? The article you wrote, talked more about Exchange Servers and DMZ's - and that's really not my exact scenario. All I want, is to have a PDC and BDC which are both behind their respective ISA 2004 Servers, to talk freely to each other, and allow them to do, whatever it is they need to do. Any more thoughts on this? This is SUPER important, as I really need this BDC to work properly. Thanks everybody - and Thomas if you could jump in, I'd be grateful. Mike -----Original Message----- From: josephk [mailto:josephk@xxxxxxxxx] Sent: Friday, November 19, 2004 3:03 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Can't run DCPROMO over a Remote Link? http://www.ISAserver.org Yes, and make sure on the RPC that you setup the port to a number such as 1600 or 50000 and keep that consistent by Using the registry to create the desired port. You'll find 2 documents on isaserver.org that talks about the ports. http://www.isaserver.org/articles/2004perimeterdomain.html *ADLogon/DirRep: Primary Connection: 50000 TCP Outbound (requires RPC key set on the back-end Exchange Server) Perform the following steps on each of the domain controllers in your domain to change the RPC replication port to 50000: 1. Click Start and click Run. In the Open text box enter Regedit and click OK. 2. Go to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\ 3. Click the Edit menu and point to New. Click DWORD Value. 4. Rename the entry from New Value #1 to TCP/IP Port, then double click the entry. 5. In the Edit DWORD Value dialog box, select the Decimal option. Enter 50000 in the Value data text box. Click OK. 6. Restart the domain controller. http://www.isaserver.org/articles/2004dmzfebe.html ADLogon/DirRep: Primary Connection: 1600 TCP Outbound (requires RPC key set on the back-end Exchange Server) Thank you, Joseph -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Thursday, November 18, 2004 7:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Can't run DCPROMO over a Remote Link? http://www.ISAserver.org You need to make sure you have allowed the correct protocols for intra-domain communication between the 2 domains. S -----Original Message----- From: Mike Anderson [mailto:mike@xxxxxxxxxxxx] Sent: Thursday, November 18, 2004 11:46 PM To: ISA Mailing List Subject: [isalist] Can't run DCPROMO over a Remote Link? http://www.ISAserver.org Hello All, Why can't I make a server into a Backup Domain Controller, while going over a Remote Site Network link? It should be just as good as being there - if the WAN link is doing what it's really supposed to be doing right? I must be missing something, and hopefully all of you can shed some light on the problem... I get the following error, when I run DCPROMO - after answering all the final questions before it attempts to contact the Primary Domain Controller on the other side of the link: "The network path was not found. If this computer is connected to the network via a Remote Access Service (RAS) connection, ensure that File and Printer Sharing for Microsoft Networks is enabled for that connection." Do you all think this very well may be the problem, since I am in fact, going over a RAS Style link? If so, what do I need to do, in order to get this working? Thanks, Mike ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------------------------ -------- This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient named above. Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum IT Solutions Ltd disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum IT Solutions Ltd or its subsidiaries or affiliates. administrator@xxxxxxxxxx ------------------------------------------------------------------------ -------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mike@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mike@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx