OK, so I was forced into saying Uncle in the end. I am giggling about that to be honest. I can be too stubborn for my own good sometimes. I picked up an older box for peanuts, and ramped up the RAM and all seems to be good. If anyone has any whipped cream, I am sure it will go nicely with this slice of humble pie I just served myself. At any rate, I have had a couple of goofy things arise since moving to a more standard config (ISA has a USB ADSL link and a private Ethernet link, DC runs IIS, Exchange and SQL, and then fragged the member server and made it XP, so have two XP boxes) I had the ISA client on the XP box that was almost working, so rather than uninstall it after I changed ISA Servers, I just pointed it to the new server. When I tried to connect to my internal website, the logs came up with port 8080 for http on the ISA Server, as opposed to port 80 for HTTP on the IIS box. I tried changing the internal listener to port 8080, and just generally tried a few dns'y type things, and in the end just disabled the ISA Client and manually put the ports in the lan props in IE, and hey presto! But is this normal? As an aside, Zahir Al-Saab posted something about putting ISA on the DC and not being able to join clients. Yup, that be correct for me here too. Is one of the reasons I just gave up, and got another box. I bet your app logs on the various machines are full of Event ID 1053, and I bet further that if you do a search on that event ID you won't find the exact error message. I tried publishing RPC servers all sorts of crazy stuff, and it just would not play ball. I realise I am a total newbie to ISA 2004, having spent the last few years in the land of Watchguard, but I would be willing to bet that you will have to bite the bullet on this one and get a puter to dedicate itself to ISA, and let your DC do it's job separately. Anyhow thanks for the replies, and have a great weekend. Clayton -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 28 April 2005 10:16 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the gasps) http://www.ISAserver.org Hey guys, Its taken the ISA and SBS guys thousands of man-hours to figure this out and come up with a reasonable security compromise for a co-lo ISA/Exchange/DC box. I guarantee that anything done outside of this massive effort is going to lead to a haX0-r crated box, but only after they stolen bandwdith for pR0n file sharing and ripped your personal data from the box. HTH< Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx] Sent: Thursday, April 28, 2005 4:18 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the gasps) http://www.ISAserver.org Clayton In re reading your post and doing some further reading of my own i would have a go at publishing the Exchange RPC on the external interface, not the internal for a minute and see if that gets rid of any rpc errors. Also this article might help you http://support.microsoft.com/?kbid=839880 ________________________________ From: Clayton Doige [mailto:clayton.doige@xxxxxxxxx] Sent: Thursday, April 28, 2005 6:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the gasps) http://www.ISAserver.org The Outlook install is on a different computer than the Exchange/ISA Server. It is running on Windows 2003 Server. The Windows XP box I have with Outlook 2003 can connect just fine. Both of these machines get the 1053 Error in the application log: Windows cannot determine the user or computer name. (The remote procedure call failed. ). Group Policy processing aborted. ________________________________ From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx] Sent: 28 April 2005 02:56 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the gasps) http://www.ISAserver.org Clayton Are you trying to send mail from outlook on the exchange server? or is this a separate server you have Greg ________________________________ From: Clayton Doige [mailto:clayton@xxxxxxxxxxxx] Sent: Thursday, April 28, 2005 11:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] Isa 2004 E2K3 on the same box (I can hear the gasps) http://www.ISAserver.org This is my situation, and it aint going to change. So before you all tell me what a bad boy I am being by doing this, that is wonderful, but I want to make this scenario work full stop. )Sorry for the party broadcast there, was a pre-emptive measure eh) Right. 2003 Global Catalogue, SQL 2000, ISA 2004 and Exchange 2003 are on the same Box, as I am doing a wee bit of learning here, and just seeing how far I can push things. This is not SBS. The mail server is published and email happily goes in and out of my server. IIS works a treat, SQL is happy too. On my WinXP box on the private range, Outlook 2003 is as happy as you like, open it, connect, send receive whatever. On my W2K3 Member Server on said private range however it comes up as disconnected, and won't send receive. I got the bright idea of publishing Exchange RPC to the internal LAN, and that did nae help. If I start a logging query, I note a bunch of entries basically like: Local IP 135 RPC (All Interfaces) Initiated Connection No Rule Shows in the rule column Client IP Local IP 135 RPC (All Interfaces) Closed Connection again no rule referenced Client IP This repeats a few times, but that is all that happens. A send/receive in outlook just says the server is unavailable. In Event Spewer on the same W2K3 member server (and on the XP box for that matter) Group Policy will not apply as the RPC failed, and thus the computer does not know its own name, (poor amnesiatic little thingy) The Event ID is 1053, but that did not bring a lot up on a google search that I could relate to the scenario I have set up here. I tried publishing internally an RPC Server to the private IP and that made no diff either. OK< so I am doing this all totally wrong, and I should stick a bridgehead in a DMZ, route mail to that, then have another SMTP connector to a mail server on the private LAN that actually has the mailboxes, or any other configuration other than the one I have. But this is the one I have, and I would like to make it work J I have one puter I can run all this stuff on and blow away at my leisure if it goes boom, the other two, not so easy to do so, therefore mesa putting me's eggs in da big basket. Any feedback will be greatly appreciated, other than the obvious 'you should not set it up that way' LOL Cheers Clayton ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: clayton.doige@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: clayton.doige@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx