http://www.ISAserver.org ------------------------------------------------------- Dunno - C&P from a previous post... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Monday, May 29, 2006 11:09 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: RCP over HTTP Assistance needed http://www.ISAserver.org ------------------------------------------------------- You mean 2) The security certificate date is invalid, right? t On 5/29/06 10:45 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > You said (and I quote from further down the thread): > > 1) The security certificate is from an untrusted certifying authority > 2) The security certificate date is valid > 3) The name on the security certificate is invalid or does not match > the name of the site. > > All of these generate a "500" error in ISA. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers > Sent: Saturday, May 27, 2006 16:33 > To: isalist@xxxxxxxxxxxxx > Subject: RE: [isalist] Re: RCP over HTTP Assistance needed > > But Jim, I never saw a "500" error anywhere - if I saw this error > message, I would have tracked it down in the documentation. My OWA > rule work perfectly fine. > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison > Sent: Sat 5/27/2006 1:48 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: RCP over HTTP Assistance needed > > > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > You haven't followed the advice, books, or articles. > If you had, you wouldn't be seeing the errors you're quoting. > You've been getting the answers to the questions you ask. > > Q - Why does ISA produce a "500" error for my OWA rule? > > A1 - the certificate installed on ISA must be issued by a CA that is > in the local machine trusted root store. This is equivalent to the IE " > The security certificate is from an untrusted certifying authority" > popup. Install the CA cert in the ISA trusted root store. If ISA the > CA certificate installed in the local machine trusted root store, this > error will stop. This error will cease if the CA cert is installed in > the ISA local machine trusted root store. Install the CA certificate > in the local machine trusted roots store and this error will stop. > > A2 - the common name in the certificate does not match the data in the > "server" field of the "To" tab in the web publishing rule. ISA gives > you an "target principle name is incorrect" in this case. This is > equivalent to the IE "The name on the security certificate is invalid > or does not match the name of the site" error. Change the data in the > "server" field of the "To" tab in the web publishing rule to match the > common name in the certificate. If you use the same data in the > "server field of the "To" tab of the web publishing rule as fond in > the Exch cert common name, this error will cease. This error will > stop if the "server" field in the "To" tab of the web publishing rule matches > the common name of the certificate installed on the Exchange server. > > A3 - the certificate errors have *nothing* to do with the path portion > of either the client request or the web publishing rule. The path > portion of the web publishing rule is not in any way affecting ISA > serve's ability to acquire or evaluate the certificate offered by the > Exch server. The certificate offered by the Exch server has no > relationship to the path data in the web publishing rule. There are > no errors related to the certificate offered by the web publishing > rule and the path specified in the rule or requested by the client. > There is nothing you can do to solve the non-existent errors that have no > relationship between these two things. > > Go back and re-read the relevant sections in the book, articles and > KBs related to certificates and ISA server. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Tom Rogers > Sent: Friday, May 26, 2006 7:53 PM > To: isalist@xxxxxxxxxxxxx > Subject: RE: [isalist] Re: RCP over HTTP Assistance needed > > Dynip.com will not allow me to obtain a Certificate from VeriSign or > any other public, trusted CA and apply it to our DDNS name > (company.dynip.com) > > If I have to get a certificate from VeriSign or any other public, > trusted CA, I will have to get a static IP. > > BTW, I'm just wondering why most of the help I get on this discussion > list is so convoluted? When I ask a question, I never get a direct > answer, it's always some obscure, sometimes pretentious, sarcastic statement. > > I really appreciate the free advice given here by you highly trained > experts on ISA, but for those of us who are rookies and are just > trying to get ISA working like it should, those of use who do not have > an IQ of 200, need something more. If someone asks, "How do you get > such and such a function to work right?", someone should be able to > say, "Do this, this, this, then that, then you should be fine." Or at > least give a direct link to a tutorial, whitepaper, tech note, > whatever. Instead of getting an answer like, "It's right there on the > website." > > This is what I need to know: > The certificate for my EXCHANGE box is installed on the ISA box - I > exported it from the EXCHANGE box and imported it into ISA. Is this not good > enough? > All I want to know at this point is - can I use a certificate created > by an internal network CA for RPC over HTTP from the outside world, or > not. Do I have to have a 3rd party (ie: VeriSign) certificate to get > RPC over HTTP working from the outside? If so, I will go get a static > IP, get a registered domain name for that IP, get the certificate, and be > done with it. > > But since OWA works fine with a certificate issued on my internal > network CA, why can't RPC over HTTP? I would like to know the WHY. > > Thanx, > > -TRogers > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison > Sent: Fri 5/26/2006 4:44 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: RCP over HTTP Assistance needed > > > > http://www.ISAserver.org <http://www.isaserver.org/> > <http://www.isaserver.org/> > ------------------------------------------------------- > > "Dynip.com will not allow certificates to be assigned to their > customer DNS records"?!? > > Can you clarify this? > Certificates are not assigned to DNS records at all. > Are you saying that they don't support redirection to HTTPS? > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Tom Rogers > Sent: Friday, May 26, 2006 1:11 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: RCP over HTTP Assistance needed > > http://www.ISAserver.org <http://www.isaserver.org/> > <http://www.isaserver.org/> > ------------------------------------------------------- > > OWA is working fine - no issues at all. > > The certificate for the EXCHANGE box is installed on the ISA box - I > exported it from EXCHANGE and imported it into ISA. Is this not good enough? > > And I was not recv'ing any error messages, not in the Event logs, not > on the screen, etc. The ONLY error I recv'd was "Your Exchange Server > is offline or not available." Not even any error messages in the > Outlook Client Connections box. If I had error messages coming at me, > I would be looking at the docs and KBs - no problem. > > I'm not totally pathetic. ISA is the ONLY software I have had any > trouble mastering. I have read TShinders books, MS TechNet, White > Papers, etc and ISA know-how still eludes me for some reason. > > So basically, in order to use RPC over HTTP from the outside I need to > obtain a 3rd party certificate from VeriSign or someone like that in > order for this to work? > > If that is the case, I will also have to get a static IP because > Dynip.com will not allow certificates to be assigned to their customer DNS > records. > > -TRogers > > >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison >> Sent: Friday, May 26, 2006 3:47 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: RCP over HTTP Assistance needed >> >> http://www.ISAserver.org <http://www.isaserver.org/> >> <http://www.isaserver.org/> >> ------------------------------------------------------- >> >> There are *lots* of documents describing how to configure OWA with >> ISA. >> You're hitting the most common failures; that of not matching the >> certificate name to the request. >> >> There are *lots* of documents & kbs that address the errors ISA is >> throwing at you - you're ignoring them by playing in the path when >> the errors are specifying "certififcate". >> >> All those errors are what ISA considers to be a bogus cert. >> ISA will not accept a certificate that: >> - is not from a CA that ISA can find in the local machine trusted >> roots store >> - does not match the hostname used in the "To" tab of the publishing >> rule >> >> ISA has no way to "ask the user" if he wants to allow a bogus >> certificate. >> >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] >> On Behalf Of Tom Rogers >> Sent: Friday, May 26, 2006 12:37 PM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: RCP over HTTP Assistance needed >> >> http://www.ISAserver.org <http://www.isaserver.org/> >> <http://www.isaserver.org/> >> ------------------------------------------------------- >> >> Ok, I was not able to create a 2nd listener as the IP port used was >> the same (443). So I added the /Rpc/* folder onto the original secure >> OWA ISA rule - again. >> >> Still cannot get it to connect from the outside world. Client setup >> is verified accurate. Once again, with ISA 2004, I am clueless. >> >> This is the hardest to use/configure piece of software I have ever >> used in my life. >> >> I don't get it, RPC over HTTP works fine from the inside, which means >> it's ISA 2004, but what, where, how, when, why? >> I've no idea. >> >> Maybe - because I am using an SSL Certificate that was issued by a CA >> *INSIDE* my internal network, not a public CA, could this be the >> issue? >> When I use OWA, I have to click YES on the security alert pop up >> message. This says: >> >> 1) The security certificate is from an untrusted certifying authority >> 2) The security certificate date is valid >> 3) The name on the security certificate is invalid or does not match >> the name of the site. >> >> On item #3, the Certificate has been issued to an internal server >> called EXCHANGE (name on the certificate) and in order to get to this >> box via the Internet/ISA 2004, the URL I use is company.dynip.com - >> which of course is not the same name as EXCHANGE. >> >> I'm lost... >> >> -TRogers >> >> >>> -----Original Message----- >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder >>> Sent: Friday, May 26, 2006 2:16 PM >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] Re: RCP over HTTP Assistance needed >>> >>> http://www.ISAserver.org <http://www.isaserver.org/> >>> <http://www.isaserver.org/> >>> ------------------------------------------------------- >>> >>> Yes. >>>> From my boat somewhere in Texas >>> >>> -----Original Message----- >>> From: "Tom Rogers"<trogers@xxxxxxxxxxxxxxxxxx> >>> Sent: 5/26/06 1:00:04 PM >>> To: "isalist@xxxxxxxxxxxxx"<isalist@xxxxxxxxxxxxx> >>> Subject: [isalist] Re: RCP over HTTP Assistance needed >>> >>> Tom, >>> >>> Should the Authentication on the new listener be BASIC? >>> >>> -TRogers >>> >>> >>> >>> ________________________________ >>> >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder >>> Sent: Friday, May 26, 2006 9:55 AM >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] Re: RCP over HTTP Assistance needed >>> >>> >>> You can't use FBA on the same listener that the >> RPC/HTTP WPR uses. >>> >>> Tom >>> >>> Thomas W Shinder, M.D. >>> Site: www.isaserver.org <http://www.isaserver.org/> >>> Blog: http://blogs.isaserver.org/shinder/ >>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> >>> MVP -- ISA Firewalls >>> >>> >>> >>> >>> ________________________________ >>> >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers >>> Sent: Friday, May 26, 2006 8:19 AM >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] Re: RCP over HTTP Assistance needed >>> >>> >>> Ok - duh had a brain cramp. >>> >>> Anyway - it works fine internally - so it has >> to be my ISA rule. >>> Now, how do I correct that? Is it possible for me to use >> the current >>> OWA access rule that I have in place and just add the >> /RPC/* folder to >>> the list or what? >>> Below is how my rule is setup for OWA and RPC over HTTP... >>> >>> General - Company OWA (Enable) >>> Action - Allow (Log Requests) >>> From - Anywhere >>> To - EXCHANGE (Forward the original host >>> header) (Requests appear to come from ISA) >>> Traffic - HTTPS (Require 128 bit encryption) >> (Filtering, configure >>> HTTP - all defaults) >>> Listener - Secure HTTPS Listener Exchange >> (Networks - external; HTTP >>> disabled; HTTPS 443; Certificate - Exchange; Authentication - OWA >>> Forms Based; Always Authenticate - No; Domain - >>> Company.net) >>> Public Name - company.dynip.com (Requests for >> the following >>> websites) >>> Paths - /exchange/* /exchweb/* /public/* /Rpc* >>> /RpcWithCert* >>> Bridging - Web Server, Redirect SSL to 443 (Only) >>> Users - All Users >>> Schedule - Always >>> Link Translation - Defaults >>> >>> Thanx, >>> >>> -TRogers >>> >>> >>> >>> >>> ________________________________ >>> >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat >>> Sent: Thursday, May 25, 2006 4:06 PM >>> To: ISA Mailing List >>> Subject: [isalist] Re: RCP over HTTP >> Assistance needed >>> >>> >>> >>> You change the connection type within >> the properties of the Outlook >>> profile. >>> >>> >>> >>> S >>> >>> >>> >>> ________________________________ >>> >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers >>> Sent: Thursday, May 25, 2006 4:59 PM >>> To: ISA Mailing List >>> Subject: RE: [isalist] Re: RCP over >> HTTP Assistance needed >>> >>> >>> >>> Not sure how to connect internally >> using HTTPS with Outlook 2003. >>> OWA works fine internally. I can browse to the RPC virtual >> server on >>> the intranet and I can connect fine (as per Microsoft's >> instructions) >>> >>> >>> >>> Security policies are fine. >>> >>> >>> >>> -TRogers >>> >>> >>> >>> ________________________________ >>> >>> From: isalist-bounce@xxxxxxxxxxxxx on >> behalf of Young, Gerald G >>> Sent: Thu 5/25/2006 3:40 PM >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] Re: RCP over HTTP >> Assistance needed >>> >>> http://www.ISAserver.org >>> <http://www.isaserver.org/> > <http://www.isaserver.org/> >>> <http://www.isaserver.org/> >>> >>> ------------------------------------------------------- >>> >>> Tom, >>> >>> Did you try connecting internally to >> your mailbox using RPC/HTTPS? >>> Does >>> that work? >>> >>> Also, check the Network security: LAN >> Manager authentication level >>> in >>> the security policy on both the server >> and the client(s). Are they >>> compatible? >>> >>> Cordially yours, >>> Jerry G. Young II >>> MCSE (4.0/W2K) >>> Atlanta EES Implementation Team Lead >>> ECNS Microsoft Engineering >>> Unisys >>> >>> 11493 Sunset Hills Rd. >>> Reston, VA 20190 >>> Office: 703-579-2727 >>> Cell: 703-625-1468 >>> >>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL >>> AND/OR OTHERWISE PROPRIETARY >>> MATERIAL and is thus for use only by >> the intended recipient. If you >>> received this in error, please contact >> the sender and delete the >>> e-mail >>> and its attachments from all computers. >>> >>> -----Original Message----- >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] >>> On Behalf Of Tom Rogers >>> Sent: Thursday, May 25, 2006 11:49 AM >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] RCP over HTTP Assistance >>> needed >>> >>> http://www.ISAserver.org >>> <http://www.isaserver.org/> > <http://www.isaserver.org/> >>> <http://www.isaserver.org/> >>> >>> ------------------------------------------------------- >>> >>> Ok, I have been trying to implement RPC >> over HTTP so that my road >>> warrior users can connect to the internet then >>> use Outlook 2003 without >>> VPN. Things have not gone as expected, >> I keep getting a "Microsoft >>> Exchange Server is unavailable" error message. >>> Looking at the Connection >>> Status when trying to connect Outlook >>> 2003 to the Exchange server, I get >>> the following... >>> >>> SERVER TYPE CON >>> STATUS >>> ------ ---- --- >>> ------ >>> >>> ---- Directory ---- >>> Connecting >>> server.internal.net Referral ---- >>> Connecting >>> >>> Then these disappear and I get the >> "Microsoft Exchange Server is >>> unavailable" error. >>> >>> >>> I walked through all of Microsoft's >> troubleshooting steps and using >>> RPCDUMP.EXE on the Exchange box, this >> is what I found... >>> >>> ncacn_http(Connection-oriented TCP/IP >> using Microsoft Internet >>> Information Server as HTTP proxy.) >>> >>> 192.168.1.5[6002] >>> [1544f5e0-613c-11d1-93df-00c04fd7bd09] MS Exchange >>> Directory RFR Interface :ACCESS_DENIED >>> 192.168.1.5[6002] >>> [f930c514-1215-11d3-99a5-00a0c9b61b04] MS Exchange >>> System Attendant Cluster Interface >>> :ACCESS_DENIED >>> 192.168.1.5[6002] >>> [83d72bf0-0d89-11ce-b13f-00aa003bac6c] MS Exchange >>> System Attendant Private Interface >>> :ACCESS_DENIED >>> 192.168.1.5[6002] >>> [469d6ec0-0d87-11ce-b13f-00aa003bac6c] MS Exchange >>> System Attendant Public Interface :ACCESS_DENIED >>> >>> 192.168.1.5[6004] >>> [f5cc5a18-4264-101a-8c59-08002b2f8426] MS Exchange >>> Directory NSPI Proxy :ACCESS_DENIED >>> 192.168.1.5[6001] >>> [a4f1db00-ca47-1067-b31f-00dd010662da] Exchange 2003 >>> Server STORE EMSMDB Interface :ACCESS_DENIED >>> 192.168.1.5[6001] >>> [99e64010-b032-11d0-97a4-00c04fd6551d] Exchange Server >>> STORE ADMIN Interface :ACCESS_DENIED >>> 192.168.1.5[6001] >>> [99e64010-b032-11d0-97a4-00c04fd6551d] Exchange Server >>> STORE ADMIN Interface :ACCESS_DENIED >>> 192.168.1.5[6001] >>> [89742ace-a9ed-11cf-9c0c-08002be7ae86] Exchange Server >>> STORE ADMIN Interface :ACCESS_DENIED >>> 192.168.1.5[6001] >>> [a4f1db00-ca47-1067-b31e-00dd010662da] Exchange Server >>> STORE ADMIN Interface :ACCESS_DENIED >>> >>> Ok so let me start at the beginning now... >>> >>> ENVIRONMENT >>> ----------- >>> (OUTSIDE WORLD) (PERIMETER) >>> (INTERNAL NETWORK - SEPARATE PHYSICAL SERVERS >>> EACH) >>> >>> Client PC ---> INTERNET ---> ISA 2004 SP2 Server >>> ---> Exchange Server >>> 2003 SP2 -----> W2K3 SP-1 Domain >>> Controller/Global Catalog Server 1 >>> XP SP-2 W2K3 SP-1 >>> W2K3 SP-1 >>> \ >>> >>> --> W2K3 SP-1 Domain Controller/Global >> Catalog Server 2 >>> >>> How I setup RPC over HTTP (Server Side)... >>> --------------------------------------- >>> 1) CONFIGURE A SERVER AS AN RPC PROXY SERVER >>> On my Exchange server (my ONLY >>> one) I installed the RPC over >>> HTTP component from the Add/Remove >> Programs - Windows Components >>> >>> 2) CONFIGURE THE RPC VIRTUAL DIRECTORY IN IIS >>> In Internet Information Services (IIS) >>> Manager, right-click the >>> RPC virtual directory, and then click >> Properties. >>> In the RPC Virtual Directory >> Properties page, on the >>> Directory >>> Security tab, in the Authentication and >> access control pane, click >>> Edit. >>> >>> In the Authentication Methods >> window, verify that the check >>> box >>> next to Enable anonymous access is cleared. >>> In the Authentication Methods >> window, under Authenticated >>> access, select the check box next to >> Basic authentication and click >>> OK >>> to warning >>> I did NOT choose Integrated >> Windows authentication (NTLM) >>> because of the following: >>> It is recommended that >> you use Basic authentication >>> over >>> NTLM because of two reasons. First, RPC >> over HTTP currently >>> supports >>> only NTLM - it >>> doesn't support Kerberos. >>> Second, if there is an HTTP >>> Proxy or a firewall between the RPC >> over HTTP client and the RPC >>> Proxy, >>> which inserts >>> via the pragma in the >> HTTP header, NTLM >>> authentication >>> will not work. >>> I saved my settings >>> I have a valid SSL certificate >> installed on the virtual >>> server >>> (for OWA in the first place) >>> >>> 3) CONFIGURE RPC VIRTUAL DIRECTORY TO USE SSL >>> Expand Web Sites, expand Default Web >>> Site, right-click RPC, and >>> then click Properties. >>> Click the Directory Security >> tab, and then click Edit under >>> Secure communications. >>> Click to select the Require >> secure channel (SSL) check box >>> and >>> the Require 128-bit encryption check box. >>> Click OK, click Apply, and then click OK >>> >>> 4) CONFIGURE THE RPC PROXY SERVER TO >> USE SPECIFIED PORTS FOR RPC >>> OVER >>> HTTP >>> On the RPC proxy server, (my >> only Exchange Server box) >>> start >>> Registry Editor (Regedit). >>> In the console tree, locate the >> following registry key: >>> >>> HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy >>> In the details pane, right-click the >>> ValidPorts subkey, and then >>> click Modify. >>> In Edit String, in the Value >> data box, type the following >>> information: >>> >>> >>> ExchangeServer:6001-6002;ExchangeServerFQDN:6001-6002;Exchange >>> Server:600 >>> 4;ExchangeServerFQDN:6004; >>> If the FQDN that is used >>> to access the server >>> from the Internet differs from the internal >>> FQDN, you must use the >>> internal FQDN. >>> (My external FQDN is >>> company.DYNIP.COM (We use >>> Dynip.com Dynamic DNS service) >>> >>> 5) I added this Multi-String Key to the GLOBAL >>> CATALOG/DC #1's registry >>> (NSPI interface protocol sequences - >>> ncacn_http:6004) >>> >>> 5) CONFIURE THE OUTLOOK 2003 CLIENT PROFILE >>> Done according to instructions in this >>> link - >>> //tinyurl.com/frarn >>> >>> 6) Finally I changed my current OWA SSL ISA 2004 >>> rule to include to >>> /RPC* folders (along with the /exchange/*; >>> /exchweb/*; /public/* >>> folders. >>> I did this because OWA and RPC over HTTP >>> are on the SAME server >>> using the same SSL certificate (I installed an >>> internal CA to issue the >>> certificate >>> for the OWA server. User have to click >>> YES to accept (Trust) the >>> certificate, but it works fine.) >>> >>> I am thinking it is either my ISA 2004 rule or >>> that I may need to move >>> my RPC over HTTP Proxy (IIS) to the ISA >>> 2004 box. No matter which one it >>> is, could someone explain in detail, the steps >>> to do either? I do not >>> have IIS installed on my ISA 2004 box. >>> Please let me know if there are >>> any "Gotcha's" also. >>> >>> Thanks for any help in solving this. >>> >>> -Tom Rogers > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx