Few people did domain test through VMnet, so this bug is not widely known by VMare users. There is one post in Vmare discussion forum "http://www.vmware.com/community/thread.jspa?threadID=21969&tstart=0"; and also one more post in newsgroup of microsoft in "windows server Active directory" (search keyword "forest trust") section. Initially I had this bug in GSX3.2, and then I re-produce it in workstation 5.0. To ensure this is bug, I put two DC in one VMnet to test trust creatation, both Worktation 5.0 & Best version 5.5 could not pass the test. Those are the information source, you can be a one more source too:) Thanks, Roy Tsao > Hi Roy, > > That is very interesting! Where did you find the information regarding > the VMware bug? > > Thanks! > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > =20 > > > -----Original Message----- > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=20 > > Sent: Thursday, September 22, 2005 10:30 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: RPC Data Blocked in W03SP1 > >=20 > > http://www.ISAserver.org > >=20 > > Dear Jim, > >=20 > > The reported trouble was identified as the bug of VMware (both > > in Workstation 5.0 & GSX Server 3.2) though those two shall fully > > support Win03 SP1 as guest OS. > > So when build up domain or forest trust under Win03 SP1,=20 > > current VMware > > software is not workable (VPC is okay). > >=20 > > Dear Tom, > >=20 > > I suppose you are the fan of VMare, so you may find this bug in your > > VMLab too. > >=20 > > =20 > >=20 > > > Dear Jim, > > >=20 > > > There was no rule action in the logs for RPC protocol > > > when I tried to set up domain trust! > > >=20 > > > Besides, after update "Domain Local" from W03 into W03 SP1, > > > the used to work one way trust from "Domain Local" > > > to "Domain Remote" fails, whenever I try to setup=20 > > > domain trust, it indicates local security authority can't > > > have RPC communication with DC. > > >=20 > > > According to MS KB899148, there seems a hotfix to correct > > > Rpcrt4.dll into higher version, is my problom really > > > linked to the KB and that hotfix. > > >=20 > > > Thanks, > > >=20 > > > Roy Tsao > > >=20 > > >=20 > > >=20 > > >=20 > > > > You'll find rule action in the logs. > > > > Scan there for RPC protocol. > > > >=20 > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > =20 > > > >=20 > > > > -----Original Message----- > > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=20 > > > > Sent: Sunday, June 12, 2005 22:56 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: RPC Data Blocked in W03SP1 > > > >=20 > > > > http://www.ISAserver.org > > > >=20 > > > > I could not see a rule ban the connection. > > > >=20 > > > > To explain in more details,=20 > > > > ISA SP1 local <--> ISA SP1 remote (s2s VPN/ route=20 > > relationship) > > > > DC Loal Win03 DC Remote Win03SP1 > > > > Rule at both end: > > > > DC Local <->DC Remote All Allowed > > > >=20 > > > > Outbound Trust at DC Local -> DC Remote Okayed > > > > Inbound Trust at DC Remote <- DC Local Failed > > > >=20 > > > > =20 > > > > > Correction - this patch requires SP1. > > > > > SP1 should have corrected the problem you're seeing. > > > > > Are you absolutely, positively certain that it's not a=20 > > rule action? > > > > >=20 > > > > > ------------------------------------------------------- > > > > > Jim Harrison > > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > > http://isaserver.org/Jim_Harrison/ > > > > > http://isatools.org > > > > > Read the help / books / articles! > > > > > ------------------------------------------------------- > > > > > =20 > > > > >=20 > > > > > -----Original Message----- > > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]=20 > > > > > Sent: Sunday, June 12, 2005 19:37 > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RE: RPC Data Blocked in W03SP1 > > > > >=20 > > > > > http://www.ISAserver.org > > > > >=20 > > > > > Do you have ISA 2004 SP1 installed? > > > > > The RPC fix is part of that release. > > > > >=20 > > > > > ------------------------------------------------------- > > > > > Jim Harrison > > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > > http://isaserver.org/Jim_Harrison/ > > > > > http://isatools.org > > > > > Read the help / books / articles! > > > > > ------------------------------------------------------- > > > > > =20 > > > > > -----Original Message----- > > > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=20 > > > > > Sent: Sunday, June 12, 2005 19:33 > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RPC Data Blocked in W03SP1 > > > > >=20 > > > > > http://www.ISAserver.org > > > > >=20 > > > > > Hi, > > > > >=20 > > > > > MS KB897716 indicates RPC data being blocked due to=20 > > imcompatible RPC > > > > > filter between ISA2K4 and W03SP1. Does anybody have=20 > > problem to set > > > > > up domain trust (W03 vs. W03SP1) through ISA! > > > > > Actually I could setup outbound trust from W03 -> W03SP1, but=20 > > > > > when config W03SP1 -> W03 inbound trust, it failed! > > > > > Is that the same type of problem as outlook on W03SP1=20 > > and same patch > > > > > will resolve the problem? > > > > >=20 > > > > > Thanks > > > > >=20 > > > > > ------------------------------------------------------ > > > > > List Archives:=20 > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ:=20 > > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > > > > ------------------------------------------------------ > > > > > Other Internet Software Marketing Sites: > > > > > World of Windows Networking: http://www.windowsnetworking.com > > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > > Network Security Library: http://www.secinf.net/ > > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List as: > > > > > jim@xxxxxxxxxxxx > > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > >=20 > > > > > All mail to and from this domain is GFI-scanned. > > > > >=20 > > > > >=20 > > > > > ------------------------------------------------------ > > > > > List Archives:=20 > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ:=20 > > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > > > > ------------------------------------------------------ > > > > > Other Internet Software Marketing Sites: > > > > > World of Windows Networking: http://www.windowsnetworking.com > > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > > Network Security Library: http://www.secinf.net/ > > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List as: > > > > > jim@xxxxxxxxxxxx > > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > >=20 > > > > > All mail to and from this domain is GFI-scanned. > > > >=20 > > > > ------------------------------------------------------ > > > > List Archives: = > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > > > ISA Server Newsletter:=20 > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ:=20 > > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > > > ------------------------------------------------------ > > > > Other Internet Software Marketing Sites: > > > > World of Windows Networking: http://www.windowsnetworking.com > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > Network Security Library: http://www.secinf.net/ > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org=20 > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit=20 > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > >=20 > > > > All mail to and from this domain is GFI-scanned. > >=20 > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion=20 > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit=20 > > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > Report abuse to listadmin@xxxxxxxxxxxxx > >=20 > >=20