I'm seeing 200's in the W3SVC1 logs on the Exchange front end server. On the ISA server logs I see two "initated connection" HTTPS entries from ISA to FE. These are immediately followed by the "allowed connection" (RPC_OUT_DATA) and "failed connection" (RPC_IN_DATA) attempt log entries from my "RPC over HTTP" rule. Finally, two "Closed connection" entries for the HTTPS connections. Then the whole thing repeats as it tries to connect again. I'm thinking something is still screwed up with my ISA configuration; RPC over HTTP is working internally. Jeff -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, November 17, 2005 11:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org ..maybe - it depends on the error code. If you're seeing "200", then it's coming from the Exch server. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] Sent: Thursday, November 17, 2005 07:50 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org same rule; is the data in the error code information column on the ISA logs the value it is getting back from rpcproxy.dll? -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 6:15 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Unless you see different rules quoted for each, now you're troubleshooting Exchange... .. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 15:12 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Thanks Jim, I knew 200 was a good thing, so hoped I was making some progress. I'm running outlook with the rpcdiag switch on the client. Upon launching, Outlook prompts me for credentials and I and see status of "connecting" for the exchange proxy and the directory in the server connection status dialog. These disappear after a little while and I get the "your exchange server is unavailable" dialog. On the proxy server logs, I'm seeing "Failed Connection Attempt" on the RPC_IN_DATA queries and "Allowed Connection" on the RPC_OUT_DATA URL. Jeff -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 5:39 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Er.. Result codes of "200" are success codes. What exactly is the client experience? Whjat do you find in the ISA logs for those recent tests? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 14:32 To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Tom, I had it set for all users. I tried switching it to only authenticated & forward basic authentication and did get 200 result codes in the front end server WWW logs, but it is still failing. Thanks, Jeff ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, November 16, 2005 4:50 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RPC over HTTP authentication woes http://www.ISAserver.org Hi Jeff, Are you forcing authentication at the ISA firewall, or does the Web Publishing Rule allow access to "all users"? Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] Sent: Wednesday, November 16, 2005 3:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RPC over HTTP authentication woes http://www.ISAserver.org I have ISA 2004 sitting on the outside, with rules to allow RPC over HTTP access to the Exchange FE server. I think this is all configured OK. RPC over HTTP is working OK internally. I also have OWA working using a different listener (FBA). Whenever I try to make an external RPC connection it is failing. I'm seeing my username shown in the ISA logs, but in the WWW logs for the exchange proxy server I am seeing entries with status 401.2 and win32 error 2148074254, so I think something is wrong with the user authentication. from the logs (with time/date and ip info removed): RPC_IN_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 RPC_OUT_DATA /rpc/rpcproxy.dll frontend.andassoc.com:6002 443 - xxx.xxx.xxx.xxx MSRPC 401 2 2148074254 I have the RPC listener set to use basic authentication as well as the exchange IIS rpc virtual directory. The RPC listener also has a certificate bearing the FQDN of the exchange front end server. Any help appreciated. This might not be an ISA issue since I seem to be reaching the internal Exchange proxy. Jeff ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx