The issue sounds like it happens because you are connecting internally and over VPN to a back end server and then when coming over the net you are trying to connect to a different (front end) server. Also the certificate would be different for the front end and back end server...so if this works inside and not outside then you may have a problem with a certificate mis-match. I would try using the same server whether inside and outside. Ted Doholis SaltSpring Software Inc. -----Original Message----- From: Chris [mailto:chris@xxxxxxxxxxxxxxxxxxxxx] Sent: Saturday, April 23, 2005 2:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1 http://www.ISAserver.org Hi All, I am having issues with RPC over HTTP working properly through my ISA 2004 server. I have my ISA 2004 server configured as an edge firewall with two NIC's, one Public WAN NIC, and one private LAN NIC. NAT is enabled on the box to provide internet access to LAN clients. I have a box setup that is acting as a DC/GC, Exchange 2003 SP1 mailbox server, RPC Proxy Server, and RPC over HTTP Backend Exchange server. HTTP over RPC works fine via VPN and internally, so I think my backend box is provisioning RPC over HTTP properly. When I attempt to connect over the internet using RPC over HTTP via my ISA 2004 box, it takes about 90 seconds to be presented with an authentication box, then the connection simply fails. OWA (using SSL) works fine going through the ISA 2004 box. I can also hit the /rpc virtual directory using SSL going through my ISA box too. Upon reviewing the ISA logs I am receiving "Failed Connection Attempt" and "0xa03" error information codes. Here are some entries from my ISA log file showing the activity over ports 593, 6002, and 6004. 4/23/2005 12:03 68.53.163.32 192.168.10.1 443 https Failed Connection Attempt RPC over HTTP Domain\Username External RPC_IN_DATA http://server.domain.com:443/rpc/rpcproxy.dll?server.domain.com:593 0xa03 0.0.0.0 ISA server.domain.com TCP - - Yes Reverse Proxy - - 0 64 MSRPC Internet - - 350 0 413 0x8 Web Proxy Filter 4/23/2005 12:01 68.53.163.32 192.168.10.1 443 https Failed Connection Attempt RPC over HTTP Domain\Username External RPC_IN_DATA http://server.domain.com:443/rpc/rpcproxy.dll?server.domain.com:6002 0x203 0.0.0.0 ISA server.domain.com TCP - - Yes Reverse Proxy - - 0 64 MSRPC Internet - - 1422 0 414 0x8 Web Proxy Filter 4/23/2005 12:03 68.53.163.32 192.168.10.1 443 https Failed Connection Attempt RPC over HTTP Domain\Username External RPC_IN_DATA http://server.domain.com:443/rpc/rpcproxy.dll?server.domain.com:6004 0xa03 0.0.0.0 ISA server.domain.com TCP - - Yes Reverse Proxy - - 0 64 MSRPC Internet - - 341 0 414 0x8 Web Proxy Filter Traffic is getting to the Exchange/RPC Proxy server as indicated by it's log files: 2005-04-23 02:51:53 192.168.10.1 RPC_IN_DATA /rpc/rpcproxy.dll server.domain.com:6002 443 domain\username 68.53.163.32 MSRPC 200 0 0 2005-04-23 02:51:53 192.168.10.1 RPC_OUT_DATA /rpc/rpcproxy.dll server.domain.com:6002 443 domain\username 68.53.163.32 MSRPC 200 0 0 Again, both OWA and RPC over HTTP work just fine when connecting via a VPN connection. OWA works fine when connecting over the internet with or without a VPN connection. Everthing works great with the exception of RPC over HTTP when coming in over the internet witout using a VPN connection. I am bridging SSL, not terminiating and redirecting to port 80. I can use the same laptop computer and connect to RPC over HTTP internally and via VPN, but using this same laptop the connection fails when coming in over the internet when a VPN connection is not used..??? Thanks in advance for the help, I have log files and a diagram of my network that i can send you. This is a test lab where I am kicking the tires around on ISA 2004. Chris. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tdoholis@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx