RE: RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1

• From: "Ted Doholis" <tdoholis@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 23 Apr 2005 14:11:51 -0400

The issue sounds like it happens because you are connecting internally
and over VPN to a back end server and then when coming over the net you
are trying to connect to a different (front end) server.

Also the certificate would be different for the front end and back end
server...so if this works inside and not outside then you may have a
problem with a certificate mis-match. 

I would try using the same server whether inside and outside. 

Ted Doholis
SaltSpring Software Inc.

-----Original Message-----
From: Chris [mailto:chris@xxxxxxxxxxxxxxxxxxxxx] 
Sent: Saturday, April 23, 2005 2:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RPC over HTTP using ISA Server 2004 SP1 and Exchange
2003 SP1

http://www.ISAserver.org

Hi All,

I am having issues with RPC over HTTP working properly through my ISA
2004
server.  I have my ISA 2004 server configured as an edge firewall with
two
NIC's, one Public WAN NIC, and one private LAN NIC.  NAT is enabled on
the
box to provide internet access to LAN clients.  I have a box setup that
is
acting as a DC/GC, Exchange 2003 SP1 mailbox server, RPC Proxy Server,
and
RPC over HTTP Backend Exchange server. HTTP over RPC works fine via VPN
and internally, so I think my backend box is provisioning RPC over HTTP
properly.   When I attempt to connect over the internet using RPC over
HTTP via my ISA 2004 box, it takes about 90 seconds to be presented with
an authentication box, then the connection simply fails.  OWA (using
SSL)
works fine going through the ISA 2004 box.  I can also hit the /rpc
virtual directory using SSL going through my ISA box too.  Upon
reviewing
the ISA logs I am receiving "Failed Connection Attempt" and "0xa03"
error
information codes.  Here are some entries from my ISA log file showing
the
activity over ports 593, 6002, and 6004.

4/23/2005 12:03 68.53.163.32    192.168.10.1    443     https   Failed
Connection
Attempt RPC over
HTTP    Domain\Username External                RPC_IN_DATA
http://server.domain.com:443/rpc/rpcproxy.dll?server.domain.com:593
0xa03   0.0.0.0 ISA     server.domain.com       TCP     -       -
Yes     Reverse
Proxy                   -       -       0       64      MSRPC
Internet        -       -               350     0       413
0x8     Web Proxy Filter

4/23/2005 12:01 68.53.163.32    192.168.10.1    443     https   Failed
Connection
Attempt RPC over
HTTP    Domain\Username External                RPC_IN_DATA
http://server.domain.com:443/rpc/rpcproxy.dll?server.domain.com:6002
0x203   0.0.0.0 ISA     server.domain.com       TCP     -       -
Yes     Reverse
Proxy                   -       -       0       64      MSRPC
Internet        -       -               1422    0       414
0x8     Web Proxy Filter

4/23/2005 12:03 68.53.163.32    192.168.10.1    443     https   Failed
Connection
Attempt RPC over
HTTP    Domain\Username External                RPC_IN_DATA
http://server.domain.com:443/rpc/rpcproxy.dll?server.domain.com:6004
0xa03   0.0.0.0 ISA     server.domain.com       TCP     -       -
Yes     Reverse
Proxy                   -       -       0       64      MSRPC
Internet        -       -               341     0       414
0x8     Web Proxy Filter



Traffic is getting to the Exchange/RPC Proxy server as indicated by it's
log files:

2005-04-23 02:51:53 192.168.10.1 RPC_IN_DATA /rpc/rpcproxy.dll
server.domain.com:6002 443 domain\username 68.53.163.32 MSRPC 200 0 0

2005-04-23 02:51:53 192.168.10.1 RPC_OUT_DATA /rpc/rpcproxy.dll
server.domain.com:6002 443 domain\username 68.53.163.32 MSRPC 200 0 0

Again, both OWA and RPC over HTTP work just fine when connecting via a
VPN
connection.  OWA works fine when connecting over the internet with or
without a VPN connection.  Everthing works great with the exception of
RPC
over HTTP when coming in over the internet witout using a VPN
connection. 
I am bridging SSL, not terminiating and redirecting to port 80.  I can
use
the same laptop computer and connect to RPC over HTTP internally and via
VPN, but using this same laptop the connection fails when coming in over
the internet when a VPN connection is not used..???

Thanks in advance for the help, I have log files and a diagram of my
network that i can send you.  This is a test lab where I am kicking the
tires around on ISA 2004.

Chris.



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tdoholis@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1
• » RE: RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1
• » RE: RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1
• » RE: RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1
• » RE: RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1
• » RE: RPC over HTTP using ISA Server 2004 SP1 and Exchange 2003 SP1

1. Home
2. isalist
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---