Are you saying that enforcing strict RPC compliance breaks auto-enrollment
to the ISA box?
t
----- "God is a comedian playing to an audience too afraid to laugh."
http://www.ISAserver.org
Hi Amy,
Try running the Certificates MMC snap in to request a machine certificate from an Enterprise CA on an ISA firewall Protected Network. That was must first clue that there would be future issues. Also, breaks machine autoenrollment. Not an issue with SBS, but it is in a typical Centro-oid deployment.
Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, December 09, 2005 11:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Scripting guys help Interface based rules?
http://www.ISAserver.org
The only issues I hit with the RPC filter in SBS is with 3rd party apps.
Amy
Harbor Computer Services Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/
-----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, December 09, 2005 12:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Scripting guys help Interface based rules?
http://www.ISAserver.org
This question is only asked because of ignorance of how RPC and DCOM operate.
Remember; the ISA RPC filter was written primarily to support Exchange. The fact that Exch uses a subset of the RPC potential functionality is a large part of the reason for "generic" RPC failure across ISA DCOM, OTOH, (used by WMI) is a superset of RPC functionality, making the whole problem even bigger.
Also consider that except for SBS, ISA is installed in "network brick" mode. Even in SBS, the "strict RPC" switch is on because the SBS team didn't hit any issues in their testing until after they shipped SP1.
------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------------------
-----Original Message----- From: sbradcpa@xxxxxxxxxxx [mailto:sbradcpa@xxxxxxxxxxx] Sent: Friday, December 09, 2005 07:10 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Scripting guys help Interface based rules?
http://www.ISAserver.org
But isn't there a way to be more granular?
If someone can point me to chapter I forgot in the Bible of ISA [Shinder] or a MSDN page .... because I'd love to be a bit less 'oh just wack the box off'
> That RPC thang has been ongoing since the release of ISA......=20 > > -----Original Message----- > From: sbradcpa@xxxxxxxxxxx [mailto:sbradcpa@xxxxxxxxxxx]=20 > Sent: Friday, December 09, 2005 3:32 AM > To: ISA Mailing List > Subject: [isalist] RE: Scripting guys help Interface based rules? > > > http://www.ISAserver.org > > Well some of us SBS folks can at least read such trivial things as > subscribe and unsubscribe instructions off of listserves [even though > we may not follow them and unsubscribe and end up lurking] > > Right now I'll just be glad when we're not knee jerk wacking off the > RPC filtering. > > <http://spaces.msn.com/members/dmoisan/Blog/cns!1prHWLujp5fNIAaScwFLsA > 4g > !121.entry> > > http://makeashorterlink.com/?Z38D1384C > > I'll let you know about what we think about DiffServ in SP2 once we > see SP2. > > Don't worry we have enough to complain about in SBS 2003 R2 ;-) > > > Oh yeh - the SBS folks would turn this on and never give us a > > moment's > > > peace... > > I can't wait until they start complaining about DiffServ in SP2... > > "I turned it on and nothing happened"... > >=20 > > -------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > -------------------------------------------- > >=20 > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Thursday, December 08, 2005 9:50 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Scripting guys help Interface based rules? > >=20 > > http://www.ISAserver.org > >=20 > > Would be an interesting thing to include in a future rev of the > product. > > Maybe with the release after the next release. :) =20 Thomas W > >Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > >=20 > > =20 > >=20 > >=20 > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > isalist@xxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
