RE: Trusts between two domains
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 May 2005 13:36:37 -0500
Hi Rob,
After disabling the RPC filter you will need to restart the ISA
firewall. Don't know why, but a consistent finding after doing it about
two hundred times :)
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Thursday, May 05, 2005 1:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Trusts between two domains
http://www.ISAserver.org
Hi--
ISA 2004 SE, SP1.
I've tried both suggestions--disabling Strict RPC (at both ends) and
disabling the RPC filter altogether, at both ends. (Assuming I've done
that second one correctly--I opened the "RPC Server (all interfaces)"
protocol and, on the Parameters tab, unchecked "RPC filter." Is that
correct?) So far, no luck.
Rob
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, May 03, 2005 12:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Trusts between two domains
http://www.ISAserver.org
ISA 2004 SE or EE?
If SE, you should get Service Pack 1.
You may have to either:
1 - Disable "Strict RPC" in the ISA RPC Filter 2. Disable the RPC Filter
altogether
-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Monday, May 02, 2005 10:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Trusts between two domains
http://www.ISAserver.org
Hello all--
I recently set up a two way trust between my main domain and a colocated
domain. The trust is in place but it's not working fully correctly. When
I originally set up the trust, the two domains were on the same physical
network and I could choose users from one domain and give them rights on
resources on the other domain. Now, though, the domains are physically
separate. I have a VPN going between ISA2004 servers at both sites, and
(for now) I'm allowing all traffic to pass between the two sites. But I
can no longer choose users and groups from the other domain. I get a
message that the object can't be found. If I try to validate the trust,
I get a message that no logon server can be found in the remote domain.
I seem to recall that there may be some special rules I need to create
to pass Domain Controller traffic between my ISA servers. Is that right?
Any hints that might help me get this working?
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
American Friends Service Committee
1501 Cherry St.
Philadelphia, PA 19102
RMoore@xxxxxxxx
Phone: 215-241-7870
Fax: 215-241-7204
Love is the only rational act.
--Morrie Schwartz
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
