I've installed ISA 2006 and I'm getting the dreaded Netlogon 5783 on the server. I've noticed in the firewall log that RPC traffic is being denied to my DC's within the first minute or two when the ISA server loads up, under status 0xc0040017 is listed with - shown in the rule column. The traffic is then allowed through by the system policy rule Allow RPC from ISA Server to trusted servers.
Thanks for the reply. There are no external DNS servers configured on the server. The LAN interface has two internal DNS servers configured which use forwarders. The WAN interface does not have any DNS servers configured.
Yes, the server was a member of the domain before I installed ISA on it. The Netlogon errors didnt happen till 15:50 on the 21st, I installed ISA on the 20th at 10:54 (going from created date on the Microsoft ISA Server folder in Program Files) and between that time there were several restarts. I don't know if that helps at all...
Thanks for replying again. Sadly there are no errors in any of the domain controllers logs.
I uninstalled ISA off the server today and reinstalled it and recreated all my rules. After every change I did a reboot to see if I could figure out what was causing the problem. It seemed to be fine but I left the server for a hour or so after creating all the rules and rebooted it, the netlogon 5783 reappeared.
I may have found a fix/fudge for the problem... I created a new protocol:
Name: AD Logon/Dir Rep Port Range: 1025 - 1026 Protocol Type: TCP Direction: Outbound
Then created an access rule to allow AD Logon/Dir Rep from Local Host to Internal. I've rebooted a few times this morning with the rule enabled and disabled. When the rule is disabled I get the netlogon error and when its enabled I dont. I'll keep testing it, but its looking hopeful.
I believe you are talking about system policy 22 - Allow RPC from ISA Server to trusted servers. I do have this enabled but it doesnt seem to take affect for the first 2 minutes or so and by that time the netlogon error has already been logged.
I'm getting two other errors MrxSmb 8003 and W32Time 29. These do not appear until the server has been up and running for sometime. As I understand I can get round MrxSmb 8003 by disabling the computer browser service and I havent really looked into the W32Time issue yet...
One thing I have noticed is that it takes a fairly long time when I logon when it produces the 5783. It gets stuck on Applying Computer Settings.
I'd double check the DNS settings on the ISA Firewall's NICs and make sure that only the internal DNS server is listed, and only the interface closest to that DNS server has the DNS server listed and that it's on the top of the interface list.
Just to say I have double checked all the interface settings and their order and they are set how your book says. The only way I seem to be able to get round the problem is by starting the ISA services up after Windows 2003 has loaded or use the protocol and rule I mention earlier, I'm not sure what the better option is though... Do you have any recommendations?
Check your DNS server and make sure that it's registered the IP address on the internal interface for the name of the ISA Firewall. Sometimes the external IP address get registered or even a VPN address.
i have installed ISA Server 2006 on a Win Server 2003 machine. I have the same event-id in the systemlog. On this machine i have installed the Symantec Antivirus-Client (SAV 10.x) too. i notice: when i deinstall this program then the event 5783 disappears.
I'm having the same problem as Polar.
W2k3 R2 domain member before installing ISA. Network cards correctly ordered (and protocols) as per Tom instructions. Everything works untill Firewall Service is started. After this ISA can't negotiate with AD (sepparate w2k3 +sp1 machine).
I noticed this when I tried to add a windows namespace group for vpn users without success.
When configuring allowed groups for vpn, I can browse internal domain->OU->vpn users group, but when confirming, ISA take more than a minute to validate and the gorup name is not shown! only appears it's SID!!
System policy rules are enabled for AD internal network, but firewall service is still blocking netbios AD related operations.
Can someone point us any directions?
Thanks for any help
edit: just for testing purposes, with the exactly same rules, I tried to authenticate those vpn users against a RADIUS server (the same that has AD) and worked perfectly.
< Message edited by saturno -- 15.Mar.2007 7:30:29 PM >