Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RPC Filter breaks Certificates MMC
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RPC Filter breaks Certificates MMC - 21.Apr.2004 1:21:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
TIP:
The RPC filter breaks the certificate request wizard in the Certificates MMC snap-in and also the Web Site Certificate Request Wizard.
FIX:
Disable the RPC filter and create and "all open" rule between the source and destination. Make sure to reenable the RPC filter and remove the all open rule when you're done!
HTH,
Tom
|
|
|
|
|
RE: RPC Filter breaks Certificates MMC - 26.Apr.2004 3:46:00 AM
|
|
|
senad
Posts: 31
Joined: 27.Nov.2001
From: Brighton, MA
Status: offline
|
Hi Tom,
Let me just thank you for a tip on Certificate Server and RPC filter. I was going in circles over this for good two days before reading your post. ![[Smile]](/image/smiles/smile.gif)
Btw, is there a pressing reason to re-enable RPC application filter if RPC is not published on external interface? Otherwise, servers are not going to get updated certificates after the original ones expire.
I was always under impression that app. filters are intended for publishing rules, though in 2004 that doesn't seems to be a case considering this one obviously affects RPC traffic between protected networks. This issue was not present in ISA 2000 with multiple internal NIC's, but than ISA 2000 didn't really have real separation between multiple internal networks. Would you consider this to be just a bug in beta release?
Interestingly enough, if you look at the monitoring console during certificate request, it shows successful opening (and closing) of RPC connection between servers, but request itself fails. Obviously, there are only certain RPC packets that get filtered out in a process.
Thank you,
Senad
[ April 26, 2004, 03:59 AM: Message edited by: senad ]
|
|
|
|
|
RE: RPC Filter breaks Certificates MMC - 26.Apr.2004 11:33:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Senad,
I really hope they fix this issue. What is even more interesting is that if you join the ISA firewall to a domain that has an enterprise CA, the enterprise CA certificate is automatically entered into the Trusted Root Certification Authorities store! So, its clear is a specific DCOM bug in the RPC filter.
I think its important to leave the RPC filter enabled; as you noted things have changed since ISA 2000, and the RPC filter does provide a good level of security. Let's just hope that the DCOM problem is fixed.
Thanks!
Tom
|
|
|
|
|
RE: RPC Filter breaks Certificates MMC - 26.Apr.2004 6:18:00 PM
|
|
|
penrose.l@2college.nl
Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline
|
Hi Tom ,
We noticed this bug in the DCOM process of NLB management and reported this 2 months ago to Microsoft. They have said to resolve this issue before the release of ISA2004
Kind regards,
Lex P.
|
|
|
|
|
RE: RPC Filter breaks Certificates MMC - 27.Apr.2004 10:18:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Lex,
It'll be interesting to see if that happens. The DCOM problem with the certificates snap-in is a persistent one, and has proven a bit problematic for those of us preferring the MMC and enterprise CAs.
Thanks!
Tom
|
|
|
|
|
RE: RPC Filter breaks Certificates MMC - 14.May2004 2:22:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Senad,
That's great!
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
