We have a simple network with ISA 2006 firewall connected to a switch and servers and clients also connecting to the same switch.
All clients are Web Proxy as well as firewall Clients. The clients' Outlook is configured to connect to an external Exchange server using RPC over HTTP technology.
Most of the time this works fine but intermittently the Outlook disconnects and gets stuck at "Trying to connect to Microsoft exchange".
As the time of disconnection if I turn on Real Time logging in ISA then it shows me that the return request from the exchange server is timing out. Again this does not always happen. Most of the times Outlook is connected.
How we solve this problem for the time being is also unsure and illogical. Sometimes closing Outlook completely and resigning into it works. At time restarting ISA server works.
When ever any disconnection happens it happens for most if not all the clients at the same time, therefore the possibility of a client side issue is bleak.
On our ISA server I have an Access Rule to allow HTTP and HTTPS outbound for All Users from Internal to External.
I managed to fix that. Apparently it was an issue with the network design. We still do suspect our Internet connection for dropping a packet once in a while, but the situation is much better now.
The issue re-occured and I have some netmon captures and logs from ISA monitoring. I tought it would be good if an expert can read them and suggest accordingly. I would appreciate if you can oblige. Below are the links to the log files.
Yes all the client machines are configured as web proxy and secure NAT clients. We initially implemented Firewall Client support as well but just as a test we took it off for sometime. These logs were taken with the clients as web proxy and secureNAT clients only.
Just to let you know..we have a second Internet connection from a different ISP. Last Thursday when the issue was occuring we switched over to this other connection but the issue continued. I have a port configured at my workstation with this second connection, just incase I need to test something by bypassing ISA. When I am connected to this port and to the connection directly, then my Outlook works fine, without a single disconnect.
When the same 2nd connection was terminated on ISA the issue still kept occurring. I thought this information would be helpful.
thanks! I'm investigating if there are any issues with RPC/HTTP when placed behind the Web proxy.
One thing you might do until we find the answer is to configure the destination site(s) for direct access, so that the RPC/HTTP connections to those sites bypass the Web proxy filter on the firewall.
Thanks for the tip. I have configured the site to bypass Web Proxy and as of now it seems to be working fine. I understand this is more of a workaround for the issue. I really appreciate you taking interest in this issue and helping me out.
Kindly let me know if you discover anything further on this.
I still see the request going through Web Proxy. Please take a look at the below links with screenshots and more logs. Kindly advise where I am going wrong. I also found a Microsoft KB article KB 838708 which tells me how to completely bypass WebProxy for HTTP protocol. Should I try doing this?
On accessing OWA I get the below
*****************************************
Error Code: 504 Proxy Timeout. The connection timed out. (10060) IP Address: 195.90.8.63 Date: 12/9/2008 10:36:37 AM [GMT] Server: SGGN10.kaeferindia.local Source: proxy
What I have done is I have just added the domain name that Outlook uses for the RPC over HTTP configuration to the Web Browsers tab. I did not do anything beyond that.
In order to use the domain list to bypass the Web proxy, the clients have to have access to the autoconfiguration script. How are the clients configured to be Web proxy clients?
Well the clients get the proxy server address from DHCP and the IE properties are populated using a group policy. I am not using an Auto Configuration script and to be honest don't know how to use 1 as well. Is there any other way around to provide direct access?
1 strange thing I have noticed is that the Outlook disconnection problem always starts around 12 noon local time and prevails all through the second half of the day.
Today as well right from the morning we have had no problem at all. But I expect the problems to start in an hour's time or so.
Given that it's a time related issue, it's hard to argue that the firewall is the problem, unless you have schedules applied to your rules. If there is a time based issue, it can be that there are some other network devices causing this issue.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> RPC over HTTP clients disconnect intermittently 
RPC over HTTP clients disconnect intermittently - 
RE: RPC over HTTP clients disconnect intermittently - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread