Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Weird RPC behavior even after fixes
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Weird RPC behavior even after fixes - 4.Dec.2005 10:22:44 AM
|
|
|
wbplomp
Posts: 138
Joined: 18.Nov.2004
From: Netherlands, The
Status: offline
|
Hi,
I have a weard problem. Somewhere deeper in our network we have a subnet that is protected by ISA Server 2004 Standard Edition. The internal network hosts a single domain that has a one-way trust relationship with another forest on it's external network. ISA Server is a member of that single domain. Everything worked fine. The internal interface has an IP Address as shown below:
192.168.9.254 / 255.255.255.0
Later we added a second subnet, so ISA Server got a second IP Address on it's internal network within a different range but the same subnet mask as shown below:
192.168.9.254 / 255.255.255.0
10.101.0.254 / 255.255.255.0
On that new subnet 10.101.0.0./24 we host a child-domain from the forest on the external network. Now ISA Server crashes!!!! After looking in the event log we see hunderds of failed connection (RCP (all interfaces)) from ISA Server to the child-domain within seconds. But ISA Server is not a member of that domain. We think it is trying to authenticate.
ISA Server is installed with SP1 and the RPC hotfix. There is no authentication involved in Access Rules. ISA Server can only me member of one domain, so we created a trust relationship between the single domain and the child-domain that resides on the internal network. But the problem still occurs. Now I have disabled a System Policy rule that allow authentication to trusted servers within the domain. The problem stops. But there is no authentication possible anymore and other weard problems occur.
Does someone now how to resolve this or had a simulair problem?
Kind regards,
Boudewijn
< Message edited by wbplomp -- 4.Dec.2005 10:26:31 AM >
|
|
|
|
|
RE: Weird RPC behavior even after fixes - 5.Dec.2005 5:22:52 PM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Boudewijn,
Why is there a second IP address bound to the internal interface? Hosts on the remote network are off-subnet, so they need to access the ISA firewall through a LAN router behind the ISA firewall. Remove the additional IP address, enter a routing table entry on the ISA firewall with the gateway address of that network, and include the addresses in that network in the ISA firewall's default Internal Network ISA firewall Network defintion.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Weird RPC behavior even after fixes - 5.Dec.2005 5:55:53 PM
|
|
|
wbplomp
Posts: 138
Joined: 18.Nov.2004
From: Netherlands, The
Status: offline
|
Tom,
These two subnets reside on the same switch on the internal network of the ISA Server, it's no network behind network. We are migrating from one subnet to the other. All seems to work fine. I only have problem with replication between Domain Controllers. All Domain Controllers have Windows Server 2003 with SP1. When I disable the RPC filter, everything works fine. Windows 2000 Servers can replicate with the RPC filter enabled en disabled.
I thought ISA Server 2004 SP1 and KB8897716 would help, but unfortunally not.
Hope you have any suggestions....
|
|
|
|
|
RE: Weird RPC behavior even after fixes - 5.Dec.2005 10:02:36 PM
|
|
|
wbplomp
Posts: 138
Joined: 18.Nov.2004
From: Netherlands, The
Status: offline
|
I have been thinking and testing with the second IP Address, because you asked about it. If have changed the order of the IP Adresses, it seems that the problem has switched. I think the RPC filter has a problem with the Internal network with hosts that match the second IP Address. So... when a host on the External network connects to the Internal netwerk the RPC filter works correctly when communication travels to the Internal netwerk wich matches the first IP Address on the Internal network adapter. But when the external host connects to a host on a subnet that matches the second IP Adress it failes only for RPC traffic. Hmmmm.... weard, because it is possible for other traffic, even with most RPC traffic.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
