Ok I have been in contact with some people that say Installs over RDP will not leave 3389 open for you even though the Wizzard says so. So I did the install over RDP through my external interface. During the install I get an extra screen and the way I understand it, it will allow in the future connection from External Host RDP client connected through the ISA external interface to the internal IP address . So the install goes fine it asks me to reboot and I do. Server comes back up and I can RDP back into it, which means that yes ISA will leave it open but the wierd thing is I cant find and rule or configuration on how ISA does it. Every thing looks like a fresh normal install.
-Tom , if you havent done this type of install yet and would like to see that sceen I am taking about just email me at Lambera22@hotmail.com
Install 1: RDP from Laptop (192.168.0.4) to 192.168.0.3 Install sucess ISA makes me reboot RDP still works , like the access policy said so No acess rule are created to allow it*
Install 2: -Connection made from another city -SOHO forwards 3389 to 192.168.0.3 -Install cuts off connection during install the install finished by its self -After a reboot RDP is closed off (TOM on that screen I sent you, for this install it choose 192.168.1.100, why or how I have no clue)
Installation Type one was done serveral more times with the same results. Also changing the IP of the laptop.
Then Install 2 was done again but this time adding the External IP of the External Adapter to the Internal Address (testing purposes). ISA converted that IP (192.168.0.3) to Class D multicast of 240. The install complete and the connection for RDP was never cut even after reboot.
So from my testing it created some tpye of relation with the 255.255.255.0 subnet
I've found an interesting phenomenum with that System Policy. If you install the machine from a terminal services session, then the only IP address that can RDP in via the System Policy rule is the one that actually install the ISA firewall software.
I did an ISA2004 beta2 install via terminal services and initially was able to connect to the server after the ISA server had restarted (and even created an "all open access rule").However, all my subsequent connection attempt via TS now fails.I get the logon error message below:
The system cannot log you on due to the following: The RPC server is unavailable. Please try again or consult your system administrator.
Any ideas anyone? I've noticed the system rules allows connection to the ISA server via RDP so I can't figure out why i can't connect to it anymore from my internal network.
This sort of sounds like what I had to go through. Nothing worked for me except a complete reinstall, I hate to say. Even Big T couldn't get me past this one, and he knows all about this stuff. I initially didn't do the install over RDP, like you did, but the symptoms you are going through now sound just like mine. I could not RDP to the ISA box from the Internal net. Sorry, I wish I had more than the "please reinstall" message...
You will get that same error message when connecting thru RDP when you disable the "netbios helper" service. Make sure that this service is automatic startup and running otherwise you cannot connect to the terminal server services. ( yes netbios is still very active in Windows 2003 )
I have never had these symptoms with RDP. I have always been able to connect to the ISA server and I really made quite a few installs , both over RDP and directly console.