Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: RPC over HTTP status code 64
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: RPC over HTTP status code 64 - 2.Sep.2006 3:33:47 AM
|
|
|
aaronparker
Posts: 22
Joined: 31.Jan.2005
From: Australia
Status: offline
|
Yes, I am using SSL to SSL bridging, but what I was getting at in my post is in my troubleshooting, I've found that all other servers on the network can connect to the RPC proxy OK, only the ISA Server reports error 64 when using HTTP and is unable to contact the web site when using HTTPS.
I'm having the same issue as listed here: http://forums.isaserver.org/RPC_over_HTTPS_status_code_64/m_2002023851/tm.htm
_____________________________
http://stealthpuppy.com
|
|
|
|
|
RE: RPC over HTTP status code 64 - 2.Sep.2006 4:54:22 PM
|
|
|
aaronparker
Posts: 22
Joined: 31.Jan.2005
From: Australia
Status: offline
|
hmm, I'm fairly sure name resolution is working correctly as I can ping and browse to the correct server. I found my issue with browsing to https://rpc.company.com/rpc/rpcproxy.dll from the ISA Server. I had to explicitly allow Local Host to use HTTPS to the Internal network (the system rule only allows HTTP). So now I have confirmed that I can talk to the RPC proxy from the ISA Server on HTTPS successfully. I think my next step is to log a call with Microsoft. Hopefully they can find out what is wrong.
_____________________________
http://stealthpuppy.com
|
|
|
|
|
RE: RPC over HTTP status code 64 - 2.Sep.2006 5:00:17 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Aaron,
NO NO NO NO NO NO NO. NO NO NO. NO NO NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!!
You do NOT need to create any separate rules. The only rule required is the Web Publishing Rule. Once you get everything working right, the Web Publishing Rule is the only requirement. Don't start compromising your security by addition spurious rules that attackers can leverage against you.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC over HTTP status code 64 - 3.Sep.2006 10:44:52 AM
|
|
|
aaronparker
Posts: 22
Joined: 31.Jan.2005
From: Australia
Status: offline
|
I know I don't need any other rules, allowing HTTPS from the localhost was for troubleshooting only.
_____________________________
http://stealthpuppy.com
|
|
|
|
|
RE: RPC over HTTP status code 64 - 6.Oct.2006 8:34:54 AM
|
|
|
c_beims
Posts: 2
Joined: 6.Oct.2006
Status: offline
|
Hi Aaron,
have you found any solution so far? I'm asking since I'm having exactly the same issue.
Regards,
Carsten
|
|
|
|
|
RE: RPC over HTTP status code 64 - 12.Oct.2006 9:25:30 PM
|
|
|
aaronparker
Posts: 22
Joined: 31.Jan.2005
From: Australia
Status: offline
|
I've been able to fix this issue by removing and reinstalling the RPC Proxy service on the Exchange Server. I now have access for users working with both Basic and NTLM authentication (for pass-through).
_____________________________
http://stealthpuppy.com
|
|
|
|
|
RE: RPC over HTTP status code 64 - 6.Aug.2007 5:52:03 AM
|
|
|
shijaz
Posts: 8
Joined: 10.Aug.2005
From: Qatar
Status: offline
|
Hi Tom,
I've been facing a similar problem with ISA 2006 NLB (workgroup), Exchange 2003. OWA with FBA works perfectly, but I find that RPC over HTTPS is intermittent. While users are on RPC/HTTPS I find that there are some log entries that say:
Allowed Connection/
Protocol: https/
HTTP status Code 403/
Web Proxy Filter/
URL: http://mail.domain.com/rpc/rpcproxy.dll?ExchangeBE_NETBIOSname:6001,
which are always followed by a
Failed Connection Attempt/
Protocol: https/
HTTP Status Code 64/
Web Proxy Filter/
URL: http://mail.domain.com/rpc/rpcproxy.dll?ExchangeBE_NETBIOSname:6001.
Sometimes the URL is http://mail.domain.com/rpc/rpcproxy.dll?ExchangeBE_NETBIOSname:593
There are no 'denied' messages and all the other messages are either
Initiated or Closed connections/
protocol HTTPS/
Firewall.
This difference between my scenario and Aaron's is that:
From my ISA server computer, I can browse to https://mail.domain.com/rpc/rpcproxy.dll (where servername is what's mentioned on the TO tab and resolve to IP of Exchange FE by HOSTS file) and I can see a blank page with SSL enabled. So everything's good on the FE!
However, when I try this from outside the network, I am prompted for credentials (via FBA) and then I get an Error Code 64 - Host not available in the browser. It's definitely gotta be ISA... Help! 
Additional Info: There's a checkpoint behind ISA, in front of the Exchange FE. Ports 443, 389 and 636 are open there (for the LDAPS to DCs, 443 to FE only). The ISA can resolve FQDN of the Exchange FE, and Public domain name resolves to Exchange FE, both by hosts file. ISA cannot resolve name of Exchange BE, nor does checkpoint allow any access from ISA to the Exchange backends.
< Message edited by shijaz -- 6.Aug.2007 5:58:55 AM >
|
|
|
|
|
RE: RPC over HTTP status code 64 - 6.Aug.2007 11:11:54 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Why is there a Check Point between the ISA Firewall and the Exchange FE? That could be a problem, and it's definitely not required.
Also, you won't be able to troubleshoot the problem using the ISA Firewall's log files -- those 64 errors are normal.
Also, queries to port 593 indicates the Registry on the RPC proxy hasn't been configured correctly to support RPC/HTTP.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: RPC over HTTP status code 64 - 7.Aug.2007 3:01:10 AM
|
|
|
shijaz
Posts: 8
Joined: 10.Aug.2005
From: Qatar
Status: offline
|
I went ahead and did the reg changes I mentioned on the FE and the following registry change in GC:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
Now I get 403 (allowed connection attempt) and 64 (failed connection attempt) for these URLs (with ports 6001 and 593). Ocassionally there's a 10054 (Failed connection attempt) instead of the 64. The 64 error sometimes happens for OWA URL requests as well.
for all other log entries, its initiated and closed HTTPS. Users can still use RPC over HTTPS without problems.
The reason why im worried about these status codes is because users complain sometimes (once in 2 days or so) that they cant access RPC over HTTPS and OWA at all and then I need to restart the servers to get things back to normal. I suspect it could be something to do with these failed connection attempts.
Shijaz
< Message edited by shijaz -- 7.Aug.2007 3:03:07 AM >
|
|
|
|
|
RE: RPC over HTTP status code 64 - 27.Aug.2007 9:12:05 AM
|
|
|
marioc
Posts: 2
Joined: 27.Aug.2007
Status: offline
|
regarding those strange http 64 and 10054 errors....
check that out:
http://blogs.technet.com/isablog/archive/2007/06/25/rpc-over-http-logging-wildness.aspx
"
As you have seen in this blog entry, the error codes 64 and 10054 are normal for RPC over HTTP traffic when ISA Server is publishing Outlook Anywhere, and do not indicate an actual error condition. In addition, the 400 Bad Request log entries on the IIS server hosting the RPC proxy instance are also expected. When you troubleshoot RPC over HTTP issues, this knowledge can help you focus on other errors that might occur, which are the real problems."
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
