""Added the rule at the bottom of the post and all is fine. This is what finally came out of three DAYS! on the phone with Microsoft support:
Name: Internal to localhost Action: Allow Protocols: All Outbound Traffic From: Internal, Local Host VPN Clients To: Internal, Local Host, VPN Clients Condition: All Users
Everyone says I should not have to have this rule. Even the support engineers disagree amongst themselves. However, now the ISA box logs into the domain.""
Yes that is the question. I do not like the rule that was given in that post. What rule should I set up so that ISA server can connect with the domain controlers at login so I do not get errors (Netlogon) Event ID: 5783 Source: NETLOGON Description: The session setup to the Windows NT or Windows 2000 domain controller DCName.domain_name.com for the domain Domain is not responsive. The current RPC call from Netlogon on Workstation to DCName has been canceled. when login in to ISA with a domain account. ( I turned off Computer Browser service since ISA was trying to be a Master Browser) The ISA 2006 is a member server. Would also like to browse shares from the ISA to some servers on the network to get files... I was able to create a map drive and it lets me do that but not browse the network for shares.
I am thinking something as simple as RPC and Kerberos rule to the domain controlers......
< Message edited by DanFletcher -- 10.Oct.2006 1:46:39 PM >
Outside Users can authenticate fine. (VPN, OWA, Active Sync). I Turned off Computer Browser service to stop ISA from trying to be a master browser. Since the ISA does not need to be a browser anyway. That solved that issue. This issue is seperate: When I log into the ISA server I get the following error. Event ID: 5783 Source: NETLOGON Description: The session setup to the Windows NT or Windows 2000 domain controller DCName.domain_name.com for the domain Domain is not responsive. The current RPC call from Netlogon on Workstation to DCName has been canceled.
So I was thinking that there should be a rule from the local host to the domain controlers. That way when I log in I do not get the error. Simalar to what I set up for my WSUS server.
So if I create a rule from Local host to the domain controlers of Allow all Traffic it works. But I would rather just allow what is needed. I have tried RPC and Kerebose traffic but I must be missing something. We are still on a 2000 domain.