• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RPC failure because of SP2

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> RPC failure because of SP2 Page: [1]
Login
Message << Older Topic   Newer Topic >>
RPC failure because of SP2 - 16.May2007 3:57:42 AM   
KrisVG

 

Posts: 4
Joined: 8.Apr.2007
Status: offline
I have an ISA server with 3 interfaces: Internal, External and UsersNetwork. DCs are on the internal network, clients are on the UsersNetwork. All functions OK until I install SP 2 on the Server 2003 R2 ISA SE Server.
A Microsoft article talks about 3 problems:
1. Performance issues under certain circumstances (not my case)
2. Some problems with ADAM when using ISA Enterprise Edition (not my case)
3. Potential problems with RSS in NAT relationships (not my case)

I already tried unchecking the "Strict RPC" checkbox and even tried to disable RSS (even though I'm experiencing my problems in a route relationship and even between the ISA server and the DCs)

Once SP2 is installed machines on the UsersNetwork AND the ISA server itself can no longer correctly log on to the domain (event 1053 "Windows cannot determine the user or computer name"). This results in extremely slow logons. Oddly: once logged on all seems to work OK (i.e. file and printer access, group policies remain unapplied so the situation is unacceptable).

Logging on the ISA server tells me that the ISA server (and clients on the UsersNetwork) try to open an RPC connection to one of the domain controllers and that this fails because the reply from the server is treated as "unidentied traffic" and is blocked by the ISA server (even creating a custom protocol doesn't change this: the traffic keeps being blocked and the logs don't specify a rule that blocks it).

To add to the strangeness: the same configuration on virtual machines (yes, I did test this first) works fine.

Now the question(s):
Does anyone have a Server 2003 Sp with ISA Standard capable of logging on correctly to a domain?
I've always used the "patch everything" principle, what's the (security)risk of not applying SP2?
Anyone heard of a MS statement concerning support for servers that don't have SP2 installed?

Any idea/comment is welcome.

Kris.
Post #: 1
RE: RPC failure because of SP2 - 16.May2007 9:08:09 AM   
BrandonOz

 

Posts: 25
Joined: 30.Jan.2007
Status: offline
 
Give this a try.

Disable the RPC filter, you will find this under Configurations, Add Ins, Applications filters. Once disabled, then setup a rule allowing ďAll outbound traffic" from your ISA to your DC.

I know this may sound as an uneasy solution, but this is how I temporarily fixed my network as suggested by Microsoft.

Hope it helps.



Ref: http://forums.isaserver.org/m_2002041428/mpage_1/key_/tm.htm#2002041428

(in reply to KrisVG)
Post #: 2
RE: RPC failure because of SP2 - 16.May2007 12:12:39 PM   
KrisVG

 

Posts: 4
Joined: 8.Apr.2007
Status: offline
Thank you for the suggestion, I'll try it and post the result.

Question: doesn't disabling the RPC filter sort of take away the exact meaning of the firewall? It gives me impression that I'm using the ISA firewall as a simple open-or-close-some-port firewall.

Kris.

(in reply to BrandonOz)
Post #: 3
RE: RPC failure because of SP2 - 16.May2007 8:58:22 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Kris,

I have an SP2 box that isn't joined to the domain.

I'll see what happens when I join the domain.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to KrisVG)
Post #: 4
RE: RPC failure because of SP2 - 17.May2007 4:54:02 AM   
KrisVG

 

Posts: 4
Joined: 8.Apr.2007
Status: offline
Gents,

Thanks again for the response.

I tried to disable the RPC filtering but to no avail.

However, while I was there I also retried to disable RSS. This time however I did so using the registry editing, not by using the GUI that comes with the HP utilities (I work with an HP server (which only contains HP hardware)).
Apparently this did the trick, so I re-enabled RPC filtering and all keeps on functioning as it should. (I'm not sure but I think the HP GUI only disables RSS for certain NICs and I've got three diferent types of NICs in the server, some of which don't have the option to disable RSS in the HP utilities)

So, in resume, I now have a Server 2003 R2 with SP2, no RSS, RPC filtering enabled and it actually works.

Remaining mistery: why do I have to disable RSS when experiencing problems in a routing relationship and even in a local network relationship?

I'm a bit stressed for time right now, but if I can I'll test re-enabling Strict RPC as well. If that works I'll post it here.

Thanks again for your time and interest,
Kris.

(in reply to tshinder)
Post #: 5
RE: RPC failure because of SP2 - 17.May2007 11:12:06 AM   
KrisVG

 

Posts: 4
Joined: 8.Apr.2007
Status: offline
I just tested re-enabling "Strict RPC" and logons still function as should.

Unfortunately, I still don't see the link between RSS enabled and the RPC calls failing. The explanation in the MS article (http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695) doens't really explain in a detailed manner.

Kris.

(in reply to KrisVG)
Post #: 6
RE: RPC failure because of SP2 - 18.May2007 6:57:37 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: KrisVG

Gents,

Thanks again for the response.

I tried to disable the RPC filtering but to no avail.

However, while I was there I also retried to disable RSS. This time however I did so using the registry editing, not by using the GUI that comes with the HP utilities (I work with an HP server (which only contains HP hardware)).
Apparently this did the trick, so I re-enabled RPC filtering and all keeps on functioning as it should. (I'm not sure but I think the HP GUI only disables RSS for certain NICs and I've got three diferent types of NICs in the server, some of which don't have the option to disable RSS in the HP utilities)

So, in resume, I now have a Server 2003 R2 with SP2, no RSS, RPC filtering enabled and it actually works.

Remaining mistery: why do I have to disable RSS when experiencing problems in a routing relationship and even in a local network relationship?

I'm a bit stressed for time right now, but if I can I'll test re-enabling Strict RPC as well. If that works I'll post it here.

Thanks again for your time and interest,
Kris.


Hi Kris,

Thanks for the info! Appriecate the time it took for you to keep us up to date on this.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to KrisVG)
Post #: 7
RE: RPC failure because of SP2 - 18.May2007 6:58:23 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: KrisVG

I just tested re-enabling "Strict RPC" and logons still function as should.

Unfortunately, I still don't see the link between RSS enabled and the RPC calls failing. The explanation in the MS article (http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695) doens't really explain in a detailed manner.

Kris.


Hi Kris,

I'll see if I can find out.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to KrisVG)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> RPC failure because of SP2 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts