|
superprutser -> DMZ to LAN denied RPC (All interfaces) (1.Jul.2008 3:49:39 PM)
|
I'm trying to create a new dmz setup with our ISA 2004 setup towards the internal Win2k3 network. I'm running ISA2004 SP3 on Win2K3 SP2.
The problem which I've been investigating for one and a half day now is that I can't get a member server in the domain to get a full domain connection to the AD hosts in the internal lan.
The member server is an freshly installed 2k3 sp2 box and it's already part of the domain. I configured the network rules to route back and forth from the internal network to the DMZ. I've created an access rule from DMZ outbound to Internal with the following protocols:
DNS,
Kerberos-Adm (TCP/UDP)
Kerberos-Sec(TCP/UDP)
Ldap (TCP/UDP)
Ldaps (TCP/UDP)
Ldaps-GC
Ldap-GC
CIFS (TCP/UPD)
Ping
RCP (all interfaces)
Whit this rule in place I almost have full access to the domain, I can browse shares, ping, query the dns but I can't get it to apply my GPO's.
Whenever I try to perform a gpupdate I'll end up with an RPC (All interfaces) denied message.
I've tried to disable strict RPC rules, I've disabled the filter, I addedd the RSS disable reg entry as wel as the TCP ofload entries. I also added the Server2003NegotiateDisable key. None were successfull.
In the end I created a Allow all rule and disabled the RPC filter alltogether.
After a reboot the access rule worked, however the moment I edit the rule ie adding the right ports the rule stops functioning an I need to start all over again rebooting the server to get it to accept the rule.
Currently I'm stuck, do any of you guys have a clue?
|
|
|
|