Hi everyone! I have this problem that keeps me awake.. I have a server running a monitor utility (WhatsUp Pro) that is supposed to check the status on the ISA NT-services.
Problem is that the ISA refuse to let the server see the services. First I tried to shutdown the firewall completely, just to see that I was doing right.. and that worked. And now I have tried to create several firewall-rules that include tha isa and monitor-server as source/destinations. I have tried "all outgoing", created own rules, disabled all RPC-filteing, Included the remote server as a magagement-machine.. nothing works.
I used the ISA-logging to monitor whats traffic that is used and all it says is secure-nat and RPC(135).
You can try to create a rule with "seleted protocols", then try to add the RDP (3389) to the list. You can see the protocols in Protocols/Remote Terminal at the right side. Or you can use Logging feature in ISA console to observe the communication between your management server and ISA server when the "all outbound" is applied.
I found out that if I connect from the remote server with the local administrator-account it works just fine. But I cant use my domain admin-account... Can anyone explain this? My domain account is member of the local admin-group.
It sounds like you do not have access privileges to access what you want to though the rules that you have setup. The best way to test and verify what exactly is happening is to review the live logs as they are streaming though.
You can do this under monitoring. the fact that it is working with the local admin account indicates that that account is allowed though.
From: Chelmsford, UK
got it working....... stupid error on my part... having looked at this for days it was a routing problem between the 184 & 190 range to the Internal network card - added 2 persistant routes and hey presto!