Announcement

Collapse
No announcement yet.

ISA 2006 exchange pubishing problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006 exchange pubishing problem

    I am creating a site to site connection between our head office and a remote branch, the VPN is established (L2TP) and traffic is moving between both sites.Exchange traffic is not moving from clients behind the remote ISA server. I can ping the exchange box but that is all. The connection fails as follows.

    Failed Connection Attempt 15/05/2009 10:32:09 Log type: Firewall service Status: Rule: Allow access between Remote_L2TP and Internal Source: Remote_L2TP (172.21.230.100:1157) Destination: Internal (172.21.22.24:135) Protocol: RPC (all interfaces)
    I have an Exchange RPC rule allowing traffic to the correct IP.I also tried creating an RPC server all interface rule to the exchange box.
    Any input is appreciated.Thank you

  • #2
    Re: ISA 2006 exchange pubishing problem

    Check your system policy and on the Active Directory settings make sure "Enforce Strict RPC Compliance" is not checked. Also make sure that this is not enforced on the rules that allow traffic between the servers and on any rules of a higher priority. To do this right click on the rule and select "Configure RPC Protocol"
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: ISA 2006 exchange pubishing problem

      I had the RPC box unticked in the authentication section of the policy, I had the exchange rule at the top of the list also with RPC unticked, I just went through all the other rules and unticked where applicable. Same error I'm afraid. My VPN clients come through no problem, it is purely on the site to site connection.

      Comment


      • #4
        Re: ISA 2006 exchange pubishing problem

        What is the ISA rule configured to allow? All traffice between Exchange Servers? How are the Exchange Servers communicating, routing group connectors?
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: ISA 2006 exchange pubishing problem

          The rule is called 'Exchange RPC server' and was configured via the wizard.It allows ,quote 'Protocol used for publishing Exchange server for RPC access from the External network.' This traffic is coming from clients at a remote branch via an L2TP site to site connection.There is only one Exchange server.

          Comment


          • #6
            Re: ISA 2006 exchange pubishing problem

            There is also the rule for the site to site connection allowing all traffic between the two networks.

            Comment


            • #7
              Re: ISA 2006 exchange pubishing problem

              Are these rules Firewall rules or network rules? Ignoring the Exchange for a moment, a VPN network should be configured and the traffic rules between the 2 networks defined as network rules, not as access rules. Make sure strict RPC compliance is not enforced for any relevant network rules as well.

              The rule you listed "used for publishing Exchange server for RPC access from the External network" sounds like it is publishing RPC over HTTP(s) for remote Outlook clients connecting to Exchange.
              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
              sigpic
              Cruachan's Blog

              Comment


              • #8
                Re: ISA 2006 exchange pubishing problem

                there is the network rule which was created, between the remote site and the internal site, when I set up the VPN. I created the RPC rule as a troubleshooting step to publish the exchange server when the exchange traffic was being blocked.The network rule is set as a route and not NAT.If I place the 'Allow traffic between remote and internal' rule to the top then the connection attempt fails and the reported protocol is RPC (all interfaces).

                Comment


                • #9
                  Re: ISA 2006 exchange pubishing problem

                  that rule you're publishing is for RPC over HTTP - IE, outlook anywhere, not for RPC connections between the exchange servers..

                  at lesat.. if i'm interpretting correctly..
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment


                  • #10
                    Re: ISA 2006 exchange pubishing problem

                    ye I know this, I only added the rule as a troubleshooting step. I am thinking a re install of ISA now.

                    Comment


                    • #11
                      Re: ISA 2006 exchange pubishing problem

                      Well I don't think that it will help to reinstall ISA server.
                      I rather think there is a mismatch somewhere in the config..

                      How does your network rules looks like?
                      How does your firewall rule looks like?

                      You are saying:
                      Protocol used for publishing Exchange server for RPC access from the External network.'

                      Well the External network is not the branch office when you have configured the network rules correctly. External Network should be all other unknown networks... so the Internet.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment

                      Working...
                      X