ISA 2006 and RPC problem - tra |
25-Jul-07 10:36:05
|
Hallo All,
I have a strange behaviour with a fresh installed ISA Server 2006 in a
Windows 2003 environment.
The scenario: 10.1.1.146 (FAISA03) is ISA server internal NIC, 10.1.1.101
and .105 are the domain controllers.
When I log on the server it takes a long (very long!) time in "Applying your
personal settings".
This is the event on ISA server Application log:
----------------------------------------
ERRORE EVENT VIEWER
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 7/25/2007
Time: 3:27:58 PM
User: NT AUTHORITY\SYSTEM
Computer: FAISA03
Description:
Windows cannot determine the user or computer name. (The RPC server is
unavailable. ). Group Policy processing aborted.
----------------------------------------
And these are the events in ISA log (sorry, rows are very long):
----------------------------------------
Original Client IP Client Agent Authenticated Client Service
Server Name Referring Server Destination Host Name Transport MIME
Type Object Source Source Proxy Destination Proxy
Bidirectional Client Host Name Filter Information Network
Interface Raw IP Header Raw Payload GMT Log Time Source
Port Processing Time Bytes Sent Bytes Received Result Code
HTTP Status Code Cache Information Error Information Log
Record Type Authentication Server Log Time Client IP Destination
IP Destination Port Protocol Action Rule Client
Username Source Network Destination Network HTTP Method URL
10.1.1.101 FAISA03 - TCP -
No - 10.1.1.146 45 00 00 28 00 61 40
00 80 06 e3 76 0a 01 01 65 0a 01 01 92 01 85 04 d4 4e 8b c5 e3 ce b3 7d 3c 50
11 ff fe 32 24 00 00 7/25/2007 1:48:26 PM 389 0 0 0
0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 0x0
Firewall - 7/25/2007 3:48:26 PM 10.1.1.101 10.1.1.146 1236
Unidentified IP Traffic Denied Connection Internal
Local Host - -
10.1.1.101 FAISA03 - TCP -
No - 10.1.1.146 45 00 00 28 00 64 40
00 80 06 e3 73 0a 01 01 65 0a 01 01 92 01 85 04 da 0d 0e f4 67 9e c1 2c 3b 50
11 ff fe c6 0a 00 00 7/25/2007 1:48:26 PM 389 0 0 0
0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 0x0
Firewall - 7/25/2007 3:48:26 PM 10.1.1.101 10.1.1.146 1242
Unidentified IP Traffic Denied Connection Internal
Local Host - -
10.1.1.101 FAISA03 - TCP -
No - 10.1.1.146 45 00 00 30 00 66 00
00 80 06 23 6a 0a 01 01 65 0a 01 01 92 00 87 04 db 90 6b cd 51 8e c6 ad 25 70
12 40 00 8d 0b 00 00 7/25/2007 1:48:28 PM 135 0 0 0
0xc0040034 FWX_E_SEQ_ACK_MISMATCH 0x0 0x0 Firewall
- 7/25/2007 3:48:28 PM 10.1.1.101 10.1.1.146 1243 Unidentified IP
Traffic Denied Connection Internal Local Host
- -
10.1.1.146 FAISA03 - TCP -
No - 7/25/2007
1:48:34 PM 1243 21015 0 0 0x8007274c WSAETIMEDOUT
0x0 0x0 Firewall - 7/25/2007 3:48:34 PM 10.1.1.146
10.1.1.101 135 RPC (all interfaces) Failed Connection Attempt
[System] Allow RPC from ISA Server to trusted servers Local Host
Internal - -
10.1.1.101 FAISA03 - TCP -
No - 10.1.1.146 45 00 00 30 00 ce 00
00 80 06 23 02 0a 01 01 65 0a 01 01 92 00 87 04 e2 bf 23 27 5f 38 a2 f4 12 70
12 40 00 13 76 00 00 7/25/2007 1:48:38 PM 135 0 0 0
0xc0040034 FWX_E_SEQ_ACK_MISMATCH 0x0 0x0 Firewall
- 7/25/2007 3:48:38 PM 10.1.1.101 10.1.1.146 1250 Unidentified IP
Traffic Denied Connection Internal Local Host
- -
10.1.1.101 FAISA03 - TCP -
No - 10.1.1.146 45 00 00 28 00 cf 40
00 80 06 e3 08 0a 01 01 65 0a 01 01 92 01 85 04 cb c8 23 94 3d 7f cf 27 cd 50
11 ff fe 8e 8e 00 00 7/25/2007 1:48:38 PM 389 0 0 0
0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 0x0
Firewall - 7/25/2007 3:48:38 PM 10.1.1.101 10.1.1.146 1227
Unidentified IP Traffic Denied Connection Internal
Local Host - -
----------------------------------------
DCs System Logs often report this event:
----------------------------------------
Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 7/25/2007
Time: 3:19:05 PM
User: N/A
Computer: SRVDC001
Description:
The master browser has received a server announcement from the computer
FAISA03 that believes that it is the master browser for the domain on
transport NetBT_Tcpip_{F372B238-C45D-4B4C-9BF1-9E9C72F45337}. The master
browser is stopping or an election is being forced.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 58 00 ......X.
0008: 00 00 00 00 43 1f 00 c0 ....C..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 25 00 00 00 00 00 00 00 %.......
0020: 00 00 00 00 00 00 00 00 ........
----------------------------------------
All system policies relevant to RPC do NOT have “enforce strict RPC
compliance†checked.
System policy #22 (Allow RPC from ISA Server to trusted servers) is enabled
from ‘local host’ to ‘internal’
‘internal’ network is set from 10.1.0.0 to 10.1.255.255, with address
10.255.255.255 added.
Trying to fix this problem I also created more rules and a new address range
‘ISA uffici’ including the unique IP of internal ISA Server NIC and a subnet
‘Server uffici’ with address range 10.1.0.0/16:
‘Server Uffici Traffic 01’ - Allow – All Outbound traffic – From ‘internal’
– To Localhost and ISA Uffici’ – All Users
‘Server Uffici Traffic 02’ - Allow – All Outbound traffic – From Localhost
and ISA Uffici’ – To ‘internal’ – All Users
RPC In – Allow – RPC Server (all interfaces) – From ‘Server Uffici’ – To
Localhost and ISA Uffici – All users
RPC Out – Allow – RPC (all interfaces) – From Localhost and ISA Uffici – To
Server Uffici – All users
Of course, logoff phase takes a long (very long!) time too.
ISA was installed AFTER adding FAISA03 to the domain.
Any ideas?
Thanks in advance
trab |
 |