RPC clients cannot use Kerberos authentication to authenticate with a server that you publish behind ISA Server 2004, Enterprise Edition| Article ID | : | 917145 | | Last Review | : | December 4, 2007 | | Revision | : | 1.3 |
SYMPTOMSYou publish Microsoft Exchange MAPI or other remote procedure call (RPC) services by using a rule in Microsoft Internet Security and Acceleration (ISA) Server 2004, Enterprise Edition. However, an RPC client that uses Kerberos authentication in this situation cannot authenticate with the published server. If you perform a network trace, you determine that ISA Server closes the RPC connection immediately after it receives an RPC Alter Context packet.  Back to the top
CAUSEThis problem occurs because RPC protocol validation in ISA Server 2004 Enterprise Edition does not correctly identify and handle the RPC Alter Context packet. Therefore, ISA Server closes the connection. Back to the top RESOLUTIONTo resolve this problem, install the hotfix that is described in the following Microsoft Knowledge Base article: 917902 (http://support.microsoft.com/kb/917902/) Description of the ISA Server 2004 hotfix package: April 24, 2006
Back to the top WORKAROUNDTo temporarily work around this problem, configure the messaging client to use Windows authentication (NTLM). To configure Microsoft Office Outlook 2003 to use Windows authentication, follow these steps: | 1. | In Control Panel, double-click Mail. | | 2. | In the Mail Setup dialog box, click E-mail Accounts, click View or change existing e-mail accounts, and then click Next. | | 3. | In the Name list, click the Exchange server name, and then click Change. | | 4. | Click More Settings, and then click the Security tab. | | 5. | In the Logon network security list, click Password Authentication (NTLM). | | 6. | Click OK, click Next, and then click Finish. | | 7. | Click Close to exit the Mail Setup dialog box. |
Back to the top STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. Back to the top MORE INFORMATIONIn an environment where the client can communicate with the Kerberos Key Distribution Center (KDC) and where the client can access internal DNS servers, the client may use Kerberos authentication. This behavior may occur if the following conditions are true: | • | A service or program that uses RPC is located behind ISA Server 2004. Additionally, this service or program is published by using a server publishing rule. | | • | The client computers are members of the internal domain. |
For more information, click the following article number to view the article in the Microsoft Knowledge Base: 824684 (http://support.microsoft.com/kb/824684/) Description of the standard terminology that is used to describe Microsoft software updates Back to the top
APPLIES TO| • | Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 2, when used with: | | | | Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition |
|
Back to the top | Other Support Options- Need More Help?
Contact a Support professional by Email, Online or Phone. - Customer Service
For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more. - Newsgroups
Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.
|
|
Help and Support
