Microsoft RPC question
Hello
Anyone who has ever managed to make it work?
We have a problem with our Exchange Server and which enables MAPI clients to connect to if only CPP is allowed. This problem arises not only with Exchange RPC, but RPC of the MS in general.
Access lists allow all the ports that are required for sessions, and "established" is used accordingly.
However, during the inhalation of vapours on the session, there is always an Exchange very short and insufficient packet TCP/EMP/DCERPC-to be more precise: only 5 to 50 packets are exchanged (as a regular session of the MS RPC takes more than 800)... It seems that the PIX is cutting packages.
Ethereal shows that: "lack of DCERPC: call_id: 1 ctx_id: 0 status: unknown (0x00000005)"... and just before the EMP card ask for some UUID is made! ".
Note that we have tried to make it work even without NAT!
Someone at - it had a similar problem, or at least an idea of what seems to be the problem with that?
Thank you
Sasa
Hello
I looked into this before, our scenario was office workers home access to our Exchange through the PIX server, while they came from the external interface and the exchange server has been on the inside.
After a lot of searching around, I found that using the established command on the PIX only works going from a high security below, interface or maybe it could have been more precisely inside the interface to the outside, I can't remember.
I checked this with our Cisco representative at the time and he confirmed that it was true.
Thank you
Paddy
Tags: Cisco Security
Similar Questions
-
Microsoft RPC (MSRPC) support
All,
I have a Windows Server inside my firewall which service must be reached via Microsoft-style RPC (MSRPC) by customers who are outside. How to set the proper firewall? (In which case it is important, the code is FWSM Firewall Version 2.3 (1).)
If I understand correctly, MSRPC works as follows. (Please alert me on mistakes.) The customer wants to use a service that provides the server, but the service was not a well known port number. Instead, the service is identified by a famous 'programme number.' The customer contacts 135/tcp port on the server, specifies the number of program of your choice and says on what port number of the service is listening. The customer then proceeds to contact service in the usual way (fee connection; full negotiating TCP) on the port, that he learned to use.
This behavior is a problem. The firewall must allow second connection of the client, but the port of destination may not be known (or so configured in the firewall) in advance. In support of MSRPC, therefore, I expect the firewall to have a correction. There no one for MSRPC, if it is of * seem * to have a non configurable for Sun RPC style. (See PIX Firewall & VPN Config Guide p. 5-29) It is supposed to be a SunRPC correction, example of the documentation implies that you just need to identify the service port forward using "rpcinfo" on the client, and then configure the firewall in a static way. Is it really a good idea? It is possible for the service to use a different port at different times, correct? And how is what is considered fixup? (What correction happening?)
In any case, documentation mentions MSRPC again in the Appendix devoted to support MS Exhange and suggests the use of the command 'established '. Documentation for this command, however, said that it "allows outbound connections back through the PIX firewall access.» In my case, I am concerned by the incoming connections.
Thanks a lot for any advice you can offer.
Christopher Ursich
I'm not a PIX / IOS fix up for this. But it's how Microsoft is going to solve this problem:
http://msdn.Microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewall.asp
< very="" brief="" summary="" of="" the="" above="" document="">>
Restrict the range of TCP Ports
There are several registry settings that control the functionality of DCOM ports restriction. All of the below named values are located under the key HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet registry (that you must create). Remember, just do it on the server machine. Customers will automatically get port numbers right when they connect to the MCU on the server machine.
Name ports
Type REG_MULTI_SZ.
Value of 3000-4000 (specify a port range per line. One or more ranges of ports. )
Your firewall configuration
The firewall between your server and the Internet must be configured as follows:
Refuse all incoming traffic from the Internet to your server.
Allow incoming traffic to all customers for the TCP 135 port (and the port UDP 135, if necessary) on your server.
Allow incoming traffic from all the clients to TCP ports (UDP ports and, if necessary) on your server in the range of Ports (s) indicated above.
Volker greetings
-
Driver Microsoft Stop question
I have an update to my previous question. I just conducted a test - up to now, I can print a document, but after printing, I get the blue screen and I have to restart my computer. I get the error message is similar to that experienced by the user - LSensale - something about a pilot is not "less or equal to" someone knows how to solve this problem?
It can help to look at the files minidump against accidents with a debugger.
Can you zip the minidump in the C:\Windows\Minidump folder files and (provide link) available via Windows Live SkyDrive or similar site?
The following link has information about the use of Windows Live SkyDrive:
If you have problems to compress the minidump files copy the minidump files to another location such as a folder on the desktop
In addition, you do not necessarily have compress the minidump files, you can download one at a time.
-
On a number of messages I saw the following:
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you thinkIf I click on the link that need me only to the homepage of answers; certainly not a feedback forum.
Please give me a link to this elusive Feedback Forum.
In the selections of the Forum for this post, I just used a random Windows theme because none of parts applies to this question, and unfortunately there is no selection of 'other '.
Hello
Here is the link to the forum comments
http://answers.Microsoft.com/en-us/feedback/forum?page=1&tab=all
the link to this is down on the lower right part of every page here. left side of the Microsoft Logo
-
Microsoft Certification questions
I am currently finishing my computer networking degree from ITT. (a lot of good that will do me)
But... I need to get some made certifications to get a job. My question is, is anyone know where I can get practice tests or study guides that are free or cheaper then what is online? MCSC, virtual machine in addition to recommendations for certain certificates... I already get, hopefully.
To start, use this link for cerificates/training etc.
https://mspartner.Microsoft.com/en/us/pages/membership/OEM-competency.aspx
-
Keys satellite C850 - Bluetooth and shortcut of Microsoft Word questions
Hello.
I had one laptop C850D-107 Satellite as a gift, but I discovered that there is no driver bluetooth inside.
When I checked the drivers from this site for my brand, I saw two options; battery filter Bluetooth and bluetooth.Who am I supposed to download.
Secondly, I am used to use the F keys in Microsoft word and using shortcut General but my laptop has additional on the F - keys command as the F4 is for LCD and so on, thus, making it difficult to use the original commands. Is there a way I can turn it off?Looking forward to your prompt response.
Thank you.> I had a portable C850D-107 Satellite as a gift, but I discovered that there is no driver bluetooth inside.
No all laptops are equipped with a BT module or feature and the C850D-107 Satellite can't internal BT
> Secondly, I'm used to use the F keys in Microsoft word and using shortcut General but my laptop has additional on the F - keys command as the F4 is for LCD and so on, thus, making it difficult to use the original commands. Is there a way I can turn it off?
You can use the special function key mode which allows you to use the function keys without pressing the FN key. This can be changed _in BIOS_ (F2->-> Advanced tab-> System Configuration-> special function mode key in BIOS)
-
I received a possible scam to Microsoft as follows; A caller identified phone a Computer Geeks or "Ultimate Creative Solutions" said that they were contacted by Microsoft about problems with my computer and the product take me to the events display warnings etc. The appellant that proposes to offer technical support for 6 months for $99. Their method is to access a computer remotely to perform repairs. Someone knows something about this offer?
Hello
Yes, it's a SCAM!
Avoid scams to phone for tech support
http://www.Microsoft.com/security/online-privacy/avoid-phone-scams.aspxScams by e-mail or web: how to protect yourself - understands what to do if you
think you've been scammed.
http://www.Microsoft.com/security/online-privacy/phishing-scams.aspxHow to recognize phishing e-mails, phone calls or links
http://www.Microsoft.com/security/online-privacy/phishing-symptoms.aspxIn the United States, you can contact the local police to the FBI, Attorney general, and
consumer watch groups. Arm yourself with knowledge.The Internet Crime Complaint Center (IC3) is a partnership between the
Federal Bureau of Investigation (FBI) and the National White Collar Crime Center
(NW3C), funded in part by the Bureau of Justice Assistance (BJA).
http://www.ic3.gov/complaint/default.aspxNo, Microsoft wouldn't you not solicited. Nor would they know if any errors
It exists on your computer. So those are the frauds or scams to get your money or
worse to steal your identity.Avoid scams that use the Microsoft name fraudulently: Microsoft has no
for you unsolicited telephone calls help fix your computer
http://www.Microsoft.com/protect/fraud/phishing/msName.aspxScams and hoaxes
http://support.Microsoft.com/contactus/cu_sc_virsec_master?ws=support#tab3Microsoft Support Center consumer
https://consumersecuritysupport.Microsoft.com/default.aspx?altbrand=true&SD=GN&ln=en-us&St=1&wfxredirect=1&gssnb=1Microsoft technical support
http://support.Microsoft.com/contactus/?ws=support#TAB0Microsoft - contact technical support
http://Windows.Microsoft.com/en-us/Windows/help/contact-supportI hope this helps.
Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="">-><- mark="" twain="" said="" it="">->
-
Microsoft license question for usage of Windows XP/7 with Parallels for Mac
My mother bought an iMac two weeks ago (OSX/Lion). She plans to install Parallels and wants to use the Windows license of its old Windows XP machine that does more boot. Someone told me that Microsoft license requires that you use Windows 7 Professional or Enterprise - you cannot use Home Edition. Does anyone know what rule of Microsoft, for this for Windows 7 and Windows XP? I ask because it has Windows XP Professional now, I think, but could buy Windows 7 on both. Thanks for the help.
If you have a commercial version of win, which is not currently installed on a PC, you can install it on any hardware/software that takes care of the victory. There is nothing in the MS Win license that specifies what type of device, it can be installed on. Unlike some other software manufacturers
-
Hello
Had a first go at NLB configuration. I have it configured in the same manner as my colleague did
physical boxes.
I have it configured as multicast and everything looks ok in the NETWORK Load Balancing Manager. Unlike with physical servers.
I can only connect to the cluster that is part of the same subnet. I can't ping from another subnet.
What gives? According to VMware should not require changes to the host.
I tried placing virtual machines on a host and different hosts. The results remain the same.
works only part of the same subnet.
see you soon
The key here is that the multicast MAC address is not captured by the routers in question. That's why you can only ping locally in the same VLAN. To resolve this problem, you need to create a static ARP entry on your 8.
Page 2 of NETWORK load balancing guide:
Some routers do not support the resolution of IP addresses unicast to multicast MAC addresses and they don't answer ARP. Thus, an administrator must add a static ARP entry in the router, mapping of the IP address of the cluster in its MAC address.
-KjB
-
Satellite L350D: License parameters & plant Microsoft Office Ready PC
I'm about to restore a Satellite L350D factory settings. I know all wil programs and deleted files. I already have a backup copy of vista to al my files, but I'm worried about the office.
I have a license of Microsoft Office Professional 2007, but an espcially for a Microsoft Office Ready PC (so not installation diskettes included). I don't remember how I activated on this laptop. When I do a factory reset can I use this license on satellite? Will there be a version of preinstalled office that I can activate with this license?
Thanks in advance!
Hi Linda
As far as I know recovery image contains the Microsoft Office trial version and you can use it, I think, 60 days without activation. It can be activated if you have the correct activation code and you can enable it when you want.
If you have this key should not be a problem for you, but unfortunately I can't say for sure because I use my own full version. What you can do is to contact the hotline of Microsoft and ask.
What do we do Toshiba is to include this trial version in the recovery image, but everything else is Microsoft s question then maybe you should contact them first and ask for advice.
-
I am using Windows 7 and have accounts with MSN Money 2005 and I try to have more data from the Money 2005 file updated in a format that is compatible with the money, and I can use the money more
See the information displayed by SpiritX MS MVP in the http://answers.microsoft.com/en-us/feedback/forum/user/microsoft-money-question/13ef1581-2dfd-45fc-85ba-92cbcade313a thread
-
If there is no downloads - share my success! Microsoft could you chime on this please?
I'm sure many of you have problems with streaming video and music gel and downloads all felling anywhere between 5% and 99% complete and just wrong.
I had this problem as well and it drove me crazy. I couldn't narrow the problem down to software, hardware, or even a per-site basis. The only thing I found was that I couldn't find a solid answer anywhere as to why this was happening.
Proposed solutions included: what your anti-virus software, would it be your NIC, would it be your firewall, could this site, could it be drivers, and so on...
I tried EVERYTHING I could find to get this resolved. Of services and software in MSCONFIG startup, for replaceing NIC and NETWORK card drivers around disabling my firewall to put up an XP virtual box in my Win 7 machine...
The funny thing is, when I used a XP virtual machine hosted by windows 7 downloads worked very well... Same hardware, so I again is that...
Not the final result which was at one point my colleague and I remembered that we take a similar problem, copying large amounts of data across our cable network using Windows 7 or Windows Server 2008. The transfers would be simply slowly degenerate down to nothing and then freeze. We found that disabling "Global autotuninglevel" Windows 7 and server 2008 solved this problem.
So I tried it on my desk and hop I get full downloads, streaming video, YouTube and everything.
Here are the steps I have to do this:
Open Command Prompt as administrator
Run this command: netsh int tcp set global autotuninglevel = disabled
It should simply return "Ok".
After that every thing was OK...
If Microsoft my question is, 'why this work and what is happening in the background that do work? ' Thank you and good luck to all!
dogdaynoon
Hello
Thank you for sharing the resolution which will help others facing the same issues to fix.
-
Cannot change the primary alias on behalf of microsoft
My father set up his account of Microsoft on his (using windows 8 on a laptop and a phone)
and something so he's done with 3 alias (* address email is removed from the privacy *, * address email is removed from the privacy * and * address email is removed from the privacy *).
E-mail address is removed from the privacy * being its primary. He also uses the windows mail app, where name@gmail and googlemail appear.
Only the googlemail is usable - gmail "is already added.
I can't delete gmail from there because it is the primary alias - it uses to connect.
The logical answer would be to change the primary alias * address email is removed from the privacy * and everything should be fine again...
But when I put * address email is removed from the privacy * primary, I get the email and click on the activation link - the primary alias
is always the * address email is removed from the privacy *.
No idea how to get the * address email is removed from the privacy * the primary alias - that he then can you connect to?
Hello
Thanks for the details, unfortunately us will be able to help you with this issue, because it is purely a specific question account in which you can not change the primary alias. I suggest you ask the chat or e-mail support for assistance with this issue.
You can refer to the following FAQ once and check if you can
Security information for the Microsoft account: FAQ
To improve the assistance with the Microsoft account questions, you can contact support e-mail or chat. You can do the same thing in the section need help?
I hope this helps. Let us know if you have any questions.
-
Sorry, we couldn t connect to Microsoft services
When I try to access my messaging app, I wonder to check my local password. When I do, I'm greeted by the error message: Sorry, we couldn t connect to Microsoft services for the moment.
I did what the error message suggests and sought corrections on the home screen, but no luck.
This happened about a week. Microsoft had questions a long time or is it a problem on my end?
Thank you
Ah, sorry. A system restore fixed the problem fast. Sorry for wasting your time.
-
Calendar task no longer works under Windows 7 64-bit
Greetings,
Recently, I realized some of my scheduled tasks had ceased to work and have not worked for more than a month. My system changes frequently, because my machine is used for the development, so I regularly uninstallation and installation of various tools, packages, updates, etc...
Therefore the answer to the question, what has changed on your machine recently, several things have changed. Too many to pin-point and exclude.
In services, I try to start the Task Scheduler service and receive this error message:the Task Scheduler in service on Local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. I see this and it's Ok, all right. Service does not work because it does not need to be. The service is configured to run under the Local System account.
I then try to open the Task Scheduler application (Admin Tools > Task Scheduler) and receive this error immediately at startup until:remote computer was not found. OK, beyond the error and the Task Scheduler interface loads with errors. Status of the task: Reading Data Failed., active tasks: reading data failed.
Right click on the Task Scheduler (Local) node > configuration of Service account error:the following error is reported: the Task Scheduler Service is not running.
Hmmm... service does not start because it is not but Task Scheduler cannot function without the service running. Where should I go from here?
I posted this question in the wrong forum: http://social.microsoft.com/Forums/en-US/Offtopic/thread/e1fb1fbe-d561-4d86-aeb2-a6f9efc70293/
It seems that this forum configuration does not allow issues passes to another forum. I had to re-post here.
Receive the following response and tests:
[quote]
You may find it useful to this thread on the forums of Windows 7:
You will also find additional help in the Microsoft Answers for Windows 7 forums, here:
http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7
Research on "Task Scheduler" will produce multiple threads in addition to that mentioned above.
[/ quote]
[quote]
Test the first link unfortunately does not work here's the copy/paste from my session Admin command prompt:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Windows\SysWOW64>schtasks/create /SC Minute /ST 00:00 /TN /TR "Test job" "cmd /c echo % date % % time % > ' «% UserProfile%\desktop\test.txt»»»
ERROR: The network address is not valid.C:\Windows\SysWOW64 > schtasks/delete /tn "Test Task.
ERROR: The network address is not valid.C:\Windows\SysWOW64 >
Currently trolling through general research approach.
[/ quote]
Thank you for your time,
Doug
Found the solution:
Start > run > regeditNavigate to HKLM\SOFTWARE\ (Wow6432Node\ on x 64 systems) MICROSOFT\RPC\INTERNETExport this key to save first, then delete the Internet key (and its subkeys).Restart your systemScheduler tasks and application Task Scheduler service works perfectly after reboot.Doug
Maybe you are looking for
-
Should I replace my hard drive of my MacBook Pro?
I'm trying to decide if I need to replace the hard drive of my MacBook Pro (mid 2009) with a new... or Buy a refurbished MacBook Pro? I'm afraid that if something is not Apple does not work on it because I have installed by a third party. If I bough
-
Y430: My laptop interrupts Internet on other machines when it connects
I was wondering if anyone else has had problems with their Lenovo Y430 interrupt internet on other computers that are connected to the same network, when it connects? We have a Lynksis router connected to our Internet headquarters and for some reason
-
I tried to download DirectX on my desktop but the download failed and I got error S1023
I tried to download DirectX on my desktop with Win XP. The download failed and I got the S1023 error message. Now what should I do? I need the download. Original title: download DirectX issue
-
problems with the XP security 2011 removal
I went and downloaded the XP security 2011 thing on my laptop and everything was smooth until our days. For some strange reason, I was unable to get on my internet explore still under Mozilla Firefox. More when I went to try to go to control panel to
-
Cannot find a driver download for my fitbit, can you help me?