locked
GP Won't update and RDP won't work after reboot

    Question

  • Trying to tackle two things in one post here:

    Group Policy only will update if I shut down the firewall service and do a gpupdate, then I can restart the firewall service and do them regularly. The EventID I get is 1053 with a 1762 "Remote Procedure call failed" error.

    I can confirm that RPC is getting through the firewall on the logging, but not getting through some sort of other mechanism.

    RDP will not work until I shut the firewall service down and restart it. Unfortunately, there are no logs for this error.

    I did have to change the LAN IP of the machine. I am almost certain everything started acting funny at that time.

    It is a 2008 R2 edge firewall with TMG 2010 installed.
    Saturday, June 05, 2010 4:20 PM

Answers

  • I finally solved it after 3 days..

    SOMEHOW, I don't know how this was changed... Active Directory was configured in system policy to the network "Local Host".

    I am glad I got it set but would love to know how the heck it got changed.

    • Marked as answer by abuttino Sunday, June 06, 2010 3:07 AM
    Sunday, June 06, 2010 3:07 AM

All replies

  • Hi,

    please deactivate strict RPC compliance setting in the TMG System policy rule set. Do you see any errors in the TMG log or eventviewer on the Windows Server? Please check the IP network range definition of the Internal network on TMG.


    regards Marc - www.nt-faq.de - www.it-training-grote.de - www.forefront-tmg.de
    Saturday, June 05, 2010 4:53 PM
  • Already disabled Strict RPC Complaince, forgot to mention.

    IP Network range is set for 10.0.0.0-10.255.255.255 with the "Add adapter" button, I didn't set them manually.

    Saturday, June 05, 2010 4:57 PM
  • Here are some errors I get on the TMG server:

    Forefront TMG disconnected a non-TCP connection from 10.0.0.2 because the connection limit for this IP address was exceeded. Larger custom connection limits should be configured for the IP addresses of chained proxy servers and back-to-back Forefront TMG computers with a NAT relationship.


    Forefront TMG detected a possible spoof attack from the IP address 169.254.1.250. A spoof attack occurs when an IP address that is not reachable through the network adapter on which the packet was received. If logging for dropped packets is enabled, you can view details of this attack in the Firewall log in Forefront TMG log viewer. If the IP address belongs to a VPN client, this event may be ignored.

     

    Forefront TMG detected Windows Filtering Platform filters that may cause policy conflicts on the server WIN-TMG-SVR. The following providers may define filters that conflict with the Forefront TMG firewall policy: Microsoft Corporation

     

    RPC doesn't just fail for GP, it fails for everything.

    I thought I could update GP with the firewall started back up, but I was wrong..

    Saturday, June 05, 2010 5:38 PM
  • Hi,

    >>Forefront TMG disconnected a non-TCP connection from 10.0.0.2 because the connection limit for this IP address was exceeded. Larger custom connection limits >>should be configured for the IP addresses of chained proxy servers and back-to-back Forefront TMG computers with a NAT relationship.

    try to extend the connection limit for this IP address in the flood mitigation settings

    >> Forefront TMG detected a possible spoof attack from the IP address 169.254.1.250. A spoof attack occurs when an IP address that is not reachable through the >> network adapter on which the packet was received. If logging for dropped packets is enabled, you can view details of this attack in the Firewall log in Forefront 

    this is a APIPA address from an client with is configured to use DHCP, but no DHCP answered the DHCP query. Do you know which client this could be?

    >> Forefront TMG detected Windows Filtering Platform filters that may cause policy conflicts on the server WIN-TMG-SVR. The following providers may define filters >> that conflict with the Forefront TMG firewall policy: Microsoft Corporation

    this is a "normal" behaviour in TMG and can be safely ignored.

    The RPC filter is also activated in Forefront TMG?


    regards Marc - www.nt-faq.de - www.it-training-grote.de - www.forefront-tmg.de
    Saturday, June 05, 2010 6:58 PM
  • I have no idea what client is using the APIPA address.

    The RPC Filter, on the protocols toolbox with RPC (All Interfaces) is enabled. I tried to disable it to no avail.

    Also, Best practices says "The secure channel to the primary domain controller cannot be verified. The returned error code is 1311"

    I am guessing that's because I still have this RPC problem

    Saturday, June 05, 2010 7:51 PM
  • Ok, I got GP to update properly, but I still have that 1311 error in best practices after I ran it again.
    Saturday, June 05, 2010 8:08 PM
  • False positive, the only reason I was able to update the GPO was because the firewall was stopped.
    Saturday, June 05, 2010 11:07 PM
  • I finally solved it after 3 days..

    SOMEHOW, I don't know how this was changed... Active Directory was configured in system policy to the network "Local Host".

    I am glad I got it set but would love to know how the heck it got changed.

    • Marked as answer by abuttino Sunday, June 06, 2010 3:07 AM
    Sunday, June 06, 2010 3:07 AM