none
ISA 2006, публикация rpc over https RRS feed

  • Вопрос

  • доброго
    иса 2006 ент
    два сетевых - интернал, экстернал
    бьюсь над вопросом работы owa& rpc over https
    owa робит, rpc over https нет
    ISA BPA по критикалам молчит, как будто все ок

    однако в журнале событий имеем странное сообщение

    id 12260

    A fatal error occurred while attempting to access the RootCA certificate. This may be caused by incorrect permissions on the private key storage, or the server ay not be able to access the certificate private key because the certificate and its private key are not installed on the same store.rfr

     

    как делалось

    экспортируем сертификат с внутреннего экса (сертификат с внешним именем по которому идут обращения), экспортируем рутовый серт.
    все это делодобавляем куда нужно на исе - соотв. в личные и доверенные корневые центры.
    все как будто хокей

    все сертификаты валидны

    owa отрабатывает без проблем
     косяк по https rpc
    при этом обращение к внутреннему майлу идет (но сканер пакетов показывает не совсем то что хотелось бы)
    внутри аналогичная конфа клиента rpc over https проверена робит с полпинка (днс расщепленный, имена одинаковые из вне и внутри)
    далее отрывок сканера с внутреннего экса, клиент висит, циклы пакетов повторяются..
    похоже не могут договориться
    172,30,0,15 - внутренний экс
    172,30,0,1 - интернал исы


    o. Time Source Destination Protocol Info
    1198 1.487514 172.30.0.1 172.30.0.15 TCP 6384 > https [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460

    Frame 1198 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6384 (6384), Dst Port: https (443), Seq: 0, Ack: 0, Len: 0

    No. Time Source Destination Protocol Info
    1199 1.487548 172.30.0.15 172.30.0.1 TCP https > 6384 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460

    Frame 1199 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: 00:11:85:81:df:c3, Dst: 00:14:38:4b:4f:ea
    Internet Protocol, Src Addr: 172.30.0.15 (172.30.0.15), Dst Addr: 172.30.0.1 (172.30.0.1)
    Transmission Control Protocol, Src Port: https (443), Dst Port: 6384 (6384), Seq: 0, Ack: 1, Len: 0

    No. Time Source Destination Protocol Info
    1200 1.487748 172.30.0.1 172.30.0.15 TCP 6384 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0

    Frame 1200 (60 bytes on wire, 60 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6384 (6384), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

    No. Time Source Destination Protocol Info
    1201 1.488155 172.30.0.1 172.30.0.15 TLS Client Hello

    Frame 1201 (156 bytes on wire, 156 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6384 (6384), Dst Port: https (443), Seq: 1, Ack: 1, Len: 102
    Secure Socket Layer

    No. Time Source Destination Protocol Info
    1202 1.488638 172.30.0.15 172.30.0.1 TLS Server Hello, Change Cipher Spec, Encrypted Handshake Message

    Frame 1202 (176 bytes on wire, 176 bytes captured)
    Ethernet II, Src: 00:11:85:81:df:c3, Dst: 00:14:38:4b:4f:ea
    Internet Protocol, Src Addr: 172.30.0.15 (172.30.0.15), Dst Addr: 172.30.0.1 (172.30.0.1)
    Transmission Control Protocol, Src Port: https (443), Dst Port: 6384 (6384), Seq: 1, Ack: 103, Len: 122
    Secure Socket Layer

    No. Time Source Destination Protocol Info
    1203 1.489106 172.30.0.1 172.30.0.15 TLS Change Cipher Spec, Encrypted Handshake Message

    Frame 1203 (97 bytes on wire, 97 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6384 (6384), Dst Port: https (443), Seq: 103, Ack: 123, Len: 43
    Secure Socket Layer

    No. Time Source Destination Protocol Info
    1204 1.489429 172.30.0.1 172.30.0.15 TLS Application Data

    Frame 1204 (376 bytes on wire, 376 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6384 (6384), Dst Port: https (443), Seq: 146, Ack: 123, Len: 322
    Secure Socket Layer

    No. Time Source Destination Protocol Info
    1205 1.489448 172.30.0.15 172.30.0.1 TCP https > 6384 [ACK] Seq=123 Ack=468 Win=65068 [CHECKSUM INCORRECT] Len=0

    Frame 1205 (54 bytes on wire, 54 bytes captured)
    Ethernet II, Src: 00:11:85:81:df:c3, Dst: 00:14:38:4b:4f:ea
    Internet Protocol, Src Addr: 172.30.0.15 (172.30.0.15), Dst Addr: 172.30.0.1 (172.30.0.1)
    Transmission Control Protocol, Src Port: https (443), Dst Port: 6384 (6384), Seq: 123, Ack: 468, Len: 0

    No. Time Source Destination Protocol Info
    1206 1.493680 172.30.0.1 172.30.0.15 TLS Application Data

    Frame 1206 (179 bytes on wire, 179 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6384 (6384), Dst Port: https (443), Seq: 468, Ack: 123, Len: 125
    Secure Socket Layer

    No. Time Source Destination Protocol Info
    1207 1.494354 172.30.0.15 172.30.0.1 TLS Application Data

    Frame 1207 (106 bytes on wire, 106 bytes captured)
    Ethernet II, Src: 00:11:85:81:df:c3, Dst: 00:14:38:4b:4f:ea
    Internet Protocol, Src Addr: 172.30.0.15 (172.30.0.15), Dst Addr: 172.30.0.1 (172.30.0.1)
    Transmission Control Protocol, Src Port: https (443), Dst Port: 6384 (6384), Seq: 123, Ack: 593, Len: 52
    Secure Socket Layer

    No. Time Source Destination Protocol Info
    1208 1.494444 172.30.0.15 172.30.0.1 TCP https > 6384 [FIN, ACK] Seq=175 Ack=593 Win=64943 [CHECKSUM INCORRECT] Len=0

    Frame 1208 (54 bytes on wire, 54 bytes captured)
    Ethernet II, Src: 00:11:85:81:df:c3, Dst: 00:14:38:4b:4f:ea
    Internet Protocol, Src Addr: 172.30.0.15 (172.30.0.15), Dst Addr: 172.30.0.1 (172.30.0.1)
    Transmission Control Protocol, Src Port: https (443), Dst Port: 6384 (6384), Seq: 175, Ack: 593, Len: 0

    No. Time Source Destination Protocol Info
    1209 1.494547 172.30.0.1 172.30.0.15 TCP 6384 > https [ACK] Seq=593 Ack=176 Win=65361 Len=0

    Frame 1209 (60 bytes on wire, 60 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6384 (6384), Dst Port: https (443), Seq: 593, Ack: 176, Len: 0

    No. Time Source Destination Protocol Info
    1210 1.494853 172.30.0.1 172.30.0.15 TCP 6385 > https [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460

    Frame 1210 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6385 (6385), Dst Port: https (443), Seq: 0, Ack: 0, Len: 0

    No. Time Source Destination Protocol Info
    1211 1.494870 172.30.0.15 172.30.0.1 TCP https > 6385 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460

    Frame 1211 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: 00:11:85:81:df:c3, Dst: 00:14:38:4b:4f:ea
    Internet Protocol, Src Addr: 172.30.0.15 (172.30.0.15), Dst Addr: 172.30.0.1 (172.30.0.1)
    Transmission Control Protocol, Src Port: https (443), Dst Port: 6385 (6385), Seq: 0, Ack: 1, Len: 0

    No. Time Source Destination Protocol Info
    1212 1.494966 172.30.0.1 172.30.0.15 TCP 6385 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0

    Frame 1212 (60 bytes on wire, 60 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6385 (6385), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

    No. Time Source Destination Protocol Info
    1213 1.495355 172.30.0.1 172.30.0.15 TLS Client Hello

    Frame 1213 (156 bytes on wire, 156 bytes captured)
    Ethernet II, Src: 00:13:80:72:7d:40, Dst: 00:11:85:81:df:c3
    Internet Protocol, Src Addr: 172.30.0.1 (172.30.0.1), Dst Addr: 172.30.0.15 (172.30.0.15)
    Transmission Control Protocol, Src Port: 6385 (6385), Dst Port: https (443), Seq: 1, Ack: 1, Len: 102
    Secure Socket Layer

    No. Time Source Destination Protocol Info
    1214 1.495560 172.30.0.15 172.30.0.1 TLS Server Hello, Change Cipher Spec, Encrypted Handshake Message

    Frame 1214 (176 bytes on wire, 176 bytes captured)
    Ethernet II, Src: 00:11:85:81:df:c3, Dst: 00:14:38:4b:4f:ea
    Internet Protocol, Src Addr: 172.30.0.15 (172.30.0.15), Dst Addr: 172.30.0.1 (172.30.0.1)
    Transmission Control Protocol, Src Port: https (443), Dst Port: 6385 (6385), Seq: 1, Ack: 103, Len: 122
    Secure Socket Layer

     

    в какую сторону покопать?

    вроде ошибиться негде, все уже опрбовано на предидущей версии

     

    26 февраля 2007 г. 10:28