I have all of my required ports open to have the Citrix Secure Gateway (CSG) working in my test lab. The CSG is sitting in the DMZ with a web server. They are members of the internal domain, and I need to get authentication working. What I have found is that ASL is prohibiting RPC (UDP port 135) from going through the firewall to the DC in the private network. I can ping the DC, and I can NET USE to a share on the DC.
But, when I log in I get an error message of "NO MORE AVAILABLE ENDPOINT MAPPINGS AVAILABLE. TRY AGAIN LATER." I used PORTQRY to test if I can bind to UDP port 135, and the connection times out. I then tried TCP port 135 and I am able to connect, but this server will only initiate a UDP session.
Now, I do have the RPC service defined in the ASL interface:
RPC PROT:TCP/UDP SRCP:1024-65535 DESTP:135
I have added this to the Packet Filter list and enabled it.
Any ideas?
Thanks.
------------------------------------------------
Never mind. I figured it out. It was related to Dynamic RPC. I saw using the Active Packet Filter monitoring that the server was wanting to use TCP port 1026 to get to the DC. I added this to the Dynamic RPC service and it can log in now.
[size="1"][ 07 August 2002, 19:25: Message edited by: Chris Lynch ][/size]
This thread was automatically locked due to age.