I know, don't say it. It's new non-recommended code. But I'm doing it with this client cause I have to.
Have had a problem recently with SAM. And if its been reported, then good, if not, then here you go.
I have a 2500 that is running 6.5R1. Some SAM users can connect, 2 cannot. User logs show:
Request to connect to SERVER port 135 permission denied
The policy reads:
My quick resolution is NC for these users, but anyone else seen it so far?
I'm guessing that it's a client issue, but that's just a hunch. You could try doing a TCPDump on the internal interface of the IVE. However, if you have multiple SAM users connected, you may not be able to discern between them.
It seems curious to me that your server name is server.domain.com, but the message shows the name as "server". That makes me think that the two users who are failing are referring to the server by non-qualified name. You could check their Outlook settings to see if this is true.
Assuming domain.com is in the search suffix list for your SA2500, you could also try a policy of server.* in addition to server.domain.com:*