RE: Firewall settings for MAPI Outlook 2003 an d Ex change 2003

  • From: "Dennis Appelboom" <dennis.appelboom@xxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 5 Apr 2005 15:47:54 +0200

Thank you for the comment.

Like you said at the bottom, why not put the terminal server on the
other side of the firewall..... well, that's what we deiced on today,
since I don't really want to open all the ports on the firewall required
by MAPI...

Thanks,

Dennis Appelboom
XB

-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] 
Sent: maandag 4 april 2005 20:10
To: [ExchangeList]
Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 an d
Ex change 2003

http://www.MSExchange.org/

Tough spot.  

Yep, MAPI is pretty much going to require that you lock down the ports
that
it can communicate on.  That's a server side adjustment in the registry,
and
you'll see it in the other article
(http://support.microsoft.com/kb/270836)
how that gets done.  

That basically means the low ports (135, 137, 139 tcp/udp etc) as well
as
the static ports you've specified.  Then, you'll also want to decide
which
GC you want the clients to use, using the closestGC mapping registry
key.
That will prevent the client from connecting and looking for a GC that
Exchange hands out (likely something outside your local to the client
site.)


From there, it's only new mail notification.  Luckily, OL2003 will allow
them to use the clients this way anyway, and fail over to polling vs.
waiting for new mail notification.  Make sure you have the service packs
applied for office/outlook. 

Remember that you want to do this for the public folder stores as well
as
the private stores that are going to be in use. 

One question that comes to mind is why?  Why wouldn't the client put the
terminal server on the other side of the firewall and do away with the
mods?
Wouldn't that be easier as well?

Anyway, if you still see problems connecting, you'll want to have a look
at
a network trace and the firewall logs to see why.  If something isn't
configured correctly, you'll see it pretty fast in one of those tools. 

Drop me a note offline if you need anything else. 

al 

-----Original Message-----
From: Dennis Appelboom [mailto:dennis.appelboom@xxxxx] 
Sent: Monday, April 04, 2005 11:08 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 an d
Ex
change 2003

http://www.MSExchange.org/

Yes, RPC over HTTP would be preferable, but unfortunately, the customer
is
using windows 2003 terminal servers.....and RPC over HTTP does only work
on
XP SP1a or higher, and not windows 2003 server.

So MAPI it is, unfortunately....

Any other thoughts?

Regards,

Dennis Appelboom

-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: maandag 4 april 2005 16:30
To: [ExchangeList]
Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 an d
Ex
change 2003

http://www.MSExchange.org/

Sounds like RPC/HTTP vs. regular MAPI (For more information about that
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTP
Dep/
1583ab17-f7d1-41c1-ba52-37ec276e3644.mspx)   

Some of those ports are no longer needed if I recall correctly. 


Not a bad idea by the way, to deploy RPC/HTTP vs. regular MAPI to solve
this
problem.  Much easier to manage and fewer ports to deal with if this is
an
option. 

Al 

-----Original Message-----
From: Dennis Appelboom [mailto:dennis.appelboom@xxxxx]
Sent: Monday, April 04, 2005 10:13 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 and
Ex
change 2003

http://www.MSExchange.org/

Thanks for the response,

I already tried that document, but was unable to get it to work. After
that,
I found some additional information, telling me that Outlook 2003 uses
static ports rather than dynamically assigned ports....
It should be 6001, 6002 and 6004.
Can someone conform that?

Also, it seems that outlook starts with a call to the exchange server on
port 135..... 

But still no success after I opened 135, 6001, 6002 and 6004.....

Regards,

Dennis Appelboom
XB

-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: maandag 4 april 2005 15:40
To: [ExchangeList]
Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 and
Ex
change 2003

http://www.MSExchange.org/

The specific ports required are basically all of them. Especially those
above 1024 TCP/UDP (in both directions. )

You *can* narrow it down by setting static ports like this:
http://support.microsoft.com/kb/270836

You should also be aware of the way that Exchange tells Outlook to find
a
GC.  You may want to investigate the closestGC registry key for Outlook
(called something like that). 


Al


 

-----Original Message-----
From: Dennis Appelboom [mailto:dennis.appelboom@xxxxx]
Sent: Monday, April 04, 2005 9:26 AM
To: [ExchangeList]
Subject: [exchangelist] Firewall settings for MAPI Outlook 2003 and
Exchange
2003

http://www.MSExchange.org/


Hi,

 

We currently try to make Outlook 2003 work via MAPI through a Firewall.
Yes,
I know, it is a bit unusual...

The DC (with GC) is on the same network as the desktops, so it's just
the
Exchange server that we need the port settings for.

The server is a Windows 2003 server running Exchange 2003 standard
edition.

 

 

Searching with google gave me a lot of answers, all with ISA server
involved...But no specific port settings.

Does anyone know where I can find those?

 

Kind regards,

 

Dennis Appelboom

XB

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
dennis.appelboom@xxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
dennis.appelboom@xxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
dennis.appelboom@xxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 04-2005