Thank you for the comment. Like you said at the bottom, why not put the terminal server on the other side of the firewall..... well, that's what we deiced on today, since I don't really want to open all the ports on the firewall required by MAPI... Thanks, Dennis Appelboom XB -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: maandag 4 april 2005 20:10 To: [ExchangeList] Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 an d Ex change 2003 http://www.MSExchange.org/ Tough spot. Yep, MAPI is pretty much going to require that you lock down the ports that it can communicate on. That's a server side adjustment in the registry, and you'll see it in the other article (http://support.microsoft.com/kb/270836) how that gets done. That basically means the low ports (135, 137, 139 tcp/udp etc) as well as the static ports you've specified. Then, you'll also want to decide which GC you want the clients to use, using the closestGC mapping registry key. That will prevent the client from connecting and looking for a GC that Exchange hands out (likely something outside your local to the client site.) From there, it's only new mail notification. Luckily, OL2003 will allow them to use the clients this way anyway, and fail over to polling vs. waiting for new mail notification. Make sure you have the service packs applied for office/outlook. Remember that you want to do this for the public folder stores as well as the private stores that are going to be in use. One question that comes to mind is why? Why wouldn't the client put the terminal server on the other side of the firewall and do away with the mods? Wouldn't that be easier as well? Anyway, if you still see problems connecting, you'll want to have a look at a network trace and the firewall logs to see why. If something isn't configured correctly, you'll see it pretty fast in one of those tools. Drop me a note offline if you need anything else. al -----Original Message----- From: Dennis Appelboom [mailto:dennis.appelboom@xxxxx] Sent: Monday, April 04, 2005 11:08 AM To: [ExchangeList] Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 an d Ex change 2003 http://www.MSExchange.org/ Yes, RPC over HTTP would be preferable, but unfortunately, the customer is using windows 2003 terminal servers.....and RPC over HTTP does only work on XP SP1a or higher, and not windows 2003 server. So MAPI it is, unfortunately.... Any other thoughts? Regards, Dennis Appelboom -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: maandag 4 april 2005 16:30 To: [ExchangeList] Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 an d Ex change 2003 http://www.MSExchange.org/ Sounds like RPC/HTTP vs. regular MAPI (For more information about that http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTP Dep/ 1583ab17-f7d1-41c1-ba52-37ec276e3644.mspx) Some of those ports are no longer needed if I recall correctly. Not a bad idea by the way, to deploy RPC/HTTP vs. regular MAPI to solve this problem. Much easier to manage and fewer ports to deal with if this is an option. Al -----Original Message----- From: Dennis Appelboom [mailto:dennis.appelboom@xxxxx] Sent: Monday, April 04, 2005 10:13 AM To: [ExchangeList] Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 and Ex change 2003 http://www.MSExchange.org/ Thanks for the response, I already tried that document, but was unable to get it to work. After that, I found some additional information, telling me that Outlook 2003 uses static ports rather than dynamically assigned ports.... It should be 6001, 6002 and 6004. Can someone conform that? Also, it seems that outlook starts with a call to the exchange server on port 135..... But still no success after I opened 135, 6001, 6002 and 6004..... Regards, Dennis Appelboom XB -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: maandag 4 april 2005 15:40 To: [ExchangeList] Subject: [exchangelist] RE: Firewall settings for MAPI Outlook 2003 and Ex change 2003 http://www.MSExchange.org/ The specific ports required are basically all of them. Especially those above 1024 TCP/UDP (in both directions. ) You *can* narrow it down by setting static ports like this: http://support.microsoft.com/kb/270836 You should also be aware of the way that Exchange tells Outlook to find a GC. You may want to investigate the closestGC registry key for Outlook (called something like that). Al -----Original Message----- From: Dennis Appelboom [mailto:dennis.appelboom@xxxxx] Sent: Monday, April 04, 2005 9:26 AM To: [ExchangeList] Subject: [exchangelist] Firewall settings for MAPI Outlook 2003 and Exchange 2003 http://www.MSExchange.org/ Hi, We currently try to make Outlook 2003 work via MAPI through a Firewall. Yes, I know, it is a bit unusual... The DC (with GC) is on the same network as the desktops, so it's just the Exchange server that we need the port settings for. The server is a Windows 2003 server running Exchange 2003 standard edition. Searching with google gave me a lot of answers, all with ISA server involved...But no specific port settings. Does anyone know where I can find those? Kind regards, Dennis Appelboom XB ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: dennis.appelboom@xxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: dennis.appelboom@xxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: dennis.appelboom@xxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx