Casey, call my setup ridiculous, but then keep in mind that we have not had one email- borne virus touch our network in over two years. Dell was running a special on a 1650 for $500 bucks that would run IIS SMTP just fine. They also had another for $270 that would work. I disagree with your real world analogy (in gentleman fashion) - there are benefits to doing it the right way the first time. The benefits to a secure email architecture are gained regardless of the size of your organization, and at minimal cost. For the longest time I had a piece of junk clone box as our screener, and while I worried about it a lot, it worked until I could get a real server to replace it. Check www.dealspree.com for excellent deals and coupons for Dell equipment and servers. Ed -----Original Message----- From: Friese, Casey <cfriese@xxxxxxxxxxxxx> To: [ISAserver.org Discussion List] <isalist@xxxxxxxxxxxxx> Sent: Tue Feb 25 08:20:05 2003 Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA http://www.ISAserver.org Rich, In our world there's 2 ways of doing things, The Microsoft way or the real world way. Not everyone can afford to go out and by the required resources and to be honest, I think it's a rediculous idea to buy 2 servers to support one function - email - especially in your size environment. Honestly, If plausible, just bring your Exchange server to an inside DMZ or internally altogether and use ISA's server publishing rules. This still isn't the idea soultion but it's far more secure than your current setup. -----Original Message----- From: rbell@xxxxxxxxxx [mailto:rbell@xxxxxxxxxx] Sent: Tuesday, February 25, 2003 9:13 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA http://www.ISAserver.org That was my first thought on doing the setup. But after going to a Microsoft run Exchange 2000 class they wanted it either with the server in the DMZ or a "front end" exchange server in the DMZ and a "back end" exchange server on the internal net. Couldn't get the funding for a front end so ran this way. The secondary trouble is due again to funding I am also running two websites, and a DNS server on the same server. Nothing really large and I have under 50 users on the exchange server. Never had a problem until this one with SP1. Look like it may be time to hit the books again and see what else can be done on a larger scale. Rich -----Original Message----- From: Edward Sullivan [mailto:esullivan@xxxxxxx] Sent: Tuesday, February 25, 2003 8:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA http://www.ISAserver.org I would strongly recommend you move your exchange server inside to your 10.x network, then use smtp and owa publishing for external connections. This makes your network more secure, and will more than likely solve your connectivity issues. Exchange 2000 uses AD heavily, and seperating it from your main network will complicate things. (assuming you have exchange 2000) -----Original Message----- From: Friese, Casey <cfriese@xxxxxxxxxxxxx> To: [ISAserver.org Discussion List] <isalist@xxxxxxxxxxxxx> Sent: Tue Feb 25 07:41:06 2003 Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA http://www.ISAserver.org Is there no local network between the ISA and the Exchange Server? Example..using your numbers, here's how my design is: All my XP SP1 Clients work fine. Intranet (10.0.x.x) | ISA Server (10.0.x.x) South (10.112.x.x)Local DMZ ------ Exchange Server (10.112.x.x) (66.43.x.x) North | Cisco Router (66.43.x.x) | Internet -----Original Message----- From: rbell@xxxxxxxxxx [mailto:rbell@xxxxxxxxxx] Sent: Tuesday, February 25, 2003 8:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA http://www.ISAserver.org okay here goes... working from a LAT setup. I have an internal network and W2K server that is the DHCP/DNS for internal net. All clients are running the ISA firewall client. Out in the DMZ are the web servers and the Exchange server. Intranet (10.0.x.x) DC runs DHCP and DNS servers | ISA server (10.0.x.x) south (66.43.x.x) north | Exchange server (66.43.x.x) also DNS server | Cisco router (66.43.x.x) | Internet On all the other (non-SP1) outlook setups (outlook 2000) I create an exchange account in Outlook and connect without problem. On the SP1 units or units that have had SP1 installed I am denied access. On the systems that I can remove SP1 from all works great as soon as it is off the system. FTP is also denied on these systems, but like exchange some back after SP1 is removed. the real trouble is the units that have SP1 integrated into the WinXP OS installation CD. Rich -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, February 23, 2003 12:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA http://www.ISAserver.org Hi Richard, You say the Exchange Server is in a DMZ. What kind of DMZ? Are the clients trying to connection from a LAT or non-LAT network? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder -----Original Message----- From: rbell@xxxxxxxxxx [mailto:rbell@xxxxxxxxxx] Sent: Friday, February 21, 2003 9:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] FW: WinXP SP1, Outlook 2000, and ISA http://www.ISAserver.org I have several W2K, and WinXP stations running Outlook with a live connection to an Exchange server in the DMZ. All was fine until I installed WinXP SP1. After installation of SP1 I can not longer connect to the exchange server or even use FTP. I can however surf the web. I am running the ISA firewall client on all stations. This appears to be a WinXP SP1 issue as on the stations that I can remove SP1 from the connections return. However I have new stations that have WinXP with SP1 integrated. Is there a setting that after SP1 needs to be changed in the ISA server that I didn't need before SP1? Richard Bell MIS Director Microfilm Services, Inc. www.msifla.net rbell@xxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rbell@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cfriese@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rbell@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cfriese@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')