The version I'm running creates a protocol rule that denies udp send receive ports 8998, and 995-999. Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 Phone 870-864-8688 Fax 870-864-8689 Cell 870-866-9941 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 11:55 AM To: ISALists Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Hi Jeff, I have to say that I don't know what the SoBig script does :-) But I'm sure if it blocks TCP 135, then it will create an explicit packet filter to do so. Even if the Sobig script did some hidden blocking, the blocked connection attempts would appear in the NetMon trace. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 11:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Does the sobig script for ISA block the RPC port 135 traffic? I know it doesn't directly, but are there any secondary connections needed? But I have tried it with it turned off as well... Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 10:16 AM To: ISALists Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Hi Jeff, The procedure of publishing secure Exchange RPC is very quick an easy, so from the publishing end, the only things that might be whack might be: 1. The Exchange Server is not a SecureNAT client 2. The publishing rule is disabled 3. A packet filter is blocking the rule from working 4. Exchange is installed on the firewall and the socket is listening on all interface (this problem CAN'T be fixed without disabling NetBT, and Exchange really doesn't like that too much) The real problem with Secure Exchange RPC publishing is name resolution. Can you run NetMon on the external interface and see if the incoming TCP 135 connections are making it to the firewall? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 10:10 AM To: [ISAserver.org Discussion List] Subject: [isalist] Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Here I am again.... My published RPC Exchange 2000 server through ISA still doesn't work. Worked fine till the worm crap started happening. Then ISPs started blocking port 135 and or RPC, but since then they assure me they have stopped. I have had Earthlink field technicians work with me on our setup, ours and their routers, dsu/csu, etc. They dug down deep and say that there is no blocking going on. Yet it doesn't work any more for us. Does anyone know if any of the Microsoft patches actually broke this functionality? Tom, I have been going through your deployment kits, but am a little confused. Is it still possible to do the RPC publishing with ISA server on Win 2000 server, and Exchange 2000 on Win 2000 server? Without any additional ssl, certificates, vpn, rpc over http, etc. It used to work, I just want it back. Is there any configuration lists or settings you need me to send to help identify the problem. Thanks Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 Phone 870-864-8688 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')