We have our ISA 2006 Server setup for webmail & ActiveSync to our Exchange 2007 server using a Listener. However, when we do a vulnerability scan for PCI compliance, the IP for this listener on the ISA server is coming up with an SSL V2 vulnerability. Now, I have done all the stuff (regedits) I need to do on the Exchange 2007 server to disable SSL V2, but I am still coming up with a vulnerability on a scan. Could it be that when accessing Port 443 on the IP in question, the request is forwarded somewhere else when the Webmail/Activesync URL (mailserver.domain.com/owa) is not specified (i.e. not to the Exchange Server but the ISA IIS Server?). I don't see anywhere else where Port 443 could be forwarded. Any suggestions? Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image001.jpg@01C9AD5D.220693F0] *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com ***