RE: Win XP clients cannot reach remote Exchange 5.5 through ISA server 2000...
- From: "Kevin S. Malinowski" <Kevin@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 May 2003 12:40:38 -0600
That isn't the one I was thinking of, but it does the trick.
Thanks David
Kevin
-----Original Message-----
From: David V. Dellanno [mailto:ddellanno@xxxxxxxxxx]
Sent: Monday, May 26, 2003 12:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Win XP clients cannot reach remote Exchange 5.5
through ISA server 2000...
http://www.ISAserver.org
Do you mean this article that Tom wrote?
http://www.isaserver.org/tutorials/Using_the_Exchange_RPC_Filter_to_Publ
ish_Microsoft_Exchange.html
Clients behind NAT Servers/ISA Servers
If the Outlook client is behind a NAT server or an ISA Server, it will
not be able to receive new mail notification requests. The reason for
this is that these new mail notification requests are not affiliated
with the existing RPC connection to allow communications between the
Outlook client and the Exchange Server. Because the new mail
notification message is seen as an unsolicited inbound request, the NAT
server and ISA Server will drop the packet.
This doesn't mean that you won't ever get any new mail. If you send mail
to the Exchange Server, a new mail notification message can be sent
through the existing (active) RPC channel between the Outlook client and
the Exchange Server. However, RPC wasn't designed for an unreliable
network like the Internet. If there is an error in any of the RPC
packets carrying the new mail notification, the notification message
will not go through. You can get around this by forcing synchronization
with the F9 key in Outlook 2000 or setup the Exchange account to carry
out an automatic send/receive every few minutes in Outlook 2002.
The good news is that everything else works fine when the Outlook client
is behind the NAT server. If you are using the Windows 2000 RRAS NAT, no
further configuration is required for the NAT Routing Protocol. If you
there is an ISA Server in front of the Outlook client, you will need to
configure an RPC Protocol Definition and then configure the client to be
a Firewall client. The reason the Outlook client must be configured as a
Firewall client is that SecureNAT clients do not support secondary
connections.
From what I can tell, you need to create the following Protocol
Definition:
Primary connection: TCP 135 Outbound
Secondary connections: TCP 1025-65534 Outbound
My reasoning here is that the initial connection takes place on TCP 135.
The remote ISA Server (the one publishing the Exchange Server) sends
back to the local ISA Server (the one in front of the Outlook client)
the port number on which the Outlook client needs to subsequent
requests. Since this new outgoing connection is part of the original RPC
conversation, a secondary connection to an ephemeral (high number) port
is required outbound from the local ISA Server to the remote ISA Server.
-----Original Message-----
From: Kevin S. Malinowski [mailto:Kevin@xxxxxxxxxx]
Sent: Monday, May 26, 2003 2:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Win XP clients cannot reach remote Exchange 5.5
through ISA server 2000...
http://www.ISAserver.org
The requirement here, is that the client (behind ISA) must be able to
make an RPC call through your ISA server. Resolving it is only the first
step, opening up your ISA server to allow this is the tough part, while
ensuring that you don't open everything up on the machine.
I do have an article on what to open, but can't find it right now. If I
can find it I will post back.
Kevin
-----Original Message-----
From: Murat ALTIPARMAK [mailto:murata@xxxxxxxxxxxx]
Sent: Sunday, May 25, 2003 4:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Win XP clients cannot reach remote Exchange 5.5
through ISA server 2000...
http://www.ISAserver.org
Thank you for your reply. Although I tried writing the IP address of
Exchange server instead of netbios name , the result did not change,
that is "network problems are preventing ...."
In fact when XP clients try to ping the Exchange server by name, it
resolves the name and shows the IP of it. Therefore, problem is not
related with the netbios issue. There must be something different.
Anyway I am still looking forward to an answer. Thank you...
Murat
> The challenge is to make sure your XP client can resolve the netbios
> name of your exchanger server to it's external ip address. =20
>
> http://www.isaserver.org/tutorials/Using_the_Exchange_RPC_Filter_to_Pu
> bl
> ish_Microsoft_Exchange.html
>
>
>
> -----Original Message-----
> From: Murat ALTIPARMAK [mailto:murata@xxxxxxxxxxxx]=20
> Sent: Saturday, May 24, 2003 8:56 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Win XP clients cannot reach remote Exchange 5.5
> through ISA server 2000...
>
>
> http://www.ISAserver.org
>
>
> Hello everybody.
>
> We have a NT 4 domain at our hq in which our Exchange Server 5.5
> resides.We also have two remote Win 2K domains that are connected to
> it without trust relationship.One of remote W2K domains has no
> firewall and also no problem connecting to exchange server via both
> Outlook and Outlook Express/RPC and POP configuration for all client
> types including Windows XP.However the other one has ISA Server in
> Integrated Mode and only XP clients are having problem reaching
> Exchange through Outlook.It is interesting that Outlook Express is
> working in a great way on XP.All other client types (Win 98,NT,2000)
> behind ISA has no problem with Outlook. According to the KB article
> "XCCC: Setting TCP/IP Ports for Exchange and Outlook Client
> Connections Through a Firewall PSS ID
> Number: 155831" We assigned two ports in registry on Exchange site and
> also formed packet filters for that ports on ISA site but no
results.XP
> clients are firewall clients so MS firewall clients are installed.As a
> solution, I uninstalled firewall client and gave the client static IP
> address instead of DHCP and wrote the IP address of ISA server in
> Default Gateway area(constituting SecureNat clients)and then tried but
> always get the following error
>
> "Outlook Could not log on. Check to make sure you are connected to the
> network and are using the proper server and mailbox name.Network
> problems are preventing connection to the Microsoft Exchange Server
> computer.Contact your system administrator if this condition
> persists.You can choose File->Work Offline to work locally until the
> server becomes available"
>
> We called MS for technical support, they tried many things including
> removing and reinstalling ISA server with new settings but no
> result.As a last thing, they offered to upgrade to Exchange 2000 from
> 5.5.But another interesting thing is that XP clients in NT 4 domain
> (in place with Exchange 5.5) has no problems communicating with
> Exchange 5.5.
>
> As a last resort I am about to upgrade to Exchange 2000 but it is
> really a huge mess as you can guess and in fact I really want to
> analyze this problem. Could anybody please help me about it? Any
> suggestion,experience or opinion is appreciated. Thank you in
> advance...
>
> Murat
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/ Windows
> Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
> Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ddellanno@xxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>
> Confidentiality Notice:
> This e-mail message, including any attachments, is for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution
> is prohibited. If you are not the intended recipient, please contact
> the sender by reply e-mail and destroy all copies of the original
> message.
>
>
>
> Confidentiality Notice:
> This e-mail message, including any attachments, is for the sole use of
> = the intended recipient(s) and may contain confidential and
> privileged = information. Any unauthorized review, use, disclosure or
> distribution is = prohibited. If you are not the intended recipient,
> please contact the = sender by reply e-mail and destroy all copies of
> the original message.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
kevin@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ddellanno@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
kevin@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
