XADM: How to Publish Exchange Server 5.5 and Exchange 2000 Server with Proxy Server 2.0

This article describes how to publish Exchange Server 5.5 and Exchange 2000 Server on Microsoft Proxy Server 2.0. To consolidate sources, some information in this article was taken from the articles that are listed in the "References" section of this article.

How to Publish Exchange Server 5.5 Behind Proxy Server 2.0

How Proxy Server Works

You can use the Winsock Proxy client to bind services or programs to the external network interface of the server computer that is running Proxy Server. After you bind a service or program on the external network interface, that service or program is available to hosts on the Internet. The proxy server computer then "listens" for connections on behalf of the service or program.

For example, if you bind an internal Simple Mail Transfer Protocol (SMTP) mail server or Post Office Protocol (POP) mail server to the proxy server, mail clients or SMTP servers on the Internet can contact this mail server by connecting to the proxy server's Internet IP address. To remote computers on the Internet, these services appear to be running on the proxy server computer.

To Set Up the Server Proxy Feature for Exchange Server 5.5

To make sure Exchange Server will function with the Server Proxy feature, follow these steps exactly:

1. Install and configure Proxy Server.
2. In the Winsock Proxy (WSP) properties, click Client Configuration, and then set Client Connects to Microsoft Winsock Proxy Server by to IP address.
3. Install the WSP client on the Exchange Server computer.
   
   Note If the WSP client is already installed, reinstall it. To do so, connect to the mspclnt share on the proxy server, and then run Setup.exe from the root directory.
4. Change the Domain Name System (DNS) settings on the Exchange Server computer.
   
   You must define an Internet DNS server address on the Exchange Server computer so that the Exchange Server computer can send mail correctly.
   1. In Control Panel, double-click Network, click TCP/IP, and then click the DNS tab.
   2. Add your Internet service provider's DNS server address or addresses.
      
      Note If your DNS server does not seem to function correctly, use the following Microsoft Network DNS servers to test name resolution:
      • 204.255.246.17
      • 204.255.246.18
5. After the WSP client is functioning, additional settings are required for server proxy on the Exchange Server computer. You must create two Wspcfg.ini files for the Exchange Server computer.
   1. Create the first Wspcfg.ini file for use with the Exchange SMTP service. Type the following four lines of information in Notepad, and then save this file as Wspcfg.ini in the folder where Msexcimc.exe is located. The default location of the Msexcimc.exe file is c:\exchsrvr\connect\msexcimc\bin\msexcimc.exe.
      [MSEXCIMC]
      ServerBindTcpPorts=25
      Persistent=1
      KillOldSession=1
      
      
      Notes
      • Type only the four lines of text; do not copy the blank lines before and after the text. Do not save the file in Unicode format.
      • On computers that have Microsoft Internet Information Server version 4.0 (IIS) installed, stop and disable the SMTP service so that it does not start. The SMTP service, an optional Microsoft Windows NT Option Pack service, also uses port 25.
      • This procedure binds the SMTP port (25) on the Exchange Server computer to the proxy server's port 25.
      • Exchange 2000 does not have an Mmsexcimc folder or an Internet Mail Connector. For additional information about how to configure Exhange 2000 behind Microsoft Proxy Server 2.0, click the following article number to view the article in the Microsoft Knowledge Base:
        276388� XIMS: How to Configure Exchange 2000 Behind Proxy Server 2.0
   2. Create the second Wspcfg.ini file for use with the Exchange information store (Store.exe). Copy and paste the four lines of information below in Notepad, and then save this file as Wspcfg.ini in the folder where Store.exe is located. The default location of Store.exe is c:\exchsrvr\bin\store.exe.
      [STORE]
      ServerBindTcpPorts=110,119,143
      Persistent=1
      KillOldSession=1
      Notes
      • Do not manually type the information in Notepad, and do not save the file in Unicode format.
      • Additional ports, such as ports 119 and 143, can be listed because Store.exe provides Network News Transfer Protocol (NNTP) on port 119 and POP mail on port 110.
   When you configure the Exchange Server computer to use Internet Message Access Protocol, Version 4rev1 (IMAP4) mail or secure mail, Exchange Server connects to ports 993 and 995 on the proxy server. These ports must be bound to the external interface on the proxy server. To make this work, make the following changes to the Wspcfg.ini file that is in the folder where the Store.exe file is located:
   [Store]
   ProxyBindIp=993:<PROXY_SERVER_ADDRESS>,995:<PROXY_SERVER_ADDRESS>
   ServerBindTCPPorts=993,995
   KillOldSession=1
   Persistent=1
   Note For these changes to work correctly, you must apply Service Pack 1 (SP1) to Microsoft Proxy Server 2.0 and then apply the solution that is described in the following Microsoft Knowledge Base article:
   232588� Winsock Proxy Client Fails to Bind Remotely to Proxy Server Computer
6. Make sure that the two Wspcfg.ini files do not have a .txt extension appended (for example, Wspcfg.ini.txt). Rename the file if you have to.
7. If you are not using Access Control on the Winsock Proxy service, go to step 10.
   
   If Access Control is enabled on the Winsock Proxy service, you must grant the user account that starts the Exchange Server services access to the proxy server. This must be a domain user account, not a local account on the Exchange Server computer. If the user account is a local account, create a new user account on the domain. To do so, open Control Panel, double-click Services, and then grant the new domain user account logon rights to all the Exchange Server services.
8. Give the new domain user account access to the proxy server. In the Winsock Proxy properties, click Permissions, and then grant the new account the Unlimited Access permission.
9. Restart the Exchange Server computer. After you restart the Exchange Server computer, it should automatically listen on the external interface of the proxy server computer.
10. To test connectivity to the Exchange services from a computer that is directly connected to the Internet:
    1. On the test computer, click Start, click Run, and then type Telnet.exe.
    2. Click Connect, and then click Remote System. Use the following connection information to establish the connection:
       
       HOST NAME: External IP address of the proxy server
       PORT: 25
       TERM TYPE: vt100
    3. After you are connected and see a blank screen, press ENTER, and then wait about 30 seconds. You should see a message from the Exchange SMTP service that indicates a successful setup. If this message does not appear, recheck your settings.
    4. You can also try port 110 to test the POP service.

How to Publish Exchange 2000 Behind a Proxy 2.0 Server

1. After the WSP client is functioning, additional settings are required for server proxy on the Exchange 2000 computer. You must create two Wspcfg.ini files for the Exchange 2000 computer. To do so:
   1. Create the first Wspcfg.ini file for use with the Exchange SMTP service. Type or copy and paste the following four lines of information in Notepad, and then save this file as Wspcfg.ini in the folder where Msexcimc.exe is located. The default location of the Msexcimc.exe file is c:\exchsrvr\connect\msexcimc\bin\msexcimc.exe.
      [MSEXCIMC]
      ServerBindTcpPorts=25
      Persistent=1
      KillOldSession=1
      
      
      Notes
      • Do not save the file in Unicode format. Type or copy only the four lines of text; do not copy the blank lines before and after the text.
      • On computers with Internet Information Server version 4.0 (IIS), stop and see comment the SMTP service so that it does not start. The SMTP service, an optional Windows NT Option Pack service, also uses port 25.
      • The SMTP port (25) on the Exchange 2000 computer is then bound to the proxy server's port 25.
   2. Create the second Wspcfg.ini file for use with the Exchange information store (Store.exe). Copy and paste the following four lines of information in Notepad, and then save this file as Wspcfg.ini in the folder where Store.exe is located. The default location of Store.exe is c:\exchsrvr\bin\store.exe.
      [STORE]
      ServerBindTcpPorts=110,119,143
      Persistent=1
      KillOldSession=1
      Notes
      • Do not manually type the information in Notepad, and do not save the file in Unicode format.
      • Additional ports, such as ports 119 and 143, can be listed because Store.exe provides Network News Transfer Protocol (NNTP) on port 119 and POP mail on port 110.
   When you configure the Exchange 2000 computer to use Internet Message Access Protocol, Version 4rev1 (IMAP4) mail or secure mail, Exchange 2000 connects to ports 993 and 995 on the proxy server. These ports must be bound to the external interface on the proxy server. To make this work, make the following changes to the Wspcfg.ini file that is in the folder where the Store.exe file is located:
   [Store]
   ProxyBindIp=993:<PROXY_SERVER_ADDRESS>,995:<PROXY_SERVER_ADDRESS>
   ServerBindTCPPorts=993,995
   KillOldSession=1
   Persistent=1
   Note For these changes to work correctly, you must apply Service Pack 1 (SP1) to Microsoft Proxy Server 2.0 and then apply the solution that is described in the following Microsoft Knowledge Base article:
   232588� Winsock Proxy Client Fails to Bind Remotely to Proxy Server Computer
2. Make sure that the two Wspcfg.ini files do not have a .txt extension appended (for example, Wspcfg.ini.txt). Rename the files if you have to.

More Information About Binding to the Proxy Server

Microsoft Exchange Server 4.0, Microsoft Exchange Server 5.0, and Exchange Server 5.5 run the Exchange Server-related services under a domain service account. In Exchange 2000, the Exchange services run under local system accounts (LocalSystem). These local system accounts cannot authenticate with the proxy server to bind to the proxy server. Use the Credtool utility (Credtool.exe) to configure these local system accounts to authenticate with and bind to the proxy server. The Credtool utility is installed with Proxy Client and is located in the Mspclnt folder.

To bind the required ports and services to the proxy server:

1. Install the Winsock Proxy Client from the Proxy Server Mspclnt shared folder.
2. Make sure that you have a virtual server for each protocol that you want to bind to the proxy server.
3. Start Exchange System Manager, click Servers, click Protocols, and then locate the virtual server.
4. Right-click the virtual server, click Properties, click the General tab , and then make sure that the protocols are set to all unassigned.
5. Make sure that there are no conflicts on the proxy server by using the netstat command to verify that the following ports do not have any services (for example, you may have to set the proxy server computer's SMTP service to manual):
   • 25
   • 110
   • 143
   • 993
   • 995
6. In the Winnt\System32\Inetsrv folder, create a file named Wspcfg.ini that contains the following information:
   [inetinfo]
   ServerBindTcpPorts=25,110,143,993,995
   Persistent=1
   KillOldSession=1
   ForceCredentials=1
7. At a command prompt, change to the Proxy Client folder (typically C:\Mspclnt), and then run the following command
   credtool -w -n inetinfo -c user domain password
   where user is the user name of a user who has permissions to bind to the proxy server, domain is the network basic input/output system (NetBIOS) domain name of that user, and password is the password of that user.
8. In Administrative Tools, double-click Services, and then restart the IIS Admin Service on the Exchange 2000 computer.

For additional information about the issues that this article discusses, click the following article numbers to view the articles in the Microsoft Knowledge Base: For additional information, click the following article number to view the article in the Microsoft Knowledge Base: