Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Cannot configure access to Exchange Server between two routed networks in ISA Server 2004


View products that this article applies to.

Symptoms

When you configure an access rule between two routed networks in Microsoft Internet Security and Acceleration (ISA) Server 2004 to provide access to Microsoft Exchange Server, users can communicate with the Exchange Server computer successfully. However, you cannot enforce encryption policies or limit client communication based on universally unique identifiers (UUIDs).

↑ Back to the top


Cause

This issue occurs because ISA Server 2004 does not currently support the following features in an access rule:
  • The limitation of remote procedure call (RPC) communications based on UUIDs.
  • The enforcement of encryption.

↑ Back to the top


Workaround

To work around this issue, use one of the following methods:

Method 1: Limit the RPC interfaces that clients can use

Configure the RPC interfaces that can be used by clients. For example, you can limit the use of RPC to Exchange Server only. In this scenario, you have the option to allow all RPC traffic or to deny all RPC traffic.

Method 2: Use the Enforce Encryption option

Create a server publishing rule for the Exchange Server computer, right-click that new rule, click Configure Exchange RPC, and then click to select the Enforce Encryption check box.

To create a server publishing rule, follow these steps:
  1. Right-click Firewall Policy, and then click New Server Publishing Rule.
  2. Specify a server publishing rule name.
  3. Specify the internal IP address of the server you are publishing, and then click Next.
  4. In Select Protocol, select the protocol to be used by the new rule, and then click Next.
  5. Select the Listener IP address that will listening to the request. Click External, click Next, and then click Finish.

↑ Back to the top


More information

In certain routing relationships, an access rule and a server publishing rule are interchangeable. In both scenarios, the permitted traffic passes from the client directly to the destination computer. A server publishing rule that you configure between two routed networks does not mean that the client connects to the IP address of the ISA Server computer. It means that the client connects directly to the destination server computer. Because RPC server publishing supports the UUID specification, you must use a server publishing rule to provide access to Exchange Server.

For additional information about network relationships in ISA Server 2004, search on "Multi-networking overview" in ISA Server Help.

↑ Back to the top


Keywords: KB838366, kbfirewall, kbprb

↑ Back to the top

Article Info
Article ID : 838366
Revision : 5
Created on : 1/15/2005
Published on : 1/15/2005
Exists online : False
Views : 331