Possible bug in Exchange GUI (Exchange System Manager.msc)
- From: Miha <Miha@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Apr 2006 10:21:02 -0700
Hi! I’m writing this because I think I found one small bug in Exchange GUI.
More precisely it is how Exchange GUI read and display information about
Connection settings for SMTP server. Somehow that information is never
synchronized with MetaData.xml file after you once change those settings with
VBScript.
1. Software used for experiment
On first server, I have Windows Server 2003 SP1 and Exchange 2003 SP2. On
second server (hosted within Virtual PC 2004) I have Windows Server 2003 SP1
and ISA 2004 SP2. So first server has Exchange’s SMTP while second has
built-in SMTP. While I was testing differences I used Exchange System
Manager.msc on first server and iis.msc on second server. Both servers are
180 Eval and I use those servers for testing and learning purpose only.
2. Script that I used for changing settings and reading them
I used two scripts made in VBScript language and ran them under cscript
within Command Prompt. First I used script to target settings for SmtpSvc/1
virtual server and changed settings for Deny and/or Allow IPs and if access
to that virtual server is grant or deny by default.
Second I used another script to read that information. But in the end I made
one script that read current settings, change them and then read them again.
strComputer = "."
Set objWMIService = GetObject _
("winmgmts:{authenticationLevel=pktPrivacy}\\" _
& strComputer & "\root\microsoftiisv2")
Set colItems = objWMIService.ExecQuery _
("SELECT * FROM IIsIPSecuritySetting WHERE Name='SmtpSvc/1'")
For Each objItem in colItems
Wscript.Echo "Name: " & objItem.Name
Wscript.Echo "~~~~~~~~~~~~~~~~~~~~~Connection~~~~~~~~~~~~~~~~~~~~~"
count = UBound(objItem.IPGrant)
For i = 0 To count Step 1
Wscript.Echo objItem.IPGrant(i)
Next
Wscript.Echo "Total grant " & count+1 & " IPs"
count = UBound(objItem.IPDeny)
For i = 0 To count Step 1
Wscript.Echo objItem.IPDeny(i)
Next
Wscript.Echo "Total deny " & count+1 & " IPs"
Wscript.Echo "GrantByDefault: " & objItem.GrantByDefault
objItem.IPGrant = Array()
objItem.IPDeny = Array("1.2.3.0,255.255.255.0")
objItem.GrantByDefault = True
objItem.Put_
count = UBound(objItem.IPGrant)
For i = 0 To count Step 1
Wscript.Echo objItem.IPGrant(i)
Next
Wscript.Echo "Total grant " & count+1 & " IPs (after)"
count = UBound(objItem.IPDeny)
For i = 0 To count Step 1
Wscript.Echo objItem.IPDeny(i)
Next
Wscript.Echo "Total deny " & count+1 & " IPs (after)"
Wscript.Echo "GrantByDefault (after): " & objItem.GrantByDefault
Wscript.Echo "~~~~~~~~~~~~~~~~~~~~~Connection~~~~~~~~~~~~~~~~~~~~~"
Next
Wscript.Echo "Done!"
As you can see in the example above I grant by default access to virtual
server SmtpSvc/1 and deny IPs from 1.2.3.0 through 123.0.0.255. What is
important here is that after each time I ran a script results on Command
Prompt screen displayed me that changes were made.
3. Next step
My next step was to actually check if those settings are applied or not. So
I changed settings with script to allow any connection by default and deny my
subnet (my subnet is 192.168.123.0). After I ran script I tried to access
SMTP server on port 25 through telnet from same subnet. No response. That
means changes were made in a moment.
Now I made changes with script again, with settings to deny access by
default and allow connections only from my subnet. Second after I ran script
I tried to access SMTP server with telnet again. This time I was successful.
4. And GUI
During that test I checked what information Exchange GUI displays. For all
changes I made with script I didn’t notice any of changes being displayed in
GUI. Now I was trying to figure out if I changed right settings. And I think
I was since I was trying to reach that SMTP virtual server! That mean
something goes wrong.
5. Where are those settings stored
My next step was to find where those settings are actually stored. And I
found file named MetaData.xml in %systemroot%\system32\inetsrv. As far as I
know there are settings for IIS related services like NNTP, HTTP, POP3 and
yes, for SMTP to.
Quick search for “SmtpSvc/1” and I found entry Location ="/LM/SmtpSvc/1"
under <IIsSmtpServer></IIsSmtpServer>. Settings found under that element are
in my oppinion the key of this mistery.
The key I was looking for is named IPSecurity, with vaule:
18000080200000803c00008044000080010000004c00000000000000000000000100000000000000020000000100000004000000000000004c00008000000000000000000000000000000000ffffffff
At the begining I didn’t know what those numbers are so I ran a script to
add subnet of IPs to deny list. Entry was 1.2.3.0,255.255.255.0. After that I
opened file MetaData.xml again. No changes were made. But script showed me
that changes were made.
So I decided to restart SMTPSVC service. After that script showed me same
result. But what is important those changes were saved in MetaData.xml. New
value is now:
180000803400008050000080580000800100000060000000010000000100000002000000020000000300000000000000640000800100000000000000020000000100000004000000000000006000008000000000000000000000000000000000ffffffffffffff0001020300
For first part of that value I have no clue what that is. You guys know
that. But last 16 characters are very important. Value ffffff0001020300 is
hex value for 255.255.255.0 1.2.3.0. And that is the value I entered with
VBScript.
So now we have some more information. VBscript made changes and those
changes were stored somewhere till I restarted SMTPSVC service. After that
those changes were saved into MetaData.xml
6. Again GUI
Now I returned to GUI and notice that there are still old values. I
restarted SMTPSVC, I closed and opened Exchange GUI, I restarted complete IIS
Admin service and after that I restarted server. But still somehow Exchange
GUI doesn’t display new information being stored in MetaData.xml correctly
even those I can read them from file MetaData.xml and with script.
7. Parallel testing
While I was testing this issue I was doing same thing on second server (no
Exchange). But there I didn’t notice any problem with incorrect information
being displayed in IIS GUI.
8. Conclusion
With all tests I made I can say Exchange GUI don’t display information right
once you made changes with VBScript. And important, those information are
only those related to Connection settings for SMTP virtual server (under
Access tab of SMTP virtual server properties).
Mike
.
- Follow-Ups:
- Re: Possible bug in Exchange GUI (Exchange System Manager.msc)
- From: Rich Matheisen [MVP]
- Re: Possible bug in Exchange GUI (Exchange System Manager.msc)
- From: Dmitri Daiter
- Re: Possible bug in Exchange GUI (Exchange System Manager.msc)
- Prev by Date: Re: This system is configured to reject spoofed sender addresses
- Next by Date: Exch 5.5: Single Domain/Multiple Servers
- Previous by thread: Exchange 2003 event id 9646 - Mapi sessions
- Next by thread: Re: Possible bug in Exchange GUI (Exchange System Manager.msc)
- Index(es):
Relevant Pages
|
