Re: Possible bug in Exchange GUI (Exchange System Manager.msc)

It's a feature. :-) ESM gets that info from the AD, not from the metabase.

"Miha" <Miha@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:92014DE7-F5EF-495D-8BF4-F4CFF13E5764@xxxxxxxxxxxxxxxx
Hi! I'm writing this because I think I found one small bug in Exchange
GUI.
More precisely it is how Exchange GUI read and display information about
Connection settings for SMTP server. Somehow that information is never
synchronized with MetaData.xml file after you once change those settings
with
VBScript.

1. Software used for experiment
On first server, I have Windows Server 2003 SP1 and Exchange 2003 SP2. On
second server (hosted within Virtual PC 2004) I have Windows Server 2003
SP1
and ISA 2004 SP2. So first server has Exchange's SMTP while second has
built-in SMTP. While I was testing differences I used Exchange System
Manager.msc on first server and iis.msc on second server. Both servers are
180 Eval and I use those servers for testing and learning purpose only.

2. Script that I used for changing settings and reading them
I used two scripts made in VBScript language and ran them under cscript
within Command Prompt. First I used script to target settings for
SmtpSvc/1
virtual server and changed settings for Deny and/or Allow IPs and if
access
to that virtual server is grant or deny by default.
Second I used another script to read that information. But in the end I
made
one script that read current settings, change them and then read them
again.

strComputer = "."
Set objWMIService = GetObject _
("winmgmts:{authenticationLevel=pktPrivacy}\\" _
& strComputer & "\root\microsoftiisv2")
Set colItems = objWMIService.ExecQuery _
("SELECT * FROM IIsIPSecuritySetting WHERE Name='SmtpSvc/1'")

For Each objItem in colItems
Wscript.Echo "Name: " & objItem.Name

Wscript.Echo "~~~~~~~~~~~~~~~~~~~~~Connection~~~~~~~~~~~~~~~~~~~~~"

count = UBound(objItem.IPGrant)
For i = 0 To count Step 1
Wscript.Echo objItem.IPGrant(i)
Next
Wscript.Echo "Total grant " & count+1 & " IPs"

count = UBound(objItem.IPDeny)
For i = 0 To count Step 1
Wscript.Echo objItem.IPDeny(i)
Next
Wscript.Echo "Total deny " & count+1 & " IPs"

Wscript.Echo "GrantByDefault: " & objItem.GrantByDefault

objItem.IPGrant = Array()
objItem.IPDeny = Array("1.2.3.0,255.255.255.0")
objItem.GrantByDefault = True
objItem.Put_

count = UBound(objItem.IPGrant)
For i = 0 To count Step 1
Wscript.Echo objItem.IPGrant(i)
Next
Wscript.Echo "Total grant " & count+1 & " IPs (after)"

count = UBound(objItem.IPDeny)
For i = 0 To count Step 1
Wscript.Echo objItem.IPDeny(i)
Next
Wscript.Echo "Total deny " & count+1 & " IPs (after)"

Wscript.Echo "GrantByDefault (after): " & objItem.GrantByDefault
Wscript.Echo "~~~~~~~~~~~~~~~~~~~~~Connection~~~~~~~~~~~~~~~~~~~~~"
Next

Wscript.Echo "Done!"

As you can see in the example above I grant by default access to virtual
server SmtpSvc/1 and deny IPs from 1.2.3.0 through 123.0.0.255. What is
important here is that after each time I ran a script results on Command
Prompt screen displayed me that changes were made.

3. Next step
My next step was to actually check if those settings are applied or not.
So
I changed settings with script to allow any connection by default and deny
my
subnet (my subnet is 192.168.123.0). After I ran script I tried to access
SMTP server on port 25 through telnet from same subnet. No response. That
means changes were made in a moment.
Now I made changes with script again, with settings to deny access by
default and allow connections only from my subnet. Second after I ran
script
I tried to access SMTP server with telnet again. This time I was
successful.

4. And GUI
During that test I checked what information Exchange GUI displays. For all
changes I made with script I didn't notice any of changes being displayed
in
GUI. Now I was trying to figure out if I changed right settings. And I
think
I was since I was trying to reach that SMTP virtual server! That mean
something goes wrong.

5. Where are those settings stored
My next step was to find where those settings are actually stored. And I
found file named MetaData.xml in %systemroot%\system32\inetsrv. As far as
I
know there are settings for IIS related services like NNTP, HTTP, POP3 and
yes, for SMTP to.
Quick search for "SmtpSvc/1" and I found entry Location ="/LM/SmtpSvc/1"
under <IIsSmtpServer></IIsSmtpServer>. Settings found under that element
are
in my oppinion the key of this mistery.
The key I was looking for is named IPSecurity, with vaule:
18000080200000803c00008044000080010000004c00000000000000000000000100000000000000020000000100000004000000000000004c00008000000000000000000000000000000000ffffffff

At the begining I didn't know what those numbers are so I ran a script to
add subnet of IPs to deny list. Entry was 1.2.3.0,255.255.255.0. After
that I
opened file MetaData.xml again. No changes were made. But script showed me
that changes were made.
So I decided to restart SMTPSVC service. After that script showed me same
result. But what is important those changes were saved in MetaData.xml.
New
value is now:
180000803400008050000080580000800100000060000000010000000100000002000000020000000300000000000000640000800100000000000000020000000100000004000000000000006000008000000000000000000000000000000000ffffffffffffff0001020300

For first part of that value I have no clue what that is. You guys know
that. But last 16 characters are very important. Value ffffff0001020300 is
hex value for 255.255.255.0 1.2.3.0. And that is the value I entered with
VBScript.
So now we have some more information. VBscript made changes and those
changes were stored somewhere till I restarted SMTPSVC service. After that
those changes were saved into MetaData.xml

6. Again GUI
Now I returned to GUI and notice that there are still old values. I
restarted SMTPSVC, I closed and opened Exchange GUI, I restarted complete
IIS
Admin service and after that I restarted server. But still somehow
Exchange
GUI doesn't display new information being stored in MetaData.xml correctly
even those I can read them from file MetaData.xml and with script.


7. Parallel testing
While I was testing this issue I was doing same thing on second server (no
Exchange). But there I didn't notice any problem with incorrect
information
being displayed in IIS GUI.

8. Conclusion
With all tests I made I can say Exchange GUI don't display information
right
once you made changes with VBScript. And important, those information are
only those related to Connection settings for SMTP virtual server (under
Access tab of SMTP virtual server properties).


Mike


.

Relevant Pages

  • Re: SBS Add User wizard problem
    ... It turned out that the reason was script's folder ... The rest of settings are ok (it means they are like You said they ... Say I have a script on server which checks every 15 ...
    (microsoft.public.windows.server.sbs)
  • Possible bug in Exchange GUI (Exchange System Manager.msc)
    ... I’m writing this because I think I found one small bug in Exchange GUI. ... Connection settings for SMTP server. ... Manager.msc on first server and iis.msc on second server. ... First I used script to target settings for SmtpSvc/1 ...
    (microsoft.public.exchange.admin)
  • No Detection of updates with automatic configuration script
    ... Settings of IE there is an automatic configuration script enabled: ... This is a valid script in our environment, ... But if i change the IE Settings and give our proxy server manually in the IE ...
    (microsoft.public.windowsupdate)
  • script creation of network calendar event
    ... I've just re-discovered this fine news server while researching a very ... in exchange I'm looking for a little AppleScript assistance. ... these settings off, suddenly all was well for everyone. ... and select the script from the script menu. ...
    (microsoft.public.mac.office.entourage)
  • Re: Securing Solaris 10
    ... The script worked fine and then I re-enabled the ... two entries for GUI. ... Now dtlogin comes up and I am able to log into ... message server error. ...
    (SunManagers)