Re: Update on this

From: Scott Harding - MS MVP (scrockel_at_**NO_SPAM**hotmail.com)
Date: 08/27/04

  • Next message: Marina Roos [SBS-MVP]: "Re: Outgoing SMTP problem" 
    Date: Fri, 27 Aug 2004 15:25:27 -0700

    Certainly sounds like a Checkpoint issue to me. I am not sure what to
    suggest at this point except to call for support. I don't understand how
    Exchange is changing the ports like you mention. Unless I missed some detail
    in a previous post there should be no reason to have to go through all of
    this to make them able to VPN in and use Exchange?!?! Did you check the
    Application Intelligence thing I mentioned before? Do you use SecureRemote
    or SecureClient? You should be able to accept all ports from the connections
    and thus not need to open any ports specifically. This issue is probably a
    little too complicated and detailed for a newsgroup unless someone obviously
    has run into this before. I had almost this exact issue this week with a
    client and the Dynamic Ports fixed it but they are using NextGeneration and
    SecureRemote. Good Luck...... 

    -- 
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"Steve Stormont" <s.stormont@verizon.net> wrote in message
news:uBOqMwGjEHA.1184@TK2MSFTNGP12.phx.gbl...
>     Didn't help; same behavior.  Outlook prompts me for username, password
> and domain.  I enter them and get this:
>
> Your login information was incorrect.  Check your username and domain,
then
> type the password again.  If your account is new or if your administrator
> requested a password change you need to click change password then logon
> with you new password.
>
>     And then the username, password, domain box comes back up.
>
>     If I then open a command prompt and type net use k: \\granite\argh
> (granite is the mail server)  I am then asked for my username and password
> to make the map, which I do and the mapping succeeds.  If I then Alt+Tab
> back to the Outlook window and enter my password, Outlook will then load
> just fine.  I can then disconnect the mapped drive and continue to use
> Outlook.  But, if I close Outlook, I need to map a drive again before I
can
> open Outlook.
>
>     I read the one Knowledgebase article about named pipes that referred
to
> Exchange 5.5.  I tried changing the binding order and placing named pipes
> first, but that didn't help.  I totally removed named pipes and that
didn't
> work either.  The other suggestions (remove the static mappings of either
> the IS or the Directory Service) isn't an option, because we made them
> static to get them through the firewall and that is what caused this mess.
>
>     Like I said, we didn't have these problems before we made the ports
> static.  Then the problem was having to open new ports in the firewall
every
> time the Exchange server was rebooted and it choose new ports.
>
> Steve
>
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:ukmXXgGjEHA.2696@TK2MSFTNGP11.phx.gbl...
> > Put it in the lmhosts file and test.
> >
> > -- 
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> >
> > "Steve Stormont" <s.stormont@verizon.net> wrote in message
> > news:%2361GimFjEHA.1048@tk2msftngp13.phx.gbl...
> > >     Hosts contains the IP address and name of the mail server.
LMHosts
> > does
> > > not.
> > >
> > > Steve
> > >
> > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> > message
> > > news:uI5ZmfFjEHA.2696@TK2MSFTNGP11.phx.gbl...
> > > > Lmhosts/Hosts file on client?
> > > >
> > > > -- 
> > > > Scott Harding
> > > > MCSE, MCSA, A+, Network+
> > > > Microsoft MVP - Windows NT Server
> > > >
> > > > "Steve Stormont" <s.stormont@verizon.net> wrote in message
> > > > news:OBi9GrDjEHA.1652@TK2MSFTNGP09.phx.gbl...
> > > > >         If we map a drive to a directory on the Exchange server
> before
> > > we
> > > > > open Outlook, Outlook will then open just fine.  How can we get
> around
> > > > this
> > > > > without having to map a drive?
> > > > >
> > > > > Steve
> > > > >
> > > > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote
in
> > > > message
> > > > > news:efuEWe6iEHA.340@TK2MSFTNGP10.phx.gbl...
> > > > > > Are you running Application Intelligence on the Checkpoint
> Firewall?
> > > > There
> > > > > > is an option in there for allowing Dynamice Ports throught the
> VPN.
> > > > > Checking
> > > > > > this fixed an issue that Checkpoint Support worked on for 2
days!!
> > :)
> > > > This
> > > > > > issue was almost exactly the same as your issue although we did
> not
> > > > change
> > > > > > the default ports but we were getting some similar behavior.
Just
> a
> > > > > thought.
> > > > > >
> > > > > > -- 
> > > > > > Scott Harding
> > > > > > MCSE, MCSA, A+, Network+
> > > > > > Microsoft MVP - Windows NT Server
> > > > > >
> > > > > > "Steve Stormont" <s.stormont@verizon.net> wrote in message
> > > > > > news:Oy4TjL4iEHA.2760@TK2MSFTNGP15.phx.gbl...
> > > > > > >     We are running Exchange 2000 on a Windows 2000 server that
> is
> > > the
> > > > > > Global
> > > > > > > Catalog server.  We followed the steps listed in knowledgebase
> > > > articles
> > > > > > > 270836 and  298369 and set the ports as follows:
> > > > > > >
> > > > > > > Global Catalog Server Port = 1273
> > > > > > > Exchange SA RFR Interface port = 5000
> > > > > > > Exchange Directory NSPI Proxy Interface Port = 5001
> > > > > > > Exchange Information Store Interface Port = 5002
> > > > > > > Exchange Site Replication Service Port = 5003
> > > > > > >
> > > > > > >     After rebooting the server, PCs in the office are
> > communicating
> > > > with
> > > > > > the
> > > > > > > server on ports 1273 and 5000.  However, when a user at home
> tries
> > > to
> > > > > > login
> > > > > > > using CheckPoint FireWall 1 software, this is what happens:
> > > > > > >
> > > > > > >         If they create a new Outlook profile, they enter the
> > server
> > > > name
> > > > > > and
> > > > > > > their last name.  When they click on the "Check Name" button,
> > > Outlook
> > > > > > > prompts them for their name password and domain and then
> > > successfully
> > > > > > > matches the last name to the address book and fills the box in
> > with
> > > > the
> > > > > > > display name from their e-mail account.
> > > > > > >
> > > > > > >         When they then start Outlook, they are asked for their
> > > > username,
> > > > > > > password, and domain.  After entering that, Outlook continues
to
> > > load
> > > > > > shows
> > > > > > > the message "Please wait while Outlook builds the Outlook Bar"
> and
> > > > then
> > > > > > > stops and says that it is unable to open the default folders.
> > > > > > >
> > > > > > >     The admin in charge of the VPN has allowed ports 1273,
5000,
> > > 5001,
> > > > > > 5002,
> > > > > > > and 5003 through the VPN.  A view of the log on the user's PC
> > shows
> > > > that
> > > > > > > communication is successfully made on ports 1273 and 5000.  In
> > > > addition,
> > > > > > the
> > > > > > > VPN admin has allowed ports 445, 135, 389, 500, and 80.
> > > > > > >
> > > > > > >     As I said, this method was working fine before (the only
> > problem
> > > > > being
> > > > > > > that each time the Exchange server was rebooted, new ports
would
> > be
> > > > > > > assigned).  Now after listing the static ports, we can no
longer
> > > > access
> > > > > > mail
> > > > > > > over the VPN.  Help!
> > > > > > >
> > > > > > > Steve
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
  • Next message: Marina Roos [SBS-MVP]: "Re: Outgoing SMTP problem"