RE: SBS2003 Premium and ISA2004 SP3 FTP and POP3 problems

Hello Ronnie,

Thank you for update.

From the ISA log, I found the following error:

192.168.0.14 POUNDSFORD\rvk Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Y
10/30/2007 20:02:25 w3proxy POUNDSFORD1 - ftp.microsoft.com 207.46.236.102
21 127843 2062 - ftp TCP GET ftp://ftp.microsoft.com/ - Inet 10054 0x0 SBS
Internet Access Rule Req ID: 2f540322 Internal External 0x86 Failed

POUNDSFORD1 10/30/2007 19:57:27 TCP 192.168.0.14:4215 207.46.236.102:21
192.168.0.14 Internal External Terminate 0x80074e24 SBS Internet Access
Rule FTP N 43 43 212 212 16656 16469 - - - - POUNDSFORD\rvk
filezilla.exe:3:5.1 9 74 - - -

Based on my research on the error code, I think this is a know network
issue after install windows server 2003 sp2 on SBS 2003. I suggest you try
to install the following hotfix on SBS:

You may experience network-related problems after you install Windows
Server 2003 SP2 or the Scalable Networking Pack on a Windows Small Business
Server 2003-based computer
http://support.microsoft.com/?id=936594

If the issue persists, please verify the steps about disable "Require all
users to authenticate" option:
Please open the ISA2004 Management Console, in the left panel, expand to
Configuration->Networks. Under "Networks panel", double click "Internal".
Switch to "Web Proxy" panel, click "Authentication" button and then uncheck
the "Require all users to authenticate" option. Then click the Apply button
to save the changes.

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

1. Does this issue happen on all clients?

2. Can you access external FTP on SBS?

3. Run command "ipconfig /all > c:\ipconfig_sbs.txt" and "route print >
c:\route_sbs.txt" on SBS, send the files c:\ipconfig_sbs.txt and
c:\route_sbs.txt to me at v-terliu@xxxxxxxxxxxxx

4. Run command "ipconfig /all > c:\ipconfig_client.txt" and "route print >
c:\route_client.txt" on problematic client, send the files
c:\ipconfig_client.txt and c:\route_client.txt to me at
v-terliu@xxxxxxxxxxxxx

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: SBS2003 Premium and ISA2004 SP3 FTP and POP3 problems
| thread-index: Acgbh+HohX3WUT0ES4yKH5+elYXKoQ==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?cG91bmRzZm9yZA==?= <poundsford@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <FF1A4C4C-04A3-4E40-9D7E-AC9215BF4CF9@xxxxxxxxxxxxx>
<doXogPuGIHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: SBS2003 Premium and ISA2004 SP3 FTP and POP3 problems
| Date: Tue, 30 Oct 2007 23:33:00 -0700
| Lines: 323
| Message-ID: <66C9FFFE-CC92-4F41-928F-71C83F8A68DB@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:72865
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Terence,
|
| Many thanks for your most very qualified input into this problem.
| Unfortunately it didn't resolve my problem and I have forwarded you the
files
| requested and pray that you will be able to help me out.
|
| To me it somehow looks as if something in my wins, dns and winsock has
been
| corrupted. Everything execpt from the localhost pop3 and the internal
network
| ftp works fine even though the network seems a bit slow which I have put
down
| to ISA? I am only running very few clients on this server and the traffic
| should be very limited. Not using VPN or DMZ I have 2 networks on my ISA
| 2004, internal which is 192.168.0.1-192.168.0.255, localhost and then the
| rest of the world are external networks. For your reference to the files
sent
| the client ip is 192.168.0.14.
|
| I am looking forward to your reply.
|
| Kind regards
|
| Ronnie
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello Ronnie,
| >
| > Thank you for posting here.
| >
| > According to your description, I understand that you unable access
external
| > FTP and POP3 thru your SBS with ISA 2004. If I have misunderstood the
| > problem, please don't hesitate to let me know.
| >
| > Based on my research, after we install ISA server 2004 on SBS, we need
to
| > run CEICW, the wizard will create necessary rules for Internet access
| > (include FTP and POP3). So, we do not need to create any customize rule
for
| > FTP or POP3 access. I suggest we try the following steps to see if we
can
| > resolve this issue:
| >
| > 1. Go through the follow KB and rerun CEICW carefully.
| >
| > How to configure Internet access in Windows Small Business Server 2003
| > http://support.microsoft.com/kb/825763/en-us
| >
| > Detailed steps for your reference:
| >
| > a. Open Server Management.
| > b. Click To Do List.
| > c. Click Connect to the Internet.
| > d. Proceed to the "Firewall" page and select "Enable Firewall".
| > e. On the "Services Configuration" page, make sure that "E-mail"
service
| > has been checked.
| > f. On the "Web Services Configuration" page, check the web services
that
| > you want to publish.
| > g. On the "Web Server Certificate" page, choose "Create a new Web
server
| > certificate" and key in your public domain name in the box.
| > h. On the "Internet E-mail" page, choose "Enable Internet e-mail".
| > i. On the "E-mail Delivery Method" page, choose DNS (Use DNS to route
| > e-mail) or Smart Host (Forward all e-mail to e-mail server at your ISP)
to
| > route your email, If you select smart host, you need to input the IP
| > address of your smart host.
| > j. If you're using POP3 connector, please enable POP3 Connector.
| > k. Key in your e-mail domain name in "Email Domain Name" page.
| >
| > Note: the CEICW will reconfigure the ISA rules and POP3 connector.
| >
| > 2. If the issue persists after rerun CEICW, please check the rules in
ISA:
| >
| > a. Please open ISA server 2004 console on SBS
| > b. Extend to Firewall Policy node
| > c. Ensure there are "SBS POP3 Outbound Access Rule" and "SBS Internet
| > Access Rule" here.
| > d. Move the 2 rules to the top of the list
| > e. Click Apply button to save changes
| >
| > 3. FTP Access Filter
| >
| > Please open the ISA management console, navigate to Firewall Policy, on
the
| > right pane, click Toolbox->Protocols->All Protocols->FTP, double click
the
| > FTP protocol and go to the Parameters tab, please ensure that the "FTP
| > Access Filter" is listed and ticked under Application Filters option.
If
| > it's not selected, please check it and then click Apply to save the
| > settings.
| >
| > 4. Test the FTP in different client mode in IE. Open Internet Explorer,
| > click 'Tools'->'Internet Options'. In 'Advanced' tab, modify the
settings
| > and then try the FTP access:
| > a. Check 'Enable folder view for FTP site' option; uncheck 'Use Passive
| > FTP' option (The IE will work in Active mode FTP). Does the issue
reoccur?
| > b. Uncheck 'Enable folder view for FTP site' option; check 'Use Passive
| > FTP' option (The IE will work in Passive mode FTP). Does the issue
reoccur?
| >
| > If we cannot resolve the issue after we perform the above steps, please
| > help me collect some information for further investigation:
| >
| > 1. Please try to access the FTP site from IE on a XP client, does this
| > issue happen again?
| >
| > 2. Where is the FTP site on? On SBS server?
| >
| > 3. Please help to gather the ISA Info:
| >
| > 1) Download the file from the following URL:
| >
| > http://www.isatools.org/tools/isainfo.zip
| >
| > 2) Extract all files to a folder on ISA server.
| >
| > 3) Double click Isainfo.js. This will generate 2 files
| > ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in
the
| > current folder.
| >
| > 4) Please send these files to me at v-terliu@xxxxxxxxxxxxx
| >
| > 4. Please also help to gather the ISA logs:
| >
| > 1) Schedule a down time.
| >
| > 2) Open ISA 2004 management console.
| >
| > 3) Expand the server node and highlight 'Monitoring'.
| >
| > 4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
| > Pane' is showed there.
| >
| > 5) In the 'Task Pane', click 'Configure Firewall Logging' under
'Logging
| > Tasks', and then switch the 'log storage format' from 'MSDE database'
| > (default) to 'File'.
| >
| > 6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
| >
| > 7) In the 'Task Pane', click 'Configure Web Proxy Logging' under
'Logging
| > Tasks', and then switch the 'log storage format' from 'MSDE database'
| > (default) to 'File'.
| >
| > 8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
| >
| > 9) Click 'Apply' to save changes and update the configuration.
| >
| > 10) Temporarily disable the Firewall service. To do that, please click
| > Monitoring | Services tab, and then right click 'Microsoft Firewall' to
| > choose 'Stop'.
| >
| > 11) Clear the current existing W3C logs. To do that, go to the log
saving
| > directory and clean any existing .W3C logs. By default, the logs will
be
| > saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may
not
| > be able to deleted, that's normal.) You may backup them first and
then
| > delete them.
| >
| > 12) Go back to the ISA 2004 management console, and then Start the
stopped
| > 'Microsoft Firewall' service.
| >
| > 13) Reproduce the problem, stop the service, and then gather the
resulting
| > W3C files to me for analysis.
| >
| > 14) Please also let me know the IP address of the testing clients so
that I
| > can filter the data.
| >
| > I hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: SBS2003 Premium and ISA2004 SP3 FTP and POP3 problems
| > | thread-index: AcgaU/3K3o3bNB2BQwqlaNup4rcC2w==
| > | X-WBNR-Posting-Host: 207.46.19.197
| > | From: =?Utf-8?B?cG91bmRzZm9yZA==?=
<poundsford@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: SBS2003 Premium and ISA2004 SP3 FTP and POP3 problems
| > | Date: Mon, 29 Oct 2007 10:49:02 -0700
| > | Lines: 102
| > | Message-ID: <FF1A4C4C-04A3-4E40-9D7E-AC9215BF4CF9@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:72465
| > | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi,
| > | I'm completely stuck setting up a a new sbs2003 server with isa2004.
The
| > | whole system is fully updated with all sp's and patches.
| > | I have not been able to get FTP to function. At the same time I'm
having
| > | problems with my pop3 connector not beeing able to poll the emails
from
| > our
| > | isp. (I have to use the pop3 connector until our isp can supply us
with
| > | proper dns and mx record).
| > |
| > | I have used the CEICW and have configured all this according to the
| > | instructions in kb825763, and done it several times as well.
| > |
| > | My setup is quite simple.
| > | Broadband with static IP connected to Netgear DG834N router.
| > | DG834N is set to ALLOW ALL both incoming and outgoing.
| > | NAT is enabled on Netgear DG834N
| > | Netgear IP's (Public Static)/LAN (192.168.2.1 - 255.255.255.0)
| > | SBS2003 Premium with 2 NIC's,
| > | Internet NIC (192.168.2.2 - 255.255.255.0)
| > | LAN NIC (192.168.0.20 - 255.255.255.0)
| > |
| > | I have tried several different configurations on the ISA2004 but all
with
| > | the same negative results. I have looked at all the FTP posts on teh
| > forum
| > | and tried to follow the instructions to the letter without any
changes. I
| > | cannot access and FTP server via IE or Windows explorer. I have been
| > trying
| > | with Frontpage and FileZilla and still no proper connection.
| > | When using Filezilla I can extract the following during connect
| > |
| > | Status: Resolving IP-Address for ftp.photobox.co.uk
| > | Trace: ControlSocket.cpp(948):
| > CRealControlSocket::ContinueConnect(012C52C8)
| > | m_pEngine=01139D60 caller=012C7DE8
| > | Status: Connecting to 64.69.175.106:21...
| > | Status: Connection established, waiting for welcome message...
| > | Trace: CFtpControlSocket::OnReceive()
| > | Response: 220 Welcome to the Photobox FTP1 server. Please report
errors
| > or
| > | problems to support@xxxxxxxxxxxxxx
| > | Command: USER rvk@xxxxxxxxxxxxx
| > | Trace: CFtpControlSocket::OnReceive()
| > | Response: 331 Username OK, please send password.
| > | Command: PASS ******
| > | Trace: CFtpControlSocket::OnReceive()
| > | Response: 230 User rvk@xxxxxxxxxxxxx logged in. Access restrictions
apply.
| > | Command: SYST
| > | Error: Connection timed out
| > | Trace: CFtpControlSocket::ResetOperation(2114)
| > | Trace: CControlSocket::ResetOperation(2114)
| > | Error: Could not connect to server
| > | Status: Waiting to retry...
| > |
| > |
| > |
| > | Trying to do FTP via explorer to ftp.microsoft.com generates the
| > following
| > | two log entries.
| > |
| > | "The reply from Explorer is: An error occurred opening that folder on
the
| > | FTP Server. Make sure you have permission to access that folder.
Details:
| > The
| > | operation timed out."
| > |
| > |
| > |
| > | Initiated Connection POUNDSFORD1 29/10/2007 17:33:45
| > | Log type: Firewall service
| > | Status: The operation completed successfully.
| > | Rule: SBS FTP Outbound Access Rule
| > | Source: Internal (cube-quad-nova-st3.poundsford.local
192.168.0.14:1442)
| > | Destination: External (search.encarta.com 207.46.236.102:21)
| > | Protocol: FTP
| > | User: POUNDSFORD\Ronnie
| > | Additional information
| > | Number of bytes sent: 0 Number of bytes received: 0
| > | Processing time: 172ms Original Client IP: 192.168.0.14
| > | Client agent: Explorer.EXE:3:5.1
| > |
| > |
| > | Closed Connection POUNDSFORD1 29/10/2007 17:34:14
| > | Log type: Firewall service
| > | Status: ISA Server ended the connection.
| > | Rule: SBS FTP Outbound Access Rule
| > | Source: Internal (cube-quad-nova-st3.poundsford.local
192.168.0.14:1440)
| > | Destination: External (search.encarta.com 207.46.236.102:21)
| > | Protocol: FTP
| > | User: POUNDSFORD\Ronnie
| > | Additional information
| > | Number of bytes sent: 66 Number of bytes received: 270
| > | Processing time: 122172ms Original Client IP: 192.168.0.14
| > | Client agent: Explorer.EXE:3:5.1
| > |
| > | Using Frontpage also generates a no response fault.
| > |
| > | I have been able to "send" files to a remote webserver using ftp.exe
via
| > cmd
| > | window. This connection is also very fragile as it freezes as soon as
I
| > issue
| > | eg a "ls" command.
| > |
| > | On the POP3 the server connects and logs on to the pop3 server but
then
| > | receives no response.
| > |
| > | Any help will be most welcome.
|

.