How to Add SMTP Verb Commands to ISA Server 2006

If you have an ISA 2006 server between a Microsoft Exchange 2007 Edge server and the Exchange Hub Transport server, you may have a problem where messages queue on the Edge with 500 5.1.1 "unrecognized command" errors.

This Microsoft article partially explains how to resolve the problem. When the Edge Transport server tries to send mail through Microsoft Internet Security and Acceleration (ISA) Server 2006, with SMTP filtering or Secure SMTP (SMTPS) filtering enabled, the SMTP filter blocks the communication. You fix this by either disabling the SMTP filter on the ISA server or adding the verbs (and optionally their maximum length) to the SMTP filter.

What the article doesn't say is which verbs to add or their maximum length. Well, here they are:

• PIPELINING


• DSN


• ENHANCEDSTATUSCODES


• STARTTLS


• X-ANONYMOUSTLS


• AUTH


• X-EXPS NTLM


• 8BITMIME


• BINARYMIME


• CHUNKING


• XEXCH50


• SIZE

All the verbs have an empty maximum length except for possibly SIZE. That should be set to the maximum message size allowed in your org in bytes (for example, 10485760 for 10MB).

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Can't connect to connect to multi-homed server using RDP

The problem: You are trying to connect to a server using the Remote Desktop Connection client (RDP) and you get the following error:

Remote Desktop Disconnected
----------------------------------------------
The client could not connect to the remote computer.

Remote connections might not be enabled or the computer might be too busy to accept new connections. It is also possible that network problems are preventing your connection.

Please try connecting again later. If the problem continues to occur, contact your administrator.

If you are using the new Remote Desktop Connection 6.0 Client, the error you get is:

Remote Desktop Disconnected
----------------------------------------------
This computer can't connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

You checked that Remote Desktop is enabled and you have rights to connect, but it fails every time. What the #$% is going on???

Well, you may have a binding problem with the RDP-Tcp connector. This typically happens with servers with two or more NICs (as is usual with an ISA server). To fix the problem follow these steps:

1. Logon to the server locally


2. Click Start, Run, type "tscc.msc /s" (without quotation marks) and click OK


3. In the Terminal Services Configuration snap-in double-click Connections, then RDP-Tcp in the right pane


4. Click the Network Adapter tab, select the correct network adapter and click OK


5. Make sure that you can establish an RDP connection to the server

The change takes effect immediately. No need for a restart.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Don't Use Google for ISA Health Checks

Have you or your users run across the following lately when accessing Google?

403 Forbidden

Google

We're sorry......

but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected. We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.

The trouble may not be a virus or spyware, it may be your ISA server. One of the features that ISA server offers is HTTP health checks. This allows you to configure a web address that ISA will access on a regular basis and alert you if the response time exceeds the configured threshold.

Google must be getting hit hard with spybots that frequently hit their network. They've taken steps to monitor repetitive access to the same page from a single source IP. When they detect this, they serve up the page above with something akin to CAPTCHA to ensure that a real human is accessing Google and allow you to continue your search.

If this is happening to you, it may be because you've configured your health checks to target Google. Reconfigure your proxy server's HTTP health checks to use another site.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Installing ISA 2004 SP3 Remotely

I do most of my work remotely using Remote Desktop Protocol (RDP).  Best thing since sliced bread!!

 

Working on ISA remotely can be tricky, especially if the ISA server is the Internet firewall.  Anytime you need to bounce the ISA services or the server itself you'll drop the RDP connection.  If you're using a current version of Remote Desktop Connection (mstsc.exe), the connection will drop and RDC will automatically attempt to reconnect to the server.

 

Recently, I had to do some work on a customer's ISA 2004 server that required me to upgrade the server to ISA 2004 Service Pack 3 (you can download SP3 here).  Naturally, the installation will stop the ISA services when the upgrade is being performed. 

 

Having tested the SP3 installation in the lab, I found that ISA 2004 SP3 installation takes about 3 minutes, but doesn't always restart the services after the upgrade.  To keep from getting "shut out" from further remote administration I ran the following command from the CMD prompt before the upgrade:

shutdown /r /t 300 /f /d p:4:1

This command will forcibly restart the server in 5 minutes (300 seconds) with the shutdown reason of "Application: Maintenance (Planned)".  I then proceeded to install ISA 2004 SP3.  If the connection is restored after the upgrade, I run the following command from the CMD prompt to abort the server restart:

shutdown /a

If the services don't start (as was the case in my situation) the server will automatically restart and connectivity is restored.

 

 

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email