ISA Server 2000 Feature Pack 1

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Microsoft ISA Server 2000 Feature Pack 1, Version 1

This document lists common issues associated with Microsoft Exchange publishing, using ISA Server. After you correct your configuration based on one of the issues, test the specific Exchange Server publishing to determine if the problem has been resolved.

Troubleshooting Tips and Hints

Verify that you have followed the steps exactly. If the steps have been followed, but problems are encountered:

  1. Reboot the server.

  2. Troubleshoot using tools such as Ping, tracert, netstat -na, Network monitor, Event Viewer, Web Proxy, and firewall log files.

  3. Write down complete error messages, and the context of the error. Search for documented problems and solutions at

On This Page

Issues with Published Server Configuration
Client Issues
Other Issues

Issues with Published Server Configuration

This section describes common issues related to the published Exchange Server configuration. It is recommended that the published Exchange Server computer be configured as a SecureNAT client. Otherwise, you may encounter some of the issues described here.

Packet Filters vs. Publishing Rules

When you attempt to publish an Exchange server co-located with ISA Server, the internal interface is not actually published; instead static packet filters are created.

Client Type for the Exchange Server

It is recommended that the published Exchange server be configured only as a SecureNAT client. The Microsoft Firewall client is an option when Exchange is being published behind the ISA Server. However, use the SecureNAT client, as this is the preferred client type for all published servers.

If you have published Exchange Outlook Web Access (OWA) using a Web publishing rule, ensure that the Exchange server is configured as a SecureNAT client and not as a firewall client.

Manually Created DNS Query Protocol Rule

If your SMTP server is expected to resolve external domain names to successfully send user's mail, the ISA Server computer needs to allow that type of traffic. A protocol rule allowing outbound TCP and UDP traffic on port 53 is required, in addition to the rules set up automatically by the Secure Mail Publishing Wizard.

If the SMTP server is configured to use a Smart Host, the DNS Query protocol rule is not required.

Client Issues

This section describes some issues related to clients trying to connect to the published Exchange server.

Clients Unable to Receive New Mail Notification when Network Address Translation is Used

If you are behind a firewall that uses Network Address Translation (NAT), you may be unable to receive new mail notification. You can apply Microsoft Office XP Service Pack 1 or later to address this issue. A QFE for this specific problem is also available to patch both Outlook 2000 and Outlook 2002 clients.

If, for some reason, you cannot apply these patches, enable offline folders, and press the F9 key to initiate a send and receive action.

Cannot Connect to the Exchange Server

If your Outlook client cannot connect to the Exchange server, or ISA Server prevents Exchange from sending outbound mail, try the following activities:

  • First, check that your user ID and password are correct.

  • Determine whether certain ports that are required for connectivity have been blocked by checking your protocol rules. Ensure that the protocol definitions used by the protocol rules provide access to the Endpoint Mapper (Port 135).

  • Ensure that your external DNS contains a Host (A) record for the Exchange server.

  • Verify whether the internal and external names for the Exchange server are different on both the internal and external DNS. If they differ, there could be name resolution issues where your internal clients cannot access the Exchange server. You can create an entry in the Hosts file on each client that contains the NetBIOS name of the Exchange server and the IP address of its external interface.

Other Issues

Other issues to consider include Outlook Web Access publishing issues and message screener limitations.

Outlook Web Access Publishing Issues

If you have installed Outlook Web Access and ISA Server on the same server, confirm the destination sets for correctness, and verify that you are not using port 80 on the internal interface for auto-discovery.

Message Screener Limitation

The Message Screener does not fully function when Exchange and ISA Server are co-located, as there must be an SMTP server between the Exchange server and the Internet.