I know I've seen this issue before somewhere, but it's late and I can't remember for the life of me what causes this.
I have an ISA Server, 192.168.0.5. Behind it, I have a published Exchange 2003 Server, 192.168.0.1.
when I attempt to telnet to port 25 of external interface of the ISA Server which is published to the server running exchange, and then I issue the helo command, i recieve a response of: 250 blah.domain.com Hello [192.168.0.5]
which is the internal IP of the ISA Server. I am attempting this from multiple connections on the outside network and consistantly get the same response.
Email still functions properly as in receiveing and sending, but I know it's not supposed to respond this way. Anyone have any ideas on what causes this?
Well, with most exchange or smtp server setups, typically the helo command returns the originator's IP address, not the IP of the ISA Server publishing the SMTP server. And, I have other setups just like this where it does function as expected.
Thanks for the reply and any other info or data you can provide.
I doublechecked, and the smtp service on the ISA Server is not enabled. Typically, I setup ISA Servers as dedicated machines, completely stripped down of everything but what is needed to be a secure firewall.
Tom, I guess I'm confused now. Why on some networks using ISA to publish an internal Microsoft Exchange server would the helo command return the external originating IP address, and on this particular one, it's returning the IP address of the ISA Server itself (internal exchange server is 192.168.0.1 and internal nic on isa is 192.168.0.5 which is the ip being returned when the helo command is issued)?
both systems have been tested from external links. Thanks for anymore thoughts.
Telnet into www.aubreyrhame.com port 25. What should end up happening is that you will get a response of helo 192.168.0.5 which is my ISA Server. It won't be yours. Basically it seems like the Exchange Server thinks that the ISA Server is the one telneting into port 25 (I guess in a round about way it is). But, other setups I have return the IP Address of the person initiating the helo command and not the IP Address of my ISA Server.
For example, if you telnet into your smtp server behind your isa server from an external IP, it more than likely should return your external IP when you issue the helo command.
If you have anymore questions, please let me know.
KB311777 has nothing to do with Network Load Balancing as such. You can perfectly implement it on a standalone ISA server if you have a requirement for full NAT. So, check out the registry to see if the registry value UseISAAddressInPublishing is configured.
Thanks again for the reply. I went over the registry setting and I actually did have that key. I guess where my confusion now lies is, how did that key get created? This particular setup is identicle to many others that I have done and now am not sure on how this happened.
But, it seems to be functioning properly now. If anyone has any idea how that key may have been created, or if any new patches automatically create that key, please let me know.