Welcome to ISAserver.org

outlook express not working

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Server Publishing >> outlook express not working

Page: [1] 2 next > >>

Message

<< Older Topic Newer Topic >>

outlook express not working - 11.Sep.2003 9:13:00 AM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

Hi

My broblem is with outlook express. I have a DNS with a forwarder to my ISP. My clients are running as secureNAT clients. When i want to send or receive mail with outlook it doesnt work. when i nslookup my isp's pop3 and smtp i get the correct reply.Ive tried to use the ip's of the pop and smtp insted of using the FQDN and it still doesnt work. If i install the firewall client i can successfully send and receive mail. Why does it work with the firewall client and can it work when the clients are securenat clients? Please help.

Regards

Post #: 1

Featured Links*

RE: outlook express not working - 11.Sep.2003 9:22:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

do you see the requests in the Firewall log when testing from a SecureNAT client?

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 2

RE: outlook express not working - 12.Sep.2003 3:05:00 AM

tshinder

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Clown,

This is a DNS issue, if the firewall client works and the SecureNAT doesn't. The other alternative is that you're requiring authentication in your Site and Content or Protocol Rule.

HTH,
Tom

(in reply to itclown@mailbox.co.za)

Post #: 3

RE: outlook express not working - 12.Sep.2003 7:55:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

Hi

No i dont see the request in the firewall log. The Packet Filter log gives me the following when i want to send or receive mail:
param#1 param#2 filter-rule
tcp 3557 135 blocket
icmp 8 0 blocket
any idea why?

I also dont need authentication in my site and content or protocol rule. If this is a DNS error what do you guys think is the problem? When i try to send or receive mail i get host could not be found error. I found this on isaserver site and it doesnt help:

I can't connect to my POP3 Server, or use RealAudio or mIRC
The most common reason for these problems is that there is not Protocol Rule in place that allows access to these protocols. However, there have been a number of reports of POP3 access problems existing when a Protocol Rule has been defined and there are no other explanations. When this is the case, uninstalling and reinstalling ISA Server fixes the problem.

[ September 12, 2003, 09:10 PM: Message edited by: ITClown ]

(in reply to itclown@mailbox.co.za)

Post #: 4

RE: outlook express not working - 12.Sep.2003 10:03:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

can you nslookup external FQDN's from the SecureNAT client? The DNS settings on the adapter should point to your internal DNS server.

Also, check out your basic ISA server configuration. Use Jim's excellent article http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html as baseline.

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 5

RE: outlook express not working - 12.Sep.2003 10:42:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

Hi

Yes, nslookup is working fine from the securenat client and its dns is pointing to my internal dns that has a forwader to isp. is this a common problem that i have here with outlook or it just me? Why do i get the icmp 8 0 block tho when ever i want to send or receive mail?thx for the replies sofar.

[ September 12, 2003, 10:54 PM: Message edited by: ITClown ]

(in reply to itclown@mailbox.co.za)

Post #: 6

RE: outlook express not working - 12.Sep.2003 10:53:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

OK, if you can resolve FQDN's then why do you *not* see the requests in the Firewall log? Is the client correctly setted up as a SecureNAT client? That means that his default gateway should point to the ISA internal interface.

Also, have you already checked the ISA interface settings? So, correct adapter order, no default gateway on ISA internal interface, etc...?

BTW --- I never have had problems with SecureNAt clients! [Big Grin]

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 7

RE: outlook express not working - 12.Sep.2003 11:02:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

i connected to irc quickly and in the firewall log i can see the connection i just made. But webpages i access shows up in the packet filter log. Is this wrong? yep my default gateway is pointing to the internal adapter of isa on securenat client.

Server: 'pop3.mweb.co.za', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 10060, Error Number: 0x800CCC0E

[ September 12, 2003, 11:30 PM: Message edited by: ITClown ]

(in reply to itclown@mailbox.co.za)

Post #: 8

RE: outlook express not working - 12.Sep.2003 11:25:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

Web Access should be seen in the Firewall or Web Proxy log, depending on the setting of the HTTP Redirector and how the requests are made.

Please perform the following tests:
1) telnet IP_pop_server 110
2) telnet FQDN_pop_server 110
3) telnet IP_smtp_server 25
4) telnet FQDN_smtp_server 25

All connections should succeed and you should find them in the Firewall log. If that's the case then it is definitely not a DNS or ISA problem.

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 9

RE: outlook express not working - 12.Sep.2003 11:46:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

I cant even telnet into them

would you please try and see if you have better luck than me please?
pop: 196.35.40.12 ( pop.absamail.co.za)
smtp: 196.35.40.10 (smtp.absamail.co.za)

every now and again my packet filter log gives a icmp 8 0 block can that cause a problem?

sorry my web access is showing up in the web proxy log.

[ September 12, 2003, 11:49 PM: Message edited by: ITClown ]

(in reply to itclown@mailbox.co.za)

Post #: 10

RE: outlook express not working - 13.Sep.2003 12:06:00 AM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

it's working from here (Belgium)! [Wink]

What are the details of the 'icmp 8 0'? Is is outbound or inbound? What is the source address?

Regardless if the pop or smtp server is trying to ping you, you should see the pop or smtp request in the Firewall log! Are you sure you don't see them? Keep in mind that it can take some time before the entries are effectively written to the log files.

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 11

RE: outlook express not working - 13.Sep.2003 12:50:00 AM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

in my packet filter log i see that when i want to telnet to the pop and smtp port 25 and 110 gets blocked and they are in my protocol rule. Why?

Nothing at all in my firewall service log about the pop and smtp:(

When i create a IP Packer Filter for port 25 + 110 i can telnet into my pop + smtp on the isa server but not on the securenat.

What do you think is the reason why i cant telnet and i did add the telnet rule to my protocol rule?

[ September 13, 2003, 10:44 AM: Message edited by: ITClown ]

(in reply to itclown@mailbox.co.za)

Post #: 12

RE: outlook express not working - 13.Sep.2003 11:46:00 AM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

hmm... very weird indeed! [Frown]

Please, post the result of the 'ipconfig /all' command on the ISA server *and* the client unmodified. Also, the result of the 'route print' command on ISA and the client is useful.

What updates are installed on ISA server? I always install the Microsoft ISA recommended updates as mentioned at http://www.microsoft.com/isaserver/downloads/default.asp . On top of that I install the following non-public available hotfixes:
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;810493
- http://support.microsoft.com/default.aspx?scid=kb;en-us;823261
Of course you need to keep the OS updated too!

Also, what else is installed on ISA server?

HTH,
Stefaan

[ September 13, 2003, 12:03 PM: Message edited by: spouseele ]

(in reply to itclown@mailbox.co.za)

Post #: 13

RE: outlook express not working - 13.Sep.2003 12:36:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

ISA:

Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 bf 9a a8 88 ...... SMC1233A-TX 10/100Mbps PCI NIC (Microsoft's Pac
et Scheduler)
0x2000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 196.39.78.116 196.39.78.116 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
168.209.5.65 255.255.255.255 196.39.78.116 196.39.78.116 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 1
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 1
196.39.78.116 255.255.255.255 127.0.0.1 127.0.0.1 1
196.39.78.255 255.255.255.255 196.39.78.116 196.39.78.116 1
224.0.0.0 224.0.0.0 192.168.0.2 192.168.0.2 1
224.0.0.0 224.0.0.0 196.39.78.116 196.39.78.116 1
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 196.39.78.116
===========================================================================
Persistent Routes:
None

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : kakkop
Primary DNS Suffix . . . . . . . : Domain.NET
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Domain.NET

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SMC1233A-TX 10/100Mbps PCI
Physical Address. . . . . . . . . : 00-50-BF-9A-A8-88
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1

PPP adapter ABSA:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 196.39.78.116
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 196.39.78.116
DNS Servers . . . . . . . . . . . : 168.210.2.2
196.14.239.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Nothing else is running on the isa server except isa it self.Running sp1 for isa.

securenat:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : user
Primary DNS Suffix . . . . . . . : Domain.NET
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Domain.NET

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SMC1233A-TX 10/100Mbps PCI NIC
Physical Address. . . . . . . . . : 00-50-BF-9A-AD-74
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.2
DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1

(in reply to itclown@mailbox.co.za)

Post #: 14

RE: outlook express not working - 13.Sep.2003 4:36:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

aha... I see you use some sort of dialup adapter as external interface. Check out http://support.microsoft.com/default.aspx?scid=kb;EN-US;283635 . Could this be the problem?

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 15

RE: outlook express not working - 13.Sep.2003 5:17:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

Im going to have a look at the link soon ive read up on smtp and pop but its mainly about exchange. They talking that exchange needs port 135 to comunicate and uses ports from 5000 65535 to pass through the firewall does this make eny sense? In my Packet Filter log ive seen this port being blocked and allowed. Ive created a protocol rule to allow the port + secondary 5000 - 65535 inbound but still no luck. Im prob just way off the mark.Thanks for help sofar will check ure link quick.Thanks.

(in reply to itclown@mailbox.co.za)

Post #: 16

RE: outlook express not working - 13.Sep.2003 5:29:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

damn that article had me excited there for a min. But it didnt help. thanks anyway.

(in reply to itclown@mailbox.co.za)

Post #: 17

RE: outlook express not working - 13.Sep.2003 7:35:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

I really hoped that that MSKB would solve your problem! Now, I'm running out of ideas! [Frown]

The strange thing is you don't see the requests in the Firewall log. Can you take a Network Monitor trace at the ISA internal interface and check out if the internal interface is seeing this requests?

BTW --- your internal DNS server is also configured as a SecureNAT client to resolve external FQDN's and that's working. Right? So, do you see those requests in the Firewall log?

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 18

RE: outlook express not working - 13.Sep.2003 7:40:00 PM

itclown@mailbox.co.za

Posts: 20
Joined: 7.Sep.2003
Status: offline

Hi

that link aint that for when u want to connect using a dialup to an upstream isaserver?

(in reply to itclown@mailbox.co.za)

Post #: 19

RE: outlook express not working - 13.Sep.2003 7:54:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi ITClown,

although I have no first hand experience with a dialup adapter on ISA, this MSKB article helped already a lot of users with simular problems.

BTW --- POP3 uses TCP port 110 and SMTP uses TCP port 25. However, RPC uses TCP port 135 and a lot of dynamically negotiated ports.

HTH,
Stefaan

(in reply to itclown@mailbox.co.za)

Post #: 20