Steven O'Neill
asked on
Outlook client not receiving mail correctly
I'm running Exchange Server 2003 (SBS 2003 install) and my clients are all XP Pro and use either Outlook 2000 or XP for their mail client. The mail services have all been running fine until today when suddenly the mail is not being shown to the client when it arrives at the server.
Sounds strange but in order for mail to be delivered to the mailbox of a client they either need to press Send/Recieve or click another folder thus refreshing the view. New mail is then shown in all folders.
Now I have SBS 2003 Premium (and ISA 2000 is installed as is ISA Client on each workstation) but as said they all worked this morning. I've made some changes to the server today (enabling VPN via RRAS & IAS) and there was a couple of settings in ISA that I did have to change as well (the book told me so) - BTW this appears to be working - but I don't know if this has had a knock on effect to the clients receiving mail.
Any ideas gratefully received.
Sounds strange but in order for mail to be delivered to the mailbox of a client they either need to press Send/Recieve or click another folder thus refreshing the view. New mail is then shown in all folders.
Now I have SBS 2003 Premium (and ISA 2000 is installed as is ISA Client on each workstation) but as said they all worked this morning. I've made some changes to the server today (enabling VPN via RRAS & IAS) and there was a couple of settings in ISA that I did have to change as well (the book told me so) - BTW this appears to be working - but I don't know if this has had a knock on effect to the clients receiving mail.
Any ideas gratefully received.
ASKER
Out of the office at the moment so cannot say for certain about being connected but I thought cached mode was for Outlook 2003? As far as I remember, my clients (which are 2000 & XP) don't say their offline (unless I remove the network connection).
The communication between Outlook and Exchange for new message notification is a push technology. The Exchange server sends a packet to Outlook telling it that something has changed.
When you click on a folder or do send/receive Outlook polls the Exchange server and gets the changes (new messages).
This means that for some reason the push packet from Exchange is not being received.
The number one reason for this is a firewall. The Windows firewall is notorious for doing this unless carefully configured for Outlook support. Third party firewalls can also cause this kind of behaviour. Both products do so because the client didn't initiate the connection.
Is the Windows firewall turned on? Have you made an exception for Outlook?
Simon.
When you click on a folder or do send/receive Outlook polls the Exchange server and gets the changes (new messages).
This means that for some reason the push packet from Exchange is not being received.
The number one reason for this is a firewall. The Windows firewall is notorious for doing this unless carefully configured for Outlook support. Third party firewalls can also cause this kind of behaviour. Both products do so because the client didn't initiate the connection.
Is the Windows firewall turned on? Have you made an exception for Outlook?
Simon.
ASKER
SBS 2003 appears to have a GPO to turn on the Windows firewall by default. What settings should I change in the GPO to allow the push packet to be received.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm using SBS 2003 Premium (so W2K3 in essence) adn when I click on Group Policy Management there is 2 GPOs (by default) created. The first one is called Small Business Server Internet Connection Firewall and the other Small Business Server Windows Firewall. I believe I should be altrering the ICF one (correct?)
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall:
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall:
ASKER
Sorry about this, seemed to click the wrong button on my keyboard and the last comment was sent by mistake, here goes again:
I'm using SBS 2003 Premium (so W2K3 in essence) adn when I click on Group Policy Management there is 2 GPOs (by default) created. The first one is called Small Business Server Internet Connection Firewall and the other Small Business Server Windows Firewall. I believe I should be altrering the ICF one (correct?)
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcasr queries
Windows Firewall: Allow local port exceptions
Which (if any) of these objects should be edited to allow Outlook to be excempt? I've looked at them all and there doesn't appear to be a place to allow this to be added. However, I've also opened the full GPO for Windows Firewall thru Group Policy Management and under Admin Template it has a long list of Extra Registry Settings. It states:
Sorry about this, seemed to click the wrong button on my keyboard and the last comment was sent by mistake, here goes again:
I'm using SBS 2003 Premium (so W2K3 in essence) adn when I click on Group Policy Management there is 2 GPOs (by default) created. The first one is called Small Business Server Internet Connection Firewall and the other Small Business Server Windows Firewall. I believe I should be altrering the ICF one (correct?)
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcasr queries
Windows Firewall: Allow local port exceptions
Which (if any) of these objects should be edited to allow Outlook to be excempt? I've looked at them all and there doesn't appear to be a place to allow this to be added. However, I've also opened the full GPO for Windows Firewall thru Group Policy Management and under Admin Template it has a long list of Extra Registry Settings. It states:
Sorry about this, seemed to click the wrong button on my keyboard and the last comment was sent by mistake, here goes again:
I'm using SBS 2003 Premium (so W2K3 in essence) adn when I click on Group Policy Management there is 2 GPOs (by default) created. The first one is called Small Business Server Internet Connection Firewall and the other Small Business Server Windows Firewall. I believe I should be altrering the ICF one (correct?)
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcasr queries
Windows Firewall: Allow local port exceptions
Which (if any) of these objects should be edited to allow Outlook to be excempt? I've looked at them all and there doesn't appear to be a place to allow this to be added. However, I've also opened the full GPO for Windows Firewall thru Group Policy Management and under Admin Template it has a long list of Extra Registry Settings. It states:
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
Setting State
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Authoriz edApplicat ions\Enabl ed 1
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Authoriz edApplicat ions\List\ %ProgramFi les%\Micro soft ActiveSync\CeAppMgr.exe:Lo calSubnet: Enabled:Ac tiveSync Application Manager %ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:Lo calSubnet: Enabled:Ac tiveSync Application Manager
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Authoriz edApplicat ions\List\ %ProgramFi les%\Micro soft ActiveSync\WCESComm.exe:Lo calSubnet: Enabled:Ac tiveSync Connection Manager %ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:Lo calSubnet: Enabled:Ac tiveSync Connection Manager
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Authoriz edApplicat ions\List\ %ProgramFi les%\Micro soft ActiveSync\WCESMgr.exe:Loc alSubnet:E nabled:Act iveSync Application %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:Loc alSubnet:E nabled:Act iveSync Application
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Authoriz edApplicat ions\List\ %WINDIR%\P CHealth\He lpCtr\Bina ries\Helpc tr.exe:*:E nabled:Rem ote Assistance - Windows Messenger and Voice %WINDIR%\PCHealth\HelpCtr\ Binaries\H elpctr.exe :*:Enabled :Remote Assistance - Windows Messenger and Voice
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Authoriz edApplicat ions\List\ %WINDIR%\P CHealth\He lpCtr\Bina ries\Helps vc.exe:*:E nabled:Off er Remote Assistance %WINDIR%\PCHealth\HelpCtr\ Binaries\H elpsvc.exe :*:Enabled :Offer Remote Assistance
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Authoriz edApplicat ions\List\ %WINDIR%\S YSTEM32\Se ssmgr.exe: *:Enabled: Remote Assistance %WINDIR%\SYSTEM32\Sessmgr. exe:*:Enab led:Remote Assistance
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Globally OpenPorts\ Enabled 1
SOFTWARE\Policies\Microsof t\WindowsF irewall\Do mainProfil e\Globally OpenPorts\ List\135:T CP:*:Enabl ed:Offer Remote Assistance - Port
Do I need to amend the .ADM and apply it to this GPO?
I'm using SBS 2003 Premium (so W2K3 in essence) adn when I click on Group Policy Management there is 2 GPOs (by default) created. The first one is called Small Business Server Internet Connection Firewall and the other Small Business Server Windows Firewall. I believe I should be altrering the ICF one (correct?)
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcasr queries
Windows Firewall: Allow local port exceptions
Which (if any) of these objects should be edited to allow Outlook to be excempt? I've looked at them all and there doesn't appear to be a place to allow this to be added. However, I've also opened the full GPO for Windows Firewall thru Group Policy Management and under Admin Template it has a long list of Extra Registry Settings. It states:
Sorry about this, seemed to click the wrong button on my keyboard and the last comment was sent by mistake, here goes again:
I'm using SBS 2003 Premium (so W2K3 in essence) adn when I click on Group Policy Management there is 2 GPOs (by default) created. The first one is called Small Business Server Internet Connection Firewall and the other Small Business Server Windows Firewall. I believe I should be altrering the ICF one (correct?)
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcasr queries
Windows Firewall: Allow local port exceptions
Which (if any) of these objects should be edited to allow Outlook to be excempt? I've looked at them all and there doesn't appear to be a place to allow this to be added. However, I've also opened the full GPO for Windows Firewall thru Group Policy Management and under Admin Template it has a long list of Extra Registry Settings. It states:
Sorry about this, seemed to click the wrong button on my keyboard and the last comment was sent by mistake, here goes again:
I'm using SBS 2003 Premium (so W2K3 in essence) adn when I click on Group Policy Management there is 2 GPOs (by default) created. The first one is called Small Business Server Internet Connection Firewall and the other Small Business Server Windows Firewall. I believe I should be altrering the ICF one (correct?)
The Windows Firewall GPO is the one that has been configured (by SBS) for all the edited objects (ICF is not configured). Won't they both do the same thing?
The GPO for both consists of:
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exception
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcasr queries
Windows Firewall: Allow local port exceptions
Which (if any) of these objects should be edited to allow Outlook to be excempt? I've looked at them all and there doesn't appear to be a place to allow this to be added. However, I've also opened the full GPO for Windows Firewall thru Group Policy Management and under Admin Template it has a long list of Extra Registry Settings. It states:
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
Setting State
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
SOFTWARE\Policies\Microsof
Do I need to amend the .ADM and apply it to this GPO?
The one that you need to modify is: Windows Firewall: Allow local program exceptions
You need to add "outlook.exe" to the list.
Take a look at this technical documentation from MS: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2f56f19e-b9da-4530-8772-f37d2302255e.mspx
It explains how to manage the firewall using group policy.
Simon.
You need to add "outlook.exe" to the list.
Take a look at this technical documentation from MS: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2f56f19e-b9da-4530-8772-f37d2302255e.mspx
It explains how to manage the firewall using group policy.
Simon.
ASKER
Sembee
Thanx, I've already got this object enabled but there is no way for me to add the exception in at the object level. I can amend the exception list at the client machine to add Outlook into it there but I'd much prefer to be able to add this file in at the GPO level. Any idea as to how I should add outlook.exe to the GPO? I know this sounds dumb but I really don't see anything in this object to enable me to say use outlook.exe as an exception.
Thanx, I've already got this object enabled but there is no way for me to add the exception in at the object level. I can amend the exception list at the client machine to add Outlook into it there but I'd much prefer to be able to add this file in at the GPO level. Any idea as to how I should add outlook.exe to the GPO? I know this sounds dumb but I really don't see anything in this object to enable me to say use outlook.exe as an exception.
I have just had another look at my system.
I have a GP entry in the same place called "Define Program exceptions". There I can enter outlook.exe
Simon.
I have a GP entry in the same place called "Define Program exceptions". There I can enter outlook.exe
Simon.
ASKER
Did you create this entry yourself? I don't have this at all. Wondering if this is an SBS problem? Could the object only be available on W2K3 Server and not SBS2K3? If it should be there (or was defined manually), how do I go about this?
ASKER
Sembee
Managed to sort this out. Downloaded SBS2K3 KB872769 and W2K3 KB842933 and this resolved the problem. Thought my server was well patched but obviously not. Thanx (once again) for all your advice and assistance with this one. Please accept the points (yet again) for some wonderful advice.
Managed to sort this out. Downloaded SBS2K3 KB872769 and W2K3 KB842933 and this resolved the problem. Thought my server was well patched but obviously not. Thanx (once again) for all your advice and assistance with this one. Please accept the points (yet again) for some wonderful advice.
Did the delivery folder location change? If you are not using cached mode, in the outlook profiles view you should see only a location for Mailbox - username.