?
Solved

Disable ICMP ping on PIX will disable SMTP Virtual Connector ??

Posted on 2006-06-06
4
Medium Priority
?
483 Views
Last Modified: 2013-11-15
Due to security reason, I have disabled the ICMP ping on my PIX. Afterwards, I find that the Exchange server couldn't route my domain users's e-mail to other Exchange server (hosted in other country). I then review the queue in the Exchange and find that the connector to the other Exchange server is not available. According to my memory, it normally use this queue to route my internal e-mail. However, when I enable the icmp ping on PIX, everything work fine after few minutes.

Two sites are connected through VPN through PIX. In fact, only ICMP is blocked. Other than that, two Exchange could be pinged each other and POP3, SMTP is working fine through the PIX.

Why does this happen ?
0
Comment
Question by:AXISHK
2 Comments
 
LVL 4

Expert Comment

by:ganongj
ID: 16843214
A simple answer would be to just enable ping on that vpn.  Disable ping for all other locations, but allow it for the vpn.

Jim
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 2000 total points
ID: 16843485
Just disable the ICMP check in Exchange.

See here for a better explanation:

http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TechRef/e0163427-dd90-4761-8f14-8cb41f15939c.mspx?mfr=true

Reachability   DSAccess uses Internet Control Message Protocol (ICMP) to ping each server to verify that the server is available. DSAccess also verifies that the directory server is reachable over port 389 (for domain controllers) and port 3268 (for global catalog servers).

If you use ICMP to determine if a server is available, you might create a problem if all connections in your network do not support ICMP. For example, an Exchange server might reside in a perimeter network, which has no ICMP connectivity between the Exchange server and the domain controllers. In this situation, you should disable the ICMP check and set the following registry parameter to zero.

 
Location
 HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\MSExchangeDSAccess
 
Value
 LdapKeepAliveSecs
 
Type
 REG_DWORD
 
Value Data
 0x0
 
Description
 DSAccess uses the ping protocol if there is no registry key does or it is not set to 0,
 
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft will be releasing the Windows 10 Creators Update in just a matter of weeks. Are you prepared? Follow these steps to ensure everything goes smoothly and you don't lose valuable data on your PC.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question