Solved

MS Outlook behind ISA 2006 Cannot send and Receive emails

Posted on 2009-05-18
17
1,610 Views
Last Modified: 2013-11-29
I cannot send or receive emails from particular accounts configured in Ms Outlook behind ISA 2006. Ever since I installed ISA, I can only receive/send emails from one particular account, " ...cannot contact the mail server..." that is what is shown in the error message.
I have checked the configurations, I have connected via a different network which does not reside behind ISA and it works fine, so I have dissipated any doubts on whether the mail server was having any sort of problems. The firewall rules seem to be well applied too, I say this because I still can receive/send emails from one of the pop accounts which happens to have the same domain name as the mail server(it is hosted externally).

Any help would be greatly apreciated.

Rgs,
0
Comment
Question by:kemitHamite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
17 Comments
 

Expert Comment

by:Axiscomputernetworks
ID: 24411500
What address do you get back if you ping the Exchange server as specified in the account configuration? I saw this once before when the client machine had a hosts entry for the mailserver that specified the external address. With one firewall, they could go to the external address, and by chance get redirected back inside. With a new firewall, that path wasn't available. In this case, using Exchange from outside the firewall works correctly because it is supposed to use the public/routable IP address for the Exchange server.

So from inside the firewall, ping the Exchange server. If it comes back as a 10.x.x.x, 172.x.x.x, or 192.168.x.x address, then that is good. If it comes back with the same address that you would get if you pinged it from outside, then you have a problem. Check the hosts file to see if there is an entry. Check your DNS server to see if it is automatically getting one inside the network, preferably a Windows server that is part of the domain.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 24411570
Hi Axis...,
I am not using exchange server!
0
 

Expert Comment

by:Axiscomputernetworks
ID: 24411790
Oh. You mentioned that you were using POP3 on the separate account that is working. Are you also using POP3 on the account that is having a problem?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:kemitHamite
ID: 24412072
yes, they are all using pop3. this is why I can't understand what the problem is because, if it was a matter of a configuration problem in ISA then it shouldn't work for neither of the accounts, you get what I am saying?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 24414913
how have you made the ISA firewall rules for the pop3 and the smtp services?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24422749
The problem is that by default Outlook will not use the Firewall [winsock proxy] Service of ISA.  It will only use the Secure NAT Service.  I believe the reason for this is because Outlook is almost always used as an Exchange Client and having this behavor as the default helps assure that the ISA Firewall Client software does not interferre with the Exchange communication.

By default, If you want to use Outlook with an outside POP3, SMTP, IMAP Serivce it needs to do so as a SecureNAT Client.  This may not be desireable since SecureNAT communication is always anonymous and cannot make use of Access Rules if they require authentication.

So if you want to use Outlook over an authenticated connection to an outside POP3, SMTP, IMAP Serivce then you have to install the Firewall Client Software and enable the Firewall Service to acknowledge Outlook.  Do this like so:

In the ISA MMC--->Configuration-->General-->Define Firewall Client Settings-->Application Settings Tab-->find the "Outlook" entry-->edit the Value so that Disable=0

If my take up to 30 minutes of so before the changes begin to effect the Client machines.  There is an update cycle for the client side Firewall Client to pickup new or changed settings from the ISA server.

0
 
LVL 1

Author Comment

by:kemitHamite
ID: 24433358
hi Keith_Alabaster,
Sorry for the delay.
The pop3 and smtp rules are under INTERNET, which is my second access rule right after my DENY (blocked url's). The protocols under the same rule are as follows:
-ftp server
-ftp
-http
-https
-pop3
-smtp

FROM Internal, Domain Controller and the ISA server
TO External
All Users

Some additional info, only on my LAN rules I have DNS but all the rules in the LAN are crossed by a line and all of a sudden I cannot remotely log in to my isa server although I have RDP listed under my protocols.

Rgs
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 24433437
pwindell,
thanks a lot for your suggestion but i haven't been able to install the firewall client. The computer where I am installing it does not find the path to my computer running ISA. Do you think I need to open a specific rule on my firewall policy?

Rgs
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24434716
Without the Firewall Client you can only use anonymous Rules for SMTP/POP3.

But the networking issue that keeps the FWC from working properly may also prevent the thing from running properly as a SecureNAT Client,...which prevents Outlook from working.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 24440257
pwindell i get ur point but if that was the problem then how come i can send/receive emails from one of the pop3 accounts and not from the other account?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24443513
From the same workstation using the same email client at the same time? One account works, one doesn't?
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 24443534
Ok, yes, I see that now earlier in the thread.  Well I don't know then.  Try using the actual IP# of the mail server in the connection settings in the Mail Client,...don't use Domain Names or Machine Names.

There may be DNS issues,...particularly if you aren't running Split-DNS when you maybe shoud be.

0
 
LVL 1

Author Comment

by:kemitHamite
ID: 24443561
okay, i will try your suggestion.
thanks a lot for taking your time,

rgs
0
 
LVL 1

Author Closing Comment

by:kemitHamite
ID: 31582520
pwindell thanks a lot for helping me out. simple and straight forward help. Just one more thing could you give me some tips on this Split-DNS thing? Excuse my ignorance...

Many many thanks
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24632137
A quickie answer for the Split-DNS
There are basically two types
1. Single Zone Split-DNS
2. Multi-Zone Split-DNS
If your AD Domain Name uses the same spelling as your Public Domain Name then you use #1.
But if the spellings are different then you use #2
With #1 you just add additonal static A Records (www, mail, etc) and give then the correct IP# whether they be Public or Private.
With #2 you add a new Standard Non-AD, Non-dynamic Update Zone for each spelling of the Domain Names you have.  Create the static records the same way as #1.
Your Split-DNS is for Your Lan only.  It has nothing to do with how the people out in "Internet Land" resolve any of your Public Domain Hosts
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 24637921
Thanks a lot pwindell, I will follow your advice.

Once again, many thanks.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24644607
I think I posted the Split-DNS comments to the wrong thread. I doesn't look like you were the one asking about it.
Sorry...
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question