Legal Information
PC Knowledge Base - Microsoft ISA Server 2000 - Configuring Co-located ISA Server and Exchange Server
Good Knowledge Is Good2Use

The following describes how to configure Exchange 2000 and ISA Server when they are located on the same computer. The figure below illustrates the scenario.

In this scenario, you should install both the message screener and the SMTP filter on the computer. When you install ISA Server and select the Full installation option, the message screener is installed with the Full install option during ISA Server setup. The SMTP Filter is always installed.

Note: The message screener can only be installed if an Exchange 2000 or IIS5 SMTP service is installed on the ISA Server computer.
To verify that the message screener is installed, check to see if the following Registry Key exists on the computer:

HKEY_CLASSES_ROOT \CLSID{4F2AC0A5-300F-4DE9-821F-4D5706DC5B32}
If this Registry Key does not exist, then the message screener was not installed.

To install the message screener

  1. To run the ISA Server setup in maintenance mode, in Control Panel, double-click Add/Remove Programs, then click Microsoft Internet Security and Acceleration Server, and then click Change.
  2. In ISA Server setup, click Continue, type the CD key, select the appropriate installation folder, and then select Custom Installation.
  3. In the Options box, verify that the ISA Services and Administration tools options are not selected.
  4. Highlight the Add-in services option and then click Change Option.
  5. Select only the Message Screener option and then click OK. Then, finish the setup process, selecting the default options.
Note: These options are also available when you install ISA Server and specify Custom installation.

The Mail Server Security Wizard does not configure the SMTP filter when Exchange Server and ISA Server are located on the same computer. The ISA Server and the Exchange Server must be specially configured. The following describes how to configure the SMTP Server.

Configure the SMTP Server

In order to be fully secured by the ISA Server, Exchange 2000 must be specially configured to listen only on the internal interface. Perform the following steps:
To configure Exchange 2000 to listen for SMTP traffic on internal interface:

  1. Open the Exchange System Manager. Click Start, click Programs, click Microsoft Exchange, and then click System Manager.
  2. In the console tree of System Manager, click Servers, click the applicable server, click Protocols, click SMTP, right-click Default SMTP Virtual Server, and then click Properties.
  3. On the General tab, click Advanced.
  4. Verify/ensure that only internal IP addresses are listed in the Address box. Remove any other addresses by selecting them and clicking the Remove button.
  5. To add the internal IP address, click Add. Then, select the internal IP address from the list. In TCP port, type: 25
By default, Socket Pooling is enabled. That is, even if you configure Exchange Server's SMTP service to listen on Port 25 for just one interface, it will still listen on all interfaces.

To ensure that the Exchange Server listens on the specified interface: Use MDUTIL.exe or ADSI to set the Metadata raw property

ID numbered 1029 (DisableSocketPooling).
Example:
mdutil set -path smtpsvc/1 -value 1 -dtype 1 -prop 1029 -attrib 1
Configure the ISA Server

In order to fully secure the co-located Exchange Server, ISA Server must be specially configured by performing the following tasks:

  1. Enable the SMTP Filter.
    1. In the console tree of ISA Server, click Internet Security and Acceleration Server, click Servers and Arrays, click the applicable array, click Extensions, and then click Application Filters.
    2. In the details pane, right-click SMTP Filter, and then click Properties.
    3. On the General tab, verify that Enable this filter is selected.
    4. To configure the message screener, click the Attachments tab or the Keywords tab and set the fields appropriately. For more information, see the ISA Server Help.
    5. To configure the SMTP Filter, click the Users/Domains tab or the SMTP Commands tab and set the fields appropriately. For more information, see the ISA Server Help.

    Note: For ISA Server Enterprise Edition, when ISA Server is installed as an array member, you must have permissions to modify the enterprise configuration in order to modify and configure the SMTP filter. This is because the SMTP filter applies to all the arrays in the enterprise.

    The ISA Server SMTP filter transmits data over Distributed COM (DCOM). Make sure that DCOM is working properly between ISA Server and the server where the SMTP message screener is installed. Also, you need to consider carefully the security implications of using DCOM when configuring it.

  2. Configure a server publishing rule to make the Exchange Server accessible
    Note: Do not use the Mail Server Security Wizard.
    1. In the console tree of ISA Server, click Internet Security and Acceleration Server, click Servers and Arrays, click the applicable array, click Publishing, click Server Publishing Rules, click New, and then click Rule.
    2. Type a name for the rule and then click Next..
    3. On Address Mapping, in IP address of internal server, type the IP address on which the Exchange Server is configured to listen. In this case, this should be one of the ISA Server computer's internal IP addresses.
    4. In External IP address on ISA Server, type the ISA Server's external IP address. Then, click Next.
    5. On the Protocol Settings page, select SMTP Server. Then, click Next.
    6. On the Client Type page, select the clients that can access the SMTP Server. Then, click Next, and then click Finish to exit the wizard.


Search Knowledge Base Feedback
If you like our web site refer a friend.
Your friends name.
 Your friends email address.
Your Name
 Your Email Address


© Copyright 1998-1999 GOOD2USE