[FW1] RPC and MS Exchange

Tue, 15 Aug 2000 08:51:42 -0700 


Hi there,

I upgraded to 4.1 SP2 from just straight 4.1 over the weekend and started
having this little problem:
A firewall is located between my exchange server and the internal network.
I am forcing Exchange IS and DS services to use port 1200 per instructions
on phoneboy's site.  I understand that is not necessary with FW-1 4.0 and
above, but I am doing it anyway.   

When Outlook is started on the internal network, it connects to the RPC
portmapper on port 135 on the Exchange box and negotiates a port to use for
the future (1200), then it switches to that port.  Initially everything
works fine, however, if I let Outlook sit inactive for about 10 minutes
there is about 20-50 second pause the next time I try to do some action for
which it has to contact the Exchange server (address book lookup).  This
looks like some sort of timeout...  I ran a sniffer and indeed, I see RPC
Request packets destined to the Exchange server port 1200, which keep
getting retransmitted because there is no response.  Eventually the request
times out, and Outlook recovers by trying to connect to the portmapper again
and negotiate a port again.  This goes through immediately and then the
original RPC Request goes through.  If I continuously use Outlook, I am
fine, but if I pause for another 10 minutes, again I get the same situation.

In my rule base I am allowing "internal any any allow", so this shouldn't be
a problem.  I also read that RPC isn't included within ANY, so what do I do?
I tried a rule "internal exchange_server MS_Exchange allow" hoping to use
the 4.1 functionality when it comes to Exchange and still nothing...
I defined RPC_OVER_TCP in base.def and even tried to set the timeout of port
1200 to 3600 sec in init.def.  

Still nothing...

Now I am out of ideas, but really, really don't want to roll back to 4.1
SP0...
Help???

-Gary-

Gary Portnoy
Network Administrator
[EMAIL PROTECTED]


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to