Geeks With Blogs
Hornet's Nest A few of Mike Hoerner's Favorite Topics


An interesting ISA 2004 tidbit …

While we were setting up our Exchange 2010 ActiveSync environment, we encountered a problem where we could not successfully telnet over port 443 from one of our ISA 2004 Servers to our Exchange 2010 Client Access Server Array.

When we tried to telnet over port 443 from the ISA Server to the Client Access Server Array name, we would get a “Could not open connection to the host on port 443: Connect failed” error message.

Also, when we used portqry over port 443 from the ISA Server to the Client Access Server Array name, we would get a “Error opening socket: 10065” and “No route to host” error messages.

It was odd because we did not have any problems with using ping or tracert from the ISA Server to the Client Access Server Array and our firewall firewall policy was allowing 443 traffic to pass through.

After some troubleshooting, we were able to telnet and use portqry over port 443 successfully if we stopped the Microsoft Firewall service on the ISA 2004 Server.  So, it was strictly a problem with ISA.  Eventually, we were able to isolate the problem to a ISA 2004 Server System Policy setting as shown below (to modify the System Policy, right-click Firewall Policy and click Edit System Policy).

ISA-1

Under the Diagnostics ServicesHTTP Connectivity verifiers Configuration Group, you need to enable the configuration group under the General tab to resolve the problem.  After we enabled the setting, we no longer had a problem.

Posted on Monday, February 14, 2011 3:45 PM | Back to top


Comments on this post: Exchange 2010 Deployment Notes - ISA 2004 Server Issue

# re: Exchange 2010 Deployment Notes - ISA 2004 Server Issue
Requesting Gravatar...
Interesting post, thanks for this!
Left by Aaron on Feb 15, 2011 5:05 PM

Your comment:
 (will show your gravatar)


Copyright © BWCA | Powered by: GeeksWithBlogs.net