SELF Attribute not updating through firewall

We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2. 
I think that something we did in the last month or two in regards to 
shutting down the old NT servers has caused this oddity to occur:

Our Forest is two domains. One domain has about 1,000 users, the subdomain 
has about 12.
The subdomain is behind a PIX firewall.
We recently upgraded Exchange 5.5 to Exchange 2003.

Everything has worked for quite some time.

I think that something we did recently, as we shut down more and more of the 
old NT servers has caused the following odd problem, but I can't figure out 
what is causing it.

When the Exchange Admins create a new user in this subdomain behind the 
firewall, the SELF attribute doesn't update and change to the username as it 
should.

Also, that user cannot open up Outlook on their computer successfully.

I started debug fixup udp and noticed that the domain controller for that 
subdomain (which is also behind the firewall) for some reason is trying to 
use port 138 to a domain controller that is not in it's site replication 
topology. If the DC should be talking to the root DC in the forest, and that 
is how to PIX has been configured for several years. (Exchange 5.5 days)

If I allow Port 138 traffic to go through the firewall, the subdomains DC 
will indeed go to that other DC and the user can then successfully open 
Outlook and send and receive email.

Oddly, the SELF attribute never gets updated.

We placed a machine on the outside of the firewall, logged into the 
subdomain as a user from that subdomain, and even though the user can send 
and receive email, the SELF attribute never gets updated to the logged in 
users name.

I am using secure DC to DC isakmp through the firewall replication as 
recommended in a KB as the best way to handle DC to DC replication through a 
firewall.

Frankly, I am not even sure what my next troubleshooting step should be. Any 
help is greatly appreciated.

Bruce D. Meyer, CCNA, MCSE
Network Analyst
City of Columbia, SC

 



-- 
Bruce D. Meyer, CCNA, MCSE
Network Analyst
City of Columbia, SC
0
10/10/2006 4:43:02 PM
exchange.admin 57650 articles. 2 followers. Follow

7 Replies
369 Views

Similar Articles

[PageSpeed] 19

Did you run Exchange setup /DomainPrep in the subdomain?
-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message 
news:4C31ED7D-BC27-430E-AB99-4ECF161A2C86@microsoft.com...
> We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2.
> I think that something we did in the last month or two in regards to
> shutting down the old NT servers has caused this oddity to occur:
>
> Our Forest is two domains. One domain has about 1,000 users, the subdomain
> has about 12.
> The subdomain is behind a PIX firewall.
> We recently upgraded Exchange 5.5 to Exchange 2003.
>
> Everything has worked for quite some time.
>
> I think that something we did recently, as we shut down more and more of 
> the
> old NT servers has caused the following odd problem, but I can't figure 
> out
> what is causing it.
>
> When the Exchange Admins create a new user in this subdomain behind the
> firewall, the SELF attribute doesn't update and change to the username as 
> it
> should.
>
> Also, that user cannot open up Outlook on their computer successfully.
>
> I started debug fixup udp and noticed that the domain controller for that
> subdomain (which is also behind the firewall) for some reason is trying to
> use port 138 to a domain controller that is not in it's site replication
> topology. If the DC should be talking to the root DC in the forest, and 
> that
> is how to PIX has been configured for several years. (Exchange 5.5 days)
>
> If I allow Port 138 traffic to go through the firewall, the subdomains DC
> will indeed go to that other DC and the user can then successfully open
> Outlook and send and receive email.
>
> Oddly, the SELF attribute never gets updated.
>
> We placed a machine on the outside of the firewall, logged into the
> subdomain as a user from that subdomain, and even though the user can send
> and receive email, the SELF attribute never gets updated to the logged in
> users name.
>
> I am using secure DC to DC isakmp through the firewall replication as
> recommended in a KB as the best way to handle DC to DC replication through 
> a
> firewall.
>
> Frankly, I am not even sure what my next troubleshooting step should be. 
> Any
> help is greatly appreciated.
>
> Bruce D. Meyer, CCNA, MCSE
> Network Analyst
> City of Columbia, SC
>
>
>
>
>
> -- 
> Bruce D. Meyer, CCNA, MCSE
> Network Analyst
> City of Columbia, SC 


0
curspice6401 (3487)
10/10/2006 6:33:34 PM
Also, is there a Recipient Update Service running against the subdomain?
-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message 
news:4C31ED7D-BC27-430E-AB99-4ECF161A2C86@microsoft.com...
> We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2.
> I think that something we did in the last month or two in regards to
> shutting down the old NT servers has caused this oddity to occur:
>
> Our Forest is two domains. One domain has about 1,000 users, the subdomain
> has about 12.
> The subdomain is behind a PIX firewall.
> We recently upgraded Exchange 5.5 to Exchange 2003.
>
> Everything has worked for quite some time.
>
> I think that something we did recently, as we shut down more and more of 
> the
> old NT servers has caused the following odd problem, but I can't figure 
> out
> what is causing it.
>
> When the Exchange Admins create a new user in this subdomain behind the
> firewall, the SELF attribute doesn't update and change to the username as 
> it
> should.
>
> Also, that user cannot open up Outlook on their computer successfully.
>
> I started debug fixup udp and noticed that the domain controller for that
> subdomain (which is also behind the firewall) for some reason is trying to
> use port 138 to a domain controller that is not in it's site replication
> topology. If the DC should be talking to the root DC in the forest, and 
> that
> is how to PIX has been configured for several years. (Exchange 5.5 days)
>
> If I allow Port 138 traffic to go through the firewall, the subdomains DC
> will indeed go to that other DC and the user can then successfully open
> Outlook and send and receive email.
>
> Oddly, the SELF attribute never gets updated.
>
> We placed a machine on the outside of the firewall, logged into the
> subdomain as a user from that subdomain, and even though the user can send
> and receive email, the SELF attribute never gets updated to the logged in
> users name.
>
> I am using secure DC to DC isakmp through the firewall replication as
> recommended in a KB as the best way to handle DC to DC replication through 
> a
> firewall.
>
> Frankly, I am not even sure what my next troubleshooting step should be. 
> Any
> help is greatly appreciated.
>
> Bruce D. Meyer, CCNA, MCSE
> Network Analyst
> City of Columbia, SC
>
>
>
>
>
> -- 
> Bruce D. Meyer, CCNA, MCSE
> Network Analyst
> City of Columbia, SC 


0
curspice6401 (3487)
10/10/2006 6:33:56 PM
As far as the Recipient Update service, no, it is not running 'in' the 
subdomain, as their is only a single Exchange server on the whole Forest, and 
it resides in the root domain (I know, improper term, but...). However, their 
is a Recipient Update service running FOR the subdomain on the Exchange 
server.

As far as the Exchange Setup / Domain prep, It was run in the Forest root 
domain, and seperately again in the subdomain.






-- 
Bruce D. Meyer, CCNA, MCSE
Network Analyst
City of Columbia, SC


"Ed Crowley [MVP]" wrote:

> Also, is there a Recipient Update Service running against the subdomain?
> -- 
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
> 
> "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message 
> news:4C31ED7D-BC27-430E-AB99-4ECF161A2C86@microsoft.com...
> > We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2.
> > I think that something we did in the last month or two in regards to
> > shutting down the old NT servers has caused this oddity to occur:
> >
> > Our Forest is two domains. One domain has about 1,000 users, the subdomain
> > has about 12.
> > The subdomain is behind a PIX firewall.
> > We recently upgraded Exchange 5.5 to Exchange 2003.
> >
> > Everything has worked for quite some time.
> >
> > I think that something we did recently, as we shut down more and more of 
> > the
> > old NT servers has caused the following odd problem, but I can't figure 
> > out
> > what is causing it.
> >
> > When the Exchange Admins create a new user in this subdomain behind the
> > firewall, the SELF attribute doesn't update and change to the username as 
> > it
> > should.
> >
> > Also, that user cannot open up Outlook on their computer successfully.
> >
> > I started debug fixup udp and noticed that the domain controller for that
> > subdomain (which is also behind the firewall) for some reason is trying to
> > use port 138 to a domain controller that is not in it's site replication
> > topology. If the DC should be talking to the root DC in the forest, and 
> > that
> > is how to PIX has been configured for several years. (Exchange 5.5 days)
> >
> > If I allow Port 138 traffic to go through the firewall, the subdomains DC
> > will indeed go to that other DC and the user can then successfully open
> > Outlook and send and receive email.
> >
> > Oddly, the SELF attribute never gets updated.
> >
> > We placed a machine on the outside of the firewall, logged into the
> > subdomain as a user from that subdomain, and even though the user can send
> > and receive email, the SELF attribute never gets updated to the logged in
> > users name.
> >
> > I am using secure DC to DC isakmp through the firewall replication as
> > recommended in a KB as the best way to handle DC to DC replication through 
> > a
> > firewall.
> >
> > Frankly, I am not even sure what my next troubleshooting step should be. 
> > Any
> > help is greatly appreciated.
> >
> > Bruce D. Meyer, CCNA, MCSE
> > Network Analyst
> > City of Columbia, SC
> >
> >
> >
> >
> >
> > -- 
> > Bruce D. Meyer, CCNA, MCSE
> > Network Analyst
> > City of Columbia, SC 
> 
> 
> 
0
10/10/2006 8:18:01 PM
Actually I didn't use the word you quoted, "in", I said "against".

Do the newly created users get e-mail addresses from the RUS?  Are the 
Outlook users crossing the firewall?  Have you tried running DCDIAG?
-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message 
news:60DC2E42-0D82-48F4-822E-27B27E385279@microsoft.com...
> As far as the Recipient Update service, no, it is not running 'in' the
> subdomain, as their is only a single Exchange server on the whole Forest, 
> and
> it resides in the root domain (I know, improper term, but...). However, 
> their
> is a Recipient Update service running FOR the subdomain on the Exchange
> server.
>
> As far as the Exchange Setup / Domain prep, It was run in the Forest root
> domain, and seperately again in the subdomain.
>
>
>
>
>
>
> -- 
> Bruce D. Meyer, CCNA, MCSE
> Network Analyst
> City of Columbia, SC
>
>
> "Ed Crowley [MVP]" wrote:
>
>> Also, is there a Recipient Update Service running against the subdomain?
>> -- 
>> Ed Crowley
>> MVP - Exchange
>> "Protecting the world from PSTs and brick backups!"
>>
>> "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message
>> news:4C31ED7D-BC27-430E-AB99-4ECF161A2C86@microsoft.com...
>> > We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2.
>> > I think that something we did in the last month or two in regards to
>> > shutting down the old NT servers has caused this oddity to occur:
>> >
>> > Our Forest is two domains. One domain has about 1,000 users, the 
>> > subdomain
>> > has about 12.
>> > The subdomain is behind a PIX firewall.
>> > We recently upgraded Exchange 5.5 to Exchange 2003.
>> >
>> > Everything has worked for quite some time.
>> >
>> > I think that something we did recently, as we shut down more and more 
>> > of
>> > the
>> > old NT servers has caused the following odd problem, but I can't figure
>> > out
>> > what is causing it.
>> >
>> > When the Exchange Admins create a new user in this subdomain behind the
>> > firewall, the SELF attribute doesn't update and change to the username 
>> > as
>> > it
>> > should.
>> >
>> > Also, that user cannot open up Outlook on their computer successfully.
>> >
>> > I started debug fixup udp and noticed that the domain controller for 
>> > that
>> > subdomain (which is also behind the firewall) for some reason is trying 
>> > to
>> > use port 138 to a domain controller that is not in it's site 
>> > replication
>> > topology. If the DC should be talking to the root DC in the forest, and
>> > that
>> > is how to PIX has been configured for several years. (Exchange 5.5 
>> > days)
>> >
>> > If I allow Port 138 traffic to go through the firewall, the subdomains 
>> > DC
>> > will indeed go to that other DC and the user can then successfully open
>> > Outlook and send and receive email.
>> >
>> > Oddly, the SELF attribute never gets updated.
>> >
>> > We placed a machine on the outside of the firewall, logged into the
>> > subdomain as a user from that subdomain, and even though the user can 
>> > send
>> > and receive email, the SELF attribute never gets updated to the logged 
>> > in
>> > users name.
>> >
>> > I am using secure DC to DC isakmp through the firewall replication as
>> > recommended in a KB as the best way to handle DC to DC replication 
>> > through
>> > a
>> > firewall.
>> >
>> > Frankly, I am not even sure what my next troubleshooting step should 
>> > be.
>> > Any
>> > help is greatly appreciated.
>> >
>> > Bruce D. Meyer, CCNA, MCSE
>> > Network Analyst
>> > City of Columbia, SC
>> >
>> >
>> >
>> >
>> >
>> > -- 
>> > Bruce D. Meyer, CCNA, MCSE
>> > Network Analyst
>> > City of Columbia, SC
>>
>>
>> 


0
curspice6401 (3487)
10/10/2006 9:40:17 PM
Yup, you're right. I noticed that right after I sent it. Oh well. at least 
one of us was correct!  :-)

Don't know what the acronym RUS stands for. New users are created on the 
Exchange Server. 
The users access their email from behind the firewall. I misspoke on the 
earlier message also when I said we tested from outside the firewall, that 
was from actually inside the firewall.

What I see is when the user attempts to check their email from behind the 
firewall, their DC (behind the firewall) tries to connect outside the 
firewall, presumably for authentication. (port 389)

I haven't tried DCDIAG, I will try that tommorrow when I am back at work. 
(Wednesday AM)

Bear with me please, I am the Network analyst, not the Exchange Admin that 
set everything up. I run your questions by them so they probably know what 
the RUS is. 
-- 
Bruce D. Meyer, CCNA, MCSE
Network Analyst
City of Columbia, SC


"Ed Crowley [MVP]" wrote:

> Actually I didn't use the word you quoted, "in", I said "against".
> 
> Do the newly created users get e-mail addresses from the RUS?  Are the 
> Outlook users crossing the firewall?  Have you tried running DCDIAG?
> -- 
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
> 
> "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message 
> news:60DC2E42-0D82-48F4-822E-27B27E385279@microsoft.com...
> > As far as the Recipient Update service, no, it is not running 'in' the
> > subdomain, as their is only a single Exchange server on the whole Forest, 
> > and
> > it resides in the root domain (I know, improper term, but...). However, 
> > their
> > is a Recipient Update service running FOR the subdomain on the Exchange
> > server.
> >
> > As far as the Exchange Setup / Domain prep, It was run in the Forest root
> > domain, and seperately again in the subdomain.
> >
> >
> >
> >
> >
> >
> > -- 
> > Bruce D. Meyer, CCNA, MCSE
> > Network Analyst
> > City of Columbia, SC
> >
> >
> > "Ed Crowley [MVP]" wrote:
> >
> >> Also, is there a Recipient Update Service running against the subdomain?
> >> -- 
> >> Ed Crowley
> >> MVP - Exchange
> >> "Protecting the world from PSTs and brick backups!"
> >>
> >> "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message
> >> news:4C31ED7D-BC27-430E-AB99-4ECF161A2C86@microsoft.com...
> >> > We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2.
> >> > I think that something we did in the last month or two in regards to
> >> > shutting down the old NT servers has caused this oddity to occur:
> >> >
> >> > Our Forest is two domains. One domain has about 1,000 users, the 
> >> > subdomain
> >> > has about 12.
> >> > The subdomain is behind a PIX firewall.
> >> > We recently upgraded Exchange 5.5 to Exchange 2003.
> >> >
> >> > Everything has worked for quite some time.
> >> >
> >> > I think that something we did recently, as we shut down more and more 
> >> > of
> >> > the
> >> > old NT servers has caused the following odd problem, but I can't figure
> >> > out
> >> > what is causing it.
> >> >
> >> > When the Exchange Admins create a new user in this subdomain behind the
> >> > firewall, the SELF attribute doesn't update and change to the username 
> >> > as
> >> > it
> >> > should.
> >> >
> >> > Also, that user cannot open up Outlook on their computer successfully.
> >> >
> >> > I started debug fixup udp and noticed that the domain controller for 
> >> > that
> >> > subdomain (which is also behind the firewall) for some reason is trying 
> >> > to
> >> > use port 138 to a domain controller that is not in it's site 
> >> > replication
> >> > topology. If the DC should be talking to the root DC in the forest, and
> >> > that
> >> > is how to PIX has been configured for several years. (Exchange 5.5 
> >> > days)
> >> >
> >> > If I allow Port 138 traffic to go through the firewall, the subdomains 
> >> > DC
> >> > will indeed go to that other DC and the user can then successfully open
> >> > Outlook and send and receive email.
> >> >
> >> > Oddly, the SELF attribute never gets updated.
> >> >
> >> > We placed a machine on the outside of the firewall, logged into the
> >> > subdomain as a user from that subdomain, and even though the user can 
> >> > send
> >> > and receive email, the SELF attribute never gets updated to the logged 
> >> > in
> >> > users name.
> >> >
> >> > I am using secure DC to DC isakmp through the firewall replication as
> >> > recommended in a KB as the best way to handle DC to DC replication 
> >> > through
> >> > a
> >> > firewall.
> >> >
> >> > Frankly, I am not even sure what my next troubleshooting step should 
> >> > be.
> >> > Any
> >> > help is greatly appreciated.
> >> >
> >> > Bruce D. Meyer, CCNA, MCSE
> >> > Network Analyst
> >> > City of Columbia, SC
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > -- 
> >> > Bruce D. Meyer, CCNA, MCSE
> >> > Network Analyst
> >> > City of Columbia, SC
> >>
> >>
> >> 
> 
> 
> 
0
10/11/2006 12:40:02 AM
Well, the two excahnge admins sent me several links on what RUS is, including 
a tutorial!)
DCDIAG passed all tests. Results below:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\bdmeyer.COLUMBIASC.000>cd \

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: LEGAL\subdomaindc
      Starting test: Connectivity
         ......................... subdomaindc passed test Connectivity

Doing primary tests

   Testing server: LEGAL\subdomaindc
      Starting test: Replications
         ......................... subdomaindc passed test Replications
      Starting test: NCSecDesc
         ......................... subdomaindc passed test NCSecDesc
      Starting test: NetLogons
         ......................... subdomaindc passed test NetLogons
      Starting test: Advertising
         ......................... subdomaindc passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... subdomaindc passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... subdomaindc passed test RidManager
      Starting test: MachineAccount
         ......................... subdomaindc passed test MachineAccount
      Starting test: Services
         ......................... subdomaindc passed test Services
      Starting test: ObjectsReplicated
         ......................... subdomaindc passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... subdomaindc passed test frssysvol
      Starting test: kccevent
         ......................... subdomaindc passed test kccevent
      Starting test: systemlog
         ......................... subdomaindc passed test systemlog

   Running enterprise tests on : columbiasc.ads
      Starting test: Intersite
         ......................... columbiasc.ads passed test Intersite
      Starting test: FsmoCheck
         ......................... columbiasc.ads passed test FsmoCheck

C:\>

-- 
Bruce D. Meyer, CCNA, MCSE
Network Analyst
City of Columbia, SC


"Bruce D. Meyer" wrote:

> Yup, you're right. I noticed that right after I sent it. Oh well. at least 
> one of us was correct!  :-)
> 
> Don't know what the acronym RUS stands for. New users are created on the 
> Exchange Server. 
> The users access their email from behind the firewall. I misspoke on the 
> earlier message also when I said we tested from outside the firewall, that 
> was from actually inside the firewall.
> 
> What I see is when the user attempts to check their email from behind the 
> firewall, their DC (behind the firewall) tries to connect outside the 
> firewall, presumably for authentication. (port 389)
> 
> I haven't tried DCDIAG, I will try that tommorrow when I am back at work. 
> (Wednesday AM)
> 
> Bear with me please, I am the Network analyst, not the Exchange Admin that 
> set everything up. I run your questions by them so they probably know what 
> the RUS is. 
> -- 
> Bruce D. Meyer, CCNA, MCSE
> Network Analyst
> City of Columbia, SC
> 
> 
> "Ed Crowley [MVP]" wrote:
> 
> > Actually I didn't use the word you quoted, "in", I said "against".
> > 
> > Do the newly created users get e-mail addresses from the RUS?  Are the 
> > Outlook users crossing the firewall?  Have you tried running DCDIAG?
> > -- 
> > Ed Crowley
> > MVP - Exchange
> > "Protecting the world from PSTs and brick backups!"
> > 
> > "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message 
> > news:60DC2E42-0D82-48F4-822E-27B27E385279@microsoft.com...
> > > As far as the Recipient Update service, no, it is not running 'in' the
> > > subdomain, as their is only a single Exchange server on the whole Forest, 
> > > and
> > > it resides in the root domain (I know, improper term, but...). However, 
> > > their
> > > is a Recipient Update service running FOR the subdomain on the Exchange
> > > server.
> > >
> > > As far as the Exchange Setup / Domain prep, It was run in the Forest root
> > > domain, and seperately again in the subdomain.
> > >
> > >
> > >
> > >
> > >
> > >
> > > -- 
> > > Bruce D. Meyer, CCNA, MCSE
> > > Network Analyst
> > > City of Columbia, SC
> > >
> > >
> > > "Ed Crowley [MVP]" wrote:
> > >
> > >> Also, is there a Recipient Update Service running against the subdomain?
> > >> -- 
> > >> Ed Crowley
> > >> MVP - Exchange
> > >> "Protecting the world from PSTs and brick backups!"
> > >>
> > >> "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message
> > >> news:4C31ED7D-BC27-430E-AB99-4ECF161A2C86@microsoft.com...
> > >> > We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2.
> > >> > I think that something we did in the last month or two in regards to
> > >> > shutting down the old NT servers has caused this oddity to occur:
> > >> >
> > >> > Our Forest is two domains. One domain has about 1,000 users, the 
> > >> > subdomain
> > >> > has about 12.
> > >> > The subdomain is behind a PIX firewall.
> > >> > We recently upgraded Exchange 5.5 to Exchange 2003.
> > >> >
> > >> > Everything has worked for quite some time.
> > >> >
> > >> > I think that something we did recently, as we shut down more and more 
> > >> > of
> > >> > the
> > >> > old NT servers has caused the following odd problem, but I can't figure
> > >> > out
> > >> > what is causing it.
> > >> >
> > >> > When the Exchange Admins create a new user in this subdomain behind the
> > >> > firewall, the SELF attribute doesn't update and change to the username 
> > >> > as
> > >> > it
> > >> > should.
> > >> >
> > >> > Also, that user cannot open up Outlook on their computer successfully.
> > >> >
> > >> > I started debug fixup udp and noticed that the domain controller for 
> > >> > that
> > >> > subdomain (which is also behind the firewall) for some reason is trying 
> > >> > to
> > >> > use port 138 to a domain controller that is not in it's site 
> > >> > replication
> > >> > topology. If the DC should be talking to the root DC in the forest, and
> > >> > that
> > >> > is how to PIX has been configured for several years. (Exchange 5.5 
> > >> > days)
> > >> >
> > >> > If I allow Port 138 traffic to go through the firewall, the subdomains 
> > >> > DC
> > >> > will indeed go to that other DC and the user can then successfully open
> > >> > Outlook and send and receive email.
> > >> >
> > >> > Oddly, the SELF attribute never gets updated.
> > >> >
> > >> > We placed a machine on the outside of the firewall, logged into the
> > >> > subdomain as a user from that subdomain, and even though the user can 
> > >> > send
> > >> > and receive email, the SELF attribute never gets updated to the logged 
> > >> > in
> > >> > users name.
> > >> >
> > >> > I am using secure DC to DC isakmp through the firewall replication as
> > >> > recommended in a KB as the best way to handle DC to DC replication 
> > >> > through
> > >> > a
> > >> > firewall.
> > >> >
> > >> > Frankly, I am not even sure what my next troubleshooting step should 
> > >> > be.
> > >> > Any
> > >> > help is greatly appreciated.
> > >> >
> > >> > Bruce D. Meyer, CCNA, MCSE
> > >> > Network Analyst
> > >> > City of Columbia, SC
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > -- 
> > >> > Bruce D. Meyer, CCNA, MCSE
> > >> > Network Analyst
> > >> > City of Columbia, SC
> > >>
> > >>
> > >> 
> > 
> > 
> > 
0
10/11/2006 3:19:02 PM
The two excahnge admins sent me several links on what RUS is. 
I ran DCDIAG on the subdomain DC and it passed all tests. here are the 
results:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\bdmeyer.COLUMBIASC.000>cd \

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: LEGAL\subdomaindc
      Starting test: Connectivity
         ......................... subdomaindc passed test Connectivity

Doing primary tests

   Testing server: LEGAL\subdomaindc
      Starting test: Replications
         ......................... subdomaindc passed test Replications
      Starting test: NCSecDesc
         ......................... subdomaindc passed test NCSecDesc
      Starting test: NetLogons
         ......................... subdomaindc passed test NetLogons
      Starting test: Advertising
         ......................... subdomaindc passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... subdomaindc passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... subdomaindc passed test RidManager
      Starting test: MachineAccount
         ......................... subdomaindc passed test MachineAccount
      Starting test: Services
         ......................... subdomaindc passed test Services
      Starting test: ObjectsReplicated
         ......................... subdomaindc passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... subdomaindc passed test frssysvol
      Starting test: kccevent
         ......................... subdomaindc passed test kccevent
      Starting test: systemlog
         ......................... subdomaindc passed test systemlog

   Running enterprise tests on : columbiasc.ads
      Starting test: Intersite
         ......................... columbiasc.ads passed test Intersite
      Starting test: FsmoCheck
         ......................... columbiasc.ads passed test FsmoCheck

C:\>

-- 
Bruce D. Meyer, CCNA, MCSE
Network Analyst
City of Columbia, SC


"Bruce D. Meyer" wrote:

> Yup, you're right. I noticed that right after I sent it. Oh well. at least 
> one of us was correct!  :-)
> 
> Don't know what the acronym RUS stands for. New users are created on the 
> Exchange Server. 
> The users access their email from behind the firewall. I misspoke on the 
> earlier message also when I said we tested from outside the firewall, that 
> was from actually inside the firewall.
> 
> What I see is when the user attempts to check their email from behind the 
> firewall, their DC (behind the firewall) tries to connect outside the 
> firewall, presumably for authentication. (port 389)
> 
> I haven't tried DCDIAG, I will try that tommorrow when I am back at work. 
> (Wednesday AM)
> 
> Bear with me please, I am the Network analyst, not the Exchange Admin that 
> set everything up. I run your questions by them so they probably know what 
> the RUS is. 
> -- 
> Bruce D. Meyer, CCNA, MCSE
> Network Analyst
> City of Columbia, SC
> 
> 
> "Ed Crowley [MVP]" wrote:
> 
> > Actually I didn't use the word you quoted, "in", I said "against".
> > 
> > Do the newly created users get e-mail addresses from the RUS?  Are the 
> > Outlook users crossing the firewall?  Have you tried running DCDIAG?
> > -- 
> > Ed Crowley
> > MVP - Exchange
> > "Protecting the world from PSTs and brick backups!"
> > 
> > "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message 
> > news:60DC2E42-0D82-48F4-822E-27B27E385279@microsoft.com...
> > > As far as the Recipient Update service, no, it is not running 'in' the
> > > subdomain, as their is only a single Exchange server on the whole Forest, 
> > > and
> > > it resides in the root domain (I know, improper term, but...). However, 
> > > their
> > > is a Recipient Update service running FOR the subdomain on the Exchange
> > > server.
> > >
> > > As far as the Exchange Setup / Domain prep, It was run in the Forest root
> > > domain, and seperately again in the subdomain.
> > >
> > >
> > >
> > >
> > >
> > >
> > > -- 
> > > Bruce D. Meyer, CCNA, MCSE
> > > Network Analyst
> > > City of Columbia, SC
> > >
> > >
> > > "Ed Crowley [MVP]" wrote:
> > >
> > >> Also, is there a Recipient Update Service running against the subdomain?
> > >> -- 
> > >> Ed Crowley
> > >> MVP - Exchange
> > >> "Protecting the world from PSTs and brick backups!"
> > >>
> > >> "Bruce D. Meyer" <BruceDMeyer@discussions.microsoft.com> wrote in message
> > >> news:4C31ED7D-BC27-430E-AB99-4ECF161A2C86@microsoft.com...
> > >> > We have an AD forest recently upgraded Exchange 5.5 to 2003 SP2.
> > >> > I think that something we did in the last month or two in regards to
> > >> > shutting down the old NT servers has caused this oddity to occur:
> > >> >
> > >> > Our Forest is two domains. One domain has about 1,000 users, the 
> > >> > subdomain
> > >> > has about 12.
> > >> > The subdomain is behind a PIX firewall.
> > >> > We recently upgraded Exchange 5.5 to Exchange 2003.
> > >> >
> > >> > Everything has worked for quite some time.
> > >> >
> > >> > I think that something we did recently, as we shut down more and more 
> > >> > of
> > >> > the
> > >> > old NT servers has caused the following odd problem, but I can't figure
> > >> > out
> > >> > what is causing it.
> > >> >
> > >> > When the Exchange Admins create a new user in this subdomain behind the
> > >> > firewall, the SELF attribute doesn't update and change to the username 
> > >> > as
> > >> > it
> > >> > should.
> > >> >
> > >> > Also, that user cannot open up Outlook on their computer successfully.
> > >> >
> > >> > I started debug fixup udp and noticed that the domain controller for 
> > >> > that
> > >> > subdomain (which is also behind the firewall) for some reason is trying 
> > >> > to
> > >> > use port 138 to a domain controller that is not in it's site 
> > >> > replication
> > >> > topology. If the DC should be talking to the root DC in the forest, and
> > >> > that
> > >> > is how to PIX has been configured for several years. (Exchange 5.5 
> > >> > days)
> > >> >
> > >> > If I allow Port 138 traffic to go through the firewall, the subdomains 
> > >> > DC
> > >> > will indeed go to that other DC and the user can then successfully open
> > >> > Outlook and send and receive email.
> > >> >
> > >> > Oddly, the SELF attribute never gets updated.
> > >> >
> > >> > We placed a machine on the outside of the firewall, logged into the
> > >> > subdomain as a user from that subdomain, and even though the user can 
> > >> > send
> > >> > and receive email, the SELF attribute never gets updated to the logged 
> > >> > in
> > >> > users name.
> > >> >
> > >> > I am using secure DC to DC isakmp through the firewall replication as
> > >> > recommended in a KB as the best way to handle DC to DC replication 
> > >> > through
> > >> > a
> > >> > firewall.
> > >> >
> > >> > Frankly, I am not even sure what my next troubleshooting step should 
> > >> > be.
> > >> > Any
> > >> > help is greatly appreciated.
> > >> >
> > >> > Bruce D. Meyer, CCNA, MCSE
> > >> > Network Analyst
> > >> > City of Columbia, SC
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > -- 
> > >> > Bruce D. Meyer, CCNA, MCSE
> > >> > Network Analyst
> > >> > City of Columbia, SC
> > >>
> > >>
> > >> 
> > 
> > 
> > 
0
10/11/2006 3:20:03 PM
Reply:

Similar Artilces:

table doesn't update until after I press the escape key
I have a form with subform working but with one issue - when I enter data into a row I start on the next row, but get error about duplicate key. I press the escape key, it clears the data I just tried inputing, and it updates the key field. The key field causing the error uses this in the default value property field- =Nz(DMax("SongID","MusicOnPC_Songs"),0)+1 Is there something missing to make it update after I tab out of the last field for that row, and move into the next row? try removing the expression from the DefaultValue property of the SongID field. instead, ...

Update Field Names
Is there a way to programatically update field names in one table based on a list in another table. I have 70 sets of data with the data in one table and the field types map in a another table. Table A: District1 District2 District3 y y y y y n Table B; District Type District1 HaveDog District2 HaveCat District3 HaveOtherPet I want to update the Field names in Table A from District# to the Type name in Table B. I would appreciate any help. Thanks Craig Tables are not design...

Update cell based on date range
Hey guys! I posted this in the General Forum, but I figured this woul be a better place for this question. I was wondering if I could ge some help here. I would like to update a cell based on a date range For example, I would like to update the value of a cell to the value o another cell if the current date is between July 1st and July 10th However, if the date is outside the date range, I want the value fo that cell to not be updated, and be the previous value. Can anyone giv me an example as to how I would do this? Thanks!! -- deversol -----------------------------------------------------...

Self installing Drives
This is going to be a bit long. Last month I bought a new HP computer with Windows7 64 bits. I uninstalled the Norton antivirus that came with it, and used the Norton Removal Tool to clean any thing left over, if any. I have Microsoft Security Essentials and the Windows firewall ON. I have not installed any programs in the computer. I have 2 flash DRIVES (J and K) where I keep my files. Every thing has been working just fine until 4 days ago. I turned my computer on , clicked the J drive and a small screen came on telling me to insert the disk, but it was already inserted. I then...

unable to update KB977074
hi, my computer dosen't get the automatic update for Windows 7- KB977074 I tries to install and after restarting it installs upto 67% and fails to complete. I tried manual installation,that wouldnt help. any other solution to fix this? Thanks, Find the C:\Windows\Logs\CBS\CBS.log and see if you can find the error code for this KB. I have the same problem... "Karnal" wrote: > hi, > > my computer dosen't get the automatic update for Windows 7- KB977074 > I tries to install and after restarting it installs upto 67% and fails to > complete....

Bank Accounts Will Not Update
Problem ---------- When I try to update my bank accounts, they never succesfully update. The initial download of account transactions is successful when the account is added to Money, but from then on it never updates. More info ----------- The update now process goes like this: - Click Update Now - Click Update - Dialog box appears saying "Updating Account Information" - It briefly displays "Processing Services Updates" - A dialog appears about background banking - An Update Status dialog appears indicating "Update Not Complete" - In the Review Update Results,...

Failed update procedure
Can anyone tell me why the Office 2004 11.2.0 Update is not working on my Mac. It tells me that it can't find any programs to update, but the whole Office suite 2004 is installed. I run 10.4.3. Thanks in advance. Cees Hi Cees- Is it possible that you are already updated to 11.2? Launch one of the Office apps, go to its name in the menu bar & select About... To see what version number displays. Another possibility is if Office is installed for one user on a multi-user system & you are running the updater while logged in as a different user. HTH |:>) On 1/4/06 12:36 PM, i...

Blue screen & reboots after updates
Windows Vista Home Premium on an Acer 4420 laptop was working fine up until Wednesday morning. I installed about a dozen updates and ever since then I've had the computer crash randomly but regularly when I have IE8 open. I get a fairly quick blue screen message and then the system reboots without anyone telling it to. If I simply have the computer running but do not have IE8 running it seems to stay stable. I've uninstalled all the updates but it hasn't made any difference--still crashing! Anyone have any suggestions on what I should do to get it back. (Oh, I ...

Watch this security update which came from Microsoft Corporation
--fvjuqcqy Content-Type: multipart/related; boundary="cyboqmdyddyot"; type="multipart/alternative" --cyboqmdyddyot Content-Type: multipart/alternative; boundary="xgnyfiduslihauwz" --xgnyfiduslihauwz Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft User this is the latest version of security update, the "October 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer. This up...

Windows XP update kills logon
My Windows XP Pro laptop auto-installed updates last night on shutdown (Wed Apr 15). On startup this morning, the system refuses my passwords and I cannot log on. Refuses both user password for domain and administrator password for the local machine. Anyone else having this trouble? Any suggestions for recovery? ...

Update
I have a field called A, when somone update the B field, I would like the A field get updated. I wrote the below code but nothing is happening when i update the Submite Date field. :( Private Sub B_AfterUpdate() Dim strSQL As String Dim db As DAO.Database Set db = CurrentDb() strSQL = "UPDATE Requests" _ & " SET Requests.A=" & "Right([B],4) & '_' & [RequestID]" _ & " WHERE (((Requests.A) Is Null) AND ((Requests.[B]) Is Not Null))" db.Execute strSQL End Sub On Fri, 4 May 2007 11:49:02 -0700, Max <Max@discuss...

Updating CRM Templates
Currently we have our CRM templates (to use for mail merging) saved locally. We would like to move these onto a shared drive on our network. However, the problem is that when they are shared, we are experiencing a normal.dot issue because it is being accessed by more than one person at a time. We are told there is no way around the normal.dot issue. So we are fine storing the templates locally. However, we would like to set up a process for updating these templates periodically, in the event that changes/updates need to be made. Since they are stored locally, not everyone would rec...

Updated reorder quantities
1. How do we update the reorder point and restock levels in HQ, if we change them at the store level? 2. Is there a SQL command to help consolidate the supplier codes? I now have 2 supplier codes for some of my suppliers now that we installed HQ. I had my local partner come in and work a little on this, but he created more problems than solutions. 3. I am also looking for a new RMS partner in the area of California Central Coast. ...

How do I change default attribute values from with in SQL Metabase
I need to change a bunch of bit defaults from yes to no and was hoping to do it from within Enterprise Manager quickly instead of going in and out of every field withing CRM. Anyone know the table I need to look at where this is stored? I looked at the attribute table in the metabase which seems to have a column called default value but this does not store the default as I looked at default settings of two bit fields I have one set to yes and one set to no and in the attribute table there is no difference that I can see. -- Thanks, Brian Updating the tables on the back end is not supp...

Taste this corrective update from M$ Corp.
--cgfnnstregoq Content-Type: multipart/related; boundary="culwlggpn"; type="multipart/alternative" --culwlggpn Content-Type: multipart/alternative; boundary="agqwgznnnszlwku" --agqwgznnnszlwku Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Customer this is the latest version of security update, the "October 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer from these vulnerabilities, t...

Open read only but update when changes are made / refresh
Hi, If anyone can point in the right direction to answering this question, I would be very thankful. I was wondering if it's possible to lock an excel file and have other people open a read-only copy but have them recieve notifications when the locked file is updated. Is this possible? If you need any clarification, please ask. -Watson ...

finding attributes of the folder in the network
How to find attributes of the folder in the network using C++/ VC++ I want to check whether the folder has got write permissions or not....... Take a look at GetFileSecurity: http://msdn2.microsoft.com/en-us/library/aa446639(VS.85).aspx --- Ajay <mak.raut@gmail.com> wrote in message news:d3cc1425-ef6c-49da-866e-28013affa711@u10g2000prn.googlegroups.com... > How to find attributes of the folder in the network using C++/ VC++ > I want to check whether the folder has got write permissions or > not....... > ...

Exchange through firewall #2
I need to enable an outlook client to connect to exchange through a firewall. Client is on the internet and needs to connect in for just exchange. I'm hoping this can be done without doing a VPN. Client is XP running Outlook 2003, server is Windows 2003, Exchange 2003. Thanks... Mike Hi, Try the link below and see article Configuring Outlook 2003 for RPC Over HTTP http://office.microsoft.com/en-us/assistance/HA011402731033.aspx "Mike Brearley" <mike_brearleyDONTDOIT@NOSPAM.hotmail.com> wrote in message news:OpU3JvWaFHA.2580@TK2MSFTNGP10.phx.gbl... >I nee...

The self permission
I am running exchange 2003 sp1. My DC's are 2k sp 4. I need to give my helpdesk the ablility to add the External Assoiciated Account to Self.(for disabled accounts) I gave the helpdesk Exchange view only through the ESM on the Admin group level, But thet still cannot add that permission to self what am I missing? "Rick" <Rick@discussions.microsoft.com> wrote: >I am running exchange 2003 sp1. My DC's are 2k sp 4. >I need to give my helpdesk the ablility to add the External Assoiciated >Account to Self.(for disabled accounts) I gave the helpdesk Exchange vi...

Auto update
I have office 2004 and Office Update which is set to auto has not alerted me to the new update. I have tried manually to check for the update and I get the message "no updates available." I know I can download it through the MS web site. I just want to know why the program isn't coming up with it. Thanks, Joanne On 10/12/04 10:26 AM, in article BD916FDF.11BE%bisou@frontiernet.net, "Joanne Mann" <bisou@frontiernet.net> wrote: > I have office 2004 and Office Update which is set to auto has not alerted me > to the new update. I have tried manually to check ...

CRM 3.0 Updating Price lists and Adding new Products, Subject
We have almost 2000 products and since our original install of 1.2 we have gone from 4 price lists - List, Dealer, Quick Pay, Preferred, to List, Dealer,Quick Pay, Preferred Dealer, Preferred QuickPay, Volume We have also acquired another couple of companies and hundreds of new products, not currently in our system. We have just upgraded to 3.0 and now are in a quandry on how to best update the product and pricing modules. We think we can updae the the exisiting products with an import synching the id's and their prices. Howeve, we need to add in the 100's of new products, a...

send self junk mail
I scan virus on workstation. It does not find anything! I have created a rule that all junk mail move to SPAM folder. Is that possible that rule cause problem! Or there is warm or virus to f/1pe problem! Jimmy Jimmy <anonymous@discussions.microsoft.com> wrote: > I scan virus on workstation. It does not find anything! > I have created a rule that all junk mail move to SPAM > folder. > Is that possible that rule cause problem! > Or there is warm or virus to f/1pe problem! What is the problem that you're seeing? -- Brian Tillman Smiths Aerospace 3290 Pat...

Alert to user for Public Folder Update
Hi, Is there any way to alert to the Exchange user, if someone update the exchange folder. Please let me know if anyone know to solve this problem. thank, tmmomdy On 28 Feb 2006 04:27:33 -0800, "tmmomdy" <tmmomdy@gmail.com> wrote: >Hi, > >Is there any way to alert to the Exchange user, if someone update the >exchange folder. > >Please let me know if anyone know to solve this problem. > >thank, >tmmomdy Something from www.slipstick.com Something you script yourself or forward new posts via the Folder Assistant under the Administration tab of th...

Automatic Updates
KB955706 I can not install this; It has been trying for months Do I need this or can I delete it?? Or what Can I Do That update is for SQL server software only.... "stett" wrote: > KB955706 I can not install this; It has been trying for months Do I need this > or can I delete it?? Or what Can I Do ...

difficulties with links and updating website
I am a novice at creating websites and publishing to the web, but recently I have put together a functional website using Publisher. Initially the links in Publisher between the home page and the others would not work. I replaced them with links to the actual files on my ISPs server. The links worked. Now when I try to update the site and click "publish to web", often the file names of the pages have changed and the links are no longer active. Also, when I update my website and put the files on the server what do I need to do? Do I replace only the "index" file or d...