使ç¨ISA RPC Filteråå¸Exchange RPC æ们é½ç¥éå¦æå¨å
¬ç½ä¸ç´æ¥åå¸RPC端å£æ¯é常å±é©çï¼ä½æ¯æ们çä¸äºæ¼«æ¸¸å®¢æ·å¸æå¯ä»¥ä½¿ç¨Outlook MAPI Clientè¿æ¥å°Exchange Serverãè½ç¶ä½ å¯ä»¥è®©ä»ä»¬ä½¿ç¨OWAè¿è¡æä½ï¼ä½æ¯è¿æ¯æä¸äºåè½ä¸è½å¤è¢«ä½¿ç¨ï¼ç°å¨æäºISA RPC Filtere为æ们å®å
¨çåå¸Exchange RPCæä¾å¾å°äºè§£å³æ¹æ¡ã
ä¸ã ISA RPC Filterçå·¥ä½åç
å¨æ们åå¸Exchange RPCä¹åå
äºè§£ä¸ä¸ï¼ISA RPC Filteræ¯å¦ä½ä½¿Exchange RPCè¿æ¥åå¾å®å
¨çã
é¦å
使ç¨TCP 135端å£Outlook 建ç«ä¸ä¸ªè¿æ¥å°ISAçå
¬ç½æ¥å£ï¼è¯·æ±ä¸Exchange Serverè¿è¡è¿æ¥ãèåISA RPC Filteræªåå°è¿ä¸ªè¯·æ±ï¼å°å
¶è½¬åå°å
ç½çExchange Serverä¸ã
å½Exchange Serveræ¶å°ISA RPC Filter转åçè¿ä¸ªè¯·æ±çæ¶åï¼ä¼ååºè¿ä¸ªè¯·æ±ï¼å¹¶è¿åä¸ä¸ªç«¯å£å·ï¼ä½¿Outlook Clientå¯ä»¥åéæ¶æ¯ãå¦æ没æISA RPC Filterçè¯ï¼ç°å¨Outlook Clientå°±å¯ä»¥åExchange Serverè¿è¡é讯äºï¼ä½æ¯ç°å¨æäºISA RPC Filterå®å°ä¼æè·è¿ä¸ªè¯·æ±ï¼å¹¶åæ¶å»ºç«ä¸ä¸ªDynamic Packet Filterå¨å®çå
¬ç½æ¥å£ä¸ï¼è¿ä¸ªDynamic Packet Filterå°å¨ISAå
¬ç½æ¥å£ä¸åé
ä¸ä¸ªåªæOutlook Clientæå¯ä»¥è¿æ¥ç端å£ãè¿æ¶ISAä¼å»ºç«äºä¸ä¸ªä»Exchange Serveræªè·ç端å£å°Dynamic Packet Filter建ç«ç«¯å£çæ å°ãOutlook Clientå°ä»è¿ä¸ªæ å°ç端å£æ¶å°ä¿¡ä»¶ãå¦å¤ï¼å½Outlookç»éå°Exchangeçæ¶åä¼æ³¨åä¸ä¸ªå¯ä»¥ä»Exchangeæ¶åæ°é®ä»¶çæ°ç«¯å£ï¼è¿æ¶ISA RPC Filterä¼æ
æéæ½æç
§ä¸é¢çé»è¾å¨è¿è¡æ å°ãè¿æ¶Outlook Clientä¼æ¶å°è¢«ISAæ å°è¿ç端å£ï¼éè¿è¿ä¸ªç«¯å£è¿è¡è¿æ¥å¹¶æ¶åæ°é®ä»¶ã
è¿ç§æè¿°å¯è½ç解ä¸æäºå°é¾ï¼çä¸ä¸è¿å¼ å¾å¯è½ä¼æ¯è¾å¥½ç解ã
å¾ä¸ï¼ISA RPC Filter åç
ä»ä¸é¢çåçå¯ä»¥çåºæ¥ï¼ææçRPCé讯é½è¢«ISA RPC Filterä¸¥æ ¼çè¿è¡ç管ï¼åªå
许åExchange Serverçé讯æå
³çæ°æ®å
éè¿ï¼è¿å°±ä¿è¯äºRPCçé讯å®å
¨ã
äºã 为åå¸Exchange RPCé
ç½®åè®®
å¨é
ç½®Exchange 2000 RPCåå¸è§åä¹åï¼è¯·å
确认DNS Queryï¼UDP 53ï¼ãDNS Zone Transferï¼TCP 53ï¼åSMTPï¼TCP 25ï¼è¿å 个端å£å¯ä»¥è¢«ä½¿ç¨ã
1ã é¦å
éè¦å建ä¸ä¸ªå
许Microsoft Outlook MAPI客æ·ç«¯ï¼ä½¿135端å£å¯ä»¥éè¿é²ç«å¢ãå±å¼âAccess Policyâå¨âProtocol Rulesâä¸é¢ç¹å»å³é®ï¼éæ©âNewâ*âRuleâ
å¨æ°åºç°çæ°å»ºè§åå导设置为ï¼
Name: Exchange Outlook MAPI
Action: allow
Applies to the following protocols: Selected Porlocols RPC
Schedile: Always
Apple the rule to request from: Any request
2ã å¨å建exchange RPCåå¸è§åä¹åï¼ä½ è¦å
ç¡®å®ä½ çRPC Filteræ¯å¯ç¨ç¶æï¼å¦æä½ çRPC Filteræ¯ç¦ç¨çï¼ä½ å°æ æ³ä»Protocol Definitionä¸æ¾å°Exchange RPC Serveråè®®ãæå¼RPC Filteræ¹æ³æ¯å±å¼âExtensionsâéæ©âApplication Filtersâï¼å¨å³è¾¹éæ©âRPC filterâå³é®éæ©å¯ç¨ãå¨ç¡®è®¤å¯ç¨âRPC filterâåï¼å建ä¸ä¸ªExchange RPC Publishingè§åï¼å±å¼âPublishingâå¨âServer Publishing Ruleâç¹å»å³é®éæ©âNEWâ*âRuleâ
å¨æ°åºç°çæ°å»ºè§åå导设置为ï¼
name: exchange MAPI Publishing
Internal IP: exchange å
ç½IPå°å
External IP: å°è¦åå¸çå
¬ç½IPå°å
Protocol: Exchange RPC Server
Applies to requests from: Any Request
é
ç½®å®æåï¼éæ°å¯å¨Firewall Serviceï¼è¿æ¶æµè¯ä¸ä¸ä½ ç135端å£æ¯å¦ççæå¼äºï¼ä½¿ç¨å¦å¤ä¸å°çµè使ç¨æ¨å·ä¸ç½ï¼ç±äºæ¯æµè¯ä¸å®è¦ä½¿ç¨æ¯è¾ç®åçç½ç»ç»æï¼å°½éåå°å
¶ä»ç½ç»å ç´ å½±åå¦ï¼NAT,é²ç«å¢çã使ç¨telnet External IP 135ï¼å¦ææ示âæ æ³è¿æ¥âï¼ä½ å°±è¦æ¾æ¾å
¶ä»çå°æ¹æä»ä¹é®é¢ï¼æ¯å¦ï¼åä¸æ®µæ¶é´çå²å»æ³¢ç
æ¯ï¼å¯¼è´å¾å¤ISPé½å
³éäº135端å£ï¼ä½ å¯ä»¥åä½ çä¸çº¿æä¾åèç³»ä¸ä¸ï¼å¦æä½ æè·¯ç±æè
å
¶ä»é²ç«å¢æ没æå
³é135端å£çã
ä¸ã 为åå¸Exchange RPC é
置身份éªè¯
å½Outlook Clientç»éå°Exchange çæ¶åï¼Exchangeä¼è¦æ±Outlook Clientå°Active Directoryå»éªè¯èº«ä»½ï¼ä½æ¯Active Directoryæ æ³ç´æ¥éªè¯è¿ç¨ä¸»æºï¼æä»¥ä½ è¦é
ç½®ç±Exchange Server代çOutlook Client åActive Directoryè¿è¡èº«ä»½éªè¯ã
å
·ä½æ¹æ³æ¯ï¼æå¼Exchange Serverä¸ç注å表æ¾å°ï¼
âHKLM\System\CurrentControlSet\Services\MSEchangeSA\Paramentersâ
æ·»å ä¸ä¸ªåé®ï¼
Value: No RFR Service 注æ大å°å
Type: REG_DWORD
Data: 1
æ·»å å®æåéæ°å¯å¨Exchange Server
åã 为åå¸exchange RPCé
ç½®DNS
对DNSé
ç½®æ¯å¾å¤ç½ç»ç®¡çåé½ä¼å¿½ç¥çé®é¢ï¼å½ä½ å¨Outlook MAPI Clienté
ç½®Exchangeè´¦å·ï¼å¹¶æåçâæ£æ¥å称âä¹åï¼ä½ ä¼åç°ä½ æå¡å¨çå°åæ ä¸åæäºä½ Exchange ServerçNETBIOSå称ãè¿æ¶ä½ å使ç¨Outlook MAPI Clientè¿æ¥Exchange Serverçæ¶åï¼Outlook MAPI Clientå·²ç»å¼å§ä½¿ç¨Exchange Server çNETBIOSå称å¨å
¬ç½ä¸è¿è¡æ¥è¯¢ãæ以å¾å¤äººå¨é
ç½®å®æExchangeè´¦å·çæ¶åï¼å¯ä»¥æ£ç¡®âæ£æ¥å称âï¼ä½æ¯å¨ä½¿ç¨Outlook MAPI Client è¿è¡æ¶ä¿¡çæ¶åä¼æ示è¿æ¥å¤±è´¥ã
å¨ç¥éåå åä»ç»ä¸ä¸è§£å³åæ³ï¼ä¸è¬ä¼ä¸çDNSä¼é
置为两ç§æ¹æ¡ä¸ç§æ¯ä½¿ç¨Split-Brain DNSï¼å¦ä¸ç§æ¯ä¼ä¸ä½¿ç¨çå
å¤ç½çDNSå称ä¸ä¸è´ãæ们æ¥åå«ä»ç»ä¸ä¸è¿ä¸¤ç§ç±»åçDNSå¦ä½é
ç½®ã
å¦æä½ çå
¬å¸ä½¿ç¨çæ¯Split-Brain DNSãä½ å°æ两个DNSåºå使ç¨ç¸åçååï¼è¿æ¯ä½ åªéè¦å¨ä½ çå
¬ç½çDNSåºåæ·»å ä¸ä¸ªExchange Server Computer Name为å称ç主æºï¼Aï¼è®°å½ã使å¾ä½ çå
ç½åå¤ç½Outlook MAPI Clientå¨é½å¯ä»¥ä½¿ç¨Exchange Computer Nameæ£ç¡®è§£æå°ä½ çExchange Serverã
ä¾å¦ï¼ä½ çå
ç½çExchange Serverçå称æ¯mail.domain.com并æåä¸ä¸ªä½ å
ç½çIPå°åï¼é£ä¹éè¦ä¿è¯ä½ çå¤ç½DNSåºåä¹å¯ä»¥è§£æmail.domain.comå称ï¼å¹¶ä¸è¯¥åååºè¯¥æåä½ çExchange RPC Publishing ruleé设置çIPå°åä¸ã
å¦æä½ çå
¬å¸ä½¿ç¨çæ¯å
å¤ç½ä¸ä¸è´çååï¼é£ä¹ä½ å°±éè¦å¨ä½ çå¤ç½çDNSåºåæ·»å ä¸ä¸ªä»¥ä½ çexchange server çNETBIOSå称为主æºåç主æºï¼Aï¼è®°å½ï¼ä½ ä¿è¯ä½ çå¤ç½çOutlook MAPI Clientå¯ä»¥æ£ç¡®ç使ç¨NETBIOSå称ï¼è§£æå°ä½ çexchange serverçå°åã
äºã é
ç½®Outlook MAPI客æ·ç«¯
å¨å建账å·çé®é¢ä¸æç¸ä¿¡å¤§å®¶ä¸ä¼æä»»ä½é®é¢ï¼å¨è¿éæåªè¯´ä¸ä¸DNSé
ç½®çé®é¢ï¼å¨åé¢æ们说è¿Outlook MAPI ClientçExcahngeè´¦å·å¨âæ£æ¥å称âåï¼Outlook MAPI Clientå°ä½¿ç¨EXCHANGE SERVERçNETBIOSå¨å
¬ç½è¿è¡æ¥è¯¢ãè¿æ¶å°±ä¼åºç°é®é¢ï¼å 为NETBIOSå称ä¸è½å¤å¨å
¬ç½ä¸è¢«è§£æï¼ä½ å¿
é¡»èªå·±é
ç½®è¿æ¥ç主è¦DNSåç¼ä»¥ä¿è¯ä½ çOutlook mapi客æ·ç«¯å¯ä»¥éè¿NETBIOS解æå°ä½ çExchange Serverãå¨Windows 2000 Pro/Windows XPå¢å 主è¦DNSåç¼æå¾å¤æ¹æ³ï¼æå¨è¿éåªä»ç»ä¸ç§
æå¼âæ¨å·ç½ç»åè¿æ¥âï¼æ¾å°ä½ 使ç¨çâè¿æ¥âï¼å³å¥å±æ§ï¼æå¼TCP/IPåè®®çå±æ§ï¼éæ©é«çº§ï¼å¨TCP/IPåè®®çé«çº§è®¾ç½®å¯¹è¯æ¡ä¸ï¼éæ©DNSé项å¡ï¼å¨DNS BUFFIX FOR THIS CONNECTIONä¸å¡«å
¥ä½ çå
¬ç½çDNSåºåå称ã
å¾äºï¼æ³¨æ红è²é¨åï¼å¨éé¢å¡«å
¥ä½ çå
¬ç½ååã
å®æåå¨å½ä»¤è¡æ¨¡å¼ä¸ä½¿ç¨pingå½ä»¤æµè¯ä»¥ä¸ï¼å¦æå¯ä»¥ä½¿ç¨netbioså称æ£ç¡®ç解æå°ä½ çexchange serverçå°åå°±å¯ä»¥äºã
ç°å¨ä½ å°±å¯ä»¥ä½¿ç¨outlook clientè¿æ¥ä½ çexchangeå®å
¨çè¿è¡æ¶ä¿¡äºï¼å¦æå
¶ä»çé®å¯ä»¥åé®ä»¶èç³»æ bjtangseng@gmail.comï¼æä¼å°½å解ççã
温馨提示:内容为网友见解,仅供参考