Outlook RPC/HTTP Client Locks Out User Account through ISA Firewall

By /

Consider the following scenario: image

  • In Microsoft Internet Security and Acceleration (ISA) Server 2006 with Service Pack 1 (SP1), you  publish a Microsoft Exchange Server 2003-based server.
  • When you publish the Exchange server, you select the Outlook RPC/HTTP(s) option.
  • On an external computer, a user tries to connect to the Exchange server by using Microsoft Office Outlook.
    Note When an external computer uses Outlook to connect to an Exchange server through RPC, the external computer is called an Outlook Anywhere client.
  • On the Outlook Anywhere client, the user provides the wrong user name or the wrong password.

In this scenario, the Outlook Anywhere client continually uses the wrong credentials every time that it tries to authenticate itself on the Exchange server. The user is not prompted to enter the correct credentials. Additionally, if the Account Lockout policy is implemented in Active Directory, the user account eventually becomes locked out.

Check out:

http://support.microsoft.com/kb/956192/en-us

for the solution and a fix.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top