XPSP2 Issues: Summary #1
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 08/16/04
- Previous message: Liu Die Yu: "MSIE Vulnerability Advisory : MSIE - New Site Spoofing - NullyFake"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Aug 2004 09:03:11 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
In this issue;
1. Reminder: XP SP2 Release Notes contain links to relevant KB articles
2. Solution to the Outlook delayed display update problem.
1. Reminder: XP SP2 Release Notes contain links to relevant KB articles
http://support.microsoft.com/default.aspx?scid=kb;en-us;835935
2. Solution to the Outlook delayed display update problem.
Oleg Bestseny posted a message about how, after XP SP2, Outlook did not
immediately update the display of various folders (Inbox and Outbox.)
His solution was to grant an exception in the Windows Firewall for the
Outlook.exe program (restricting its scope to the Exchange Server only.)
Several other people posted additional information, including one post
from a Microsoft employee confirming much of what the others stated.
Outlook updates its state with the Exchange Server (i.e. whether a
message has been sent, or displaying new messages in the inbox) based on
one of two methods. Outlook 2000 and 2002 both inform the Exchange
Server of a dynamic UDP port the client establishes a listen on in order
to receive notifications. If that fails to receive notifications, it
will revert to polling the Exchange Server every 60 seconds. Outlook
2003 starts by polling, and if it receives a UDP notification it will
then stop polling and rely upon the UDP notifications.
Two trains of thought here. Receiving UDP notifications may cause less
traffic, since they will only happen when a notification is needed.
Polling is constant, every 60 seconds, regardless whether there's
something pending for the client or not. Receiving UDP notifications
means the client must allow inbound UDP traffic to an unknown,
dynamically assigned, port. That means a Firewall rule must be extremely
permissive (allow inbound UDP from anyport to anyport from Exchange
Server.) Outlook 2003 has a registry value allowing you to specify a
specific UDP port for this traffic.
Outlook 2000 and 2002 can have a registry key specified to prevent it
from trying UDP, forcing it to do polling, thereby eliminating the
permissive Firewall rule.
Registry keys for Outlook 2000 to force polling;
<http://support.microsoft.com/default.aspx?scid=kb;en-us;304849>
Registry keys for Outlook 2002 to force polling;
<http://support.microsoft.com/default.aspx?scid=kb;en-us;305572>
Registry key for Outlook 2003 fixed UDP port;
<http://support.microsoft.com/default.aspx?scid=kb;en-us;264035>
Just as an FYI, the following two KB articles describe how to configure
Exchange Server so that RPC connections always occur on a static port.
This is excellent for Firewalls, although its not necessary for the
Windows Firewall.
Registry keys for assigning static RPC ports for Outlook RPC access to
Exchange Server 4.0/5.0/5.5
<http://support.microsoft.com/default.aspx?scid=kb;en-us;148732>
Registry keys for assigning static RPC ports for Outlook RPC access to
Exchange Server 2000/2003
<http://support.microsoft.com/default.aspx?scid=kb;en-us;270836>
Dean A. Cleaver suggested using RPC over HTTP, which he says does not
experience this problem.
neo@neostorm.net, R.Crayk, Bruce Ahrendt, Tim Evans, Cenk Kulacoglu, and
Robert Mezzone contributed to this report.
Cheers,
Russ - NTBugtraq Editor
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: Liu Die Yu: "MSIE Vulnerability Advisory : MSIE - New Site Spoofing - NullyFake"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
