SoftGrid: Outlook/Exchange communication problems after installing the SoftGrid client

We've seen one or two issues like this and while we're still investigating it I wanted to send out a heads up in case anyone else ran into it:

========

Issue: You may start having communication problems between Outlook and Exchange after installing the SoftGrid client version 4.1 or 4.2. 

In one case the customer had ISA Server 2004 in front of his Exchange server and when he monitored the connections going through to Exchange via the ISA 2004 box he saw that the connection was being denied with the result code '0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED'.

We also identified that the following registry key was being created:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC]
"EnableAuthEpResolution"=dword:00000001

Cause: This may occur if you have an ISA Server 2004 firewall separating your Exchange clients from the Exchange server and EnableAuthEpResolution is set to 1 on the client.

By default, EnableAuthEpResolution is set to 1 beginning in Windows XP SP2.  EnableAuthEpResolution did not exist (equivalent to EnableAuthEpResolution=0) in Windows XP SP1 and prior.

When the EnableAuthEpResolution is set to 1 on the client, the RPC client will perform an authenticated query to the RPC endpoint mapper. The RPC traffic to the endpoint is not successfully transmitted when you try to access published RPC server resources in a network address translation (NAT) scenario (behind your ISA Server 2004 firewall) because the RPC filter in ISA 2004 cannot perform address translation. 

For more information about the EnableAuthEpResolution registry entry visit the following Microsoft Web sites:

https://technet.microsoft.com/en-us/library/6858ad63-7254-4630-a41d-67305964312c.aspx

and

https://technet.microsoft.com/en-us/library/bb457156.aspx#EGAA

Resolution: Ideally I would say either upgrade your firewall or don't put your Exchange server behind a NAT, but sometimes we have to work with the hand we're dealt.  In that case you can always set the value of “EnableAuthEpResolution” in
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC] to zero.  Just be sure you're read the previous two links and understand the security implications involved.

J.C. Hornbeck | Manageability Knowledge Engineer