SMTP and Other Services on Windows 2000 Do Not Bind to Proxy Server (249230)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Proxy Server 2.0
This article was previously published under Q249230

SYMPTOMS

When you use the "Server Proxy" method of exposing internal application servers to the Internet through Microsoft Proxy Server 2.0, the internal services may fail to bind to the proxy during boot time if the internal application server is running Windows 2000. Application servers such as SMTP, POP3, HTTP, HTTPS, FTP, Telnet, and so on can be exposed to the Internet in a secure manner by hiding the server behind a Microsoft Proxy Server. This configuration is known as Server Proxying and involves configuring the internal application server in order to bind to ports on the external interface of the Proxy.

NOTE: For more information, including steps needed to perform these configurations, please view the articles listed later in this article.

CAUSE

This problem can occur and the remote binding of server applications may fail when the application service starts during boot on a Windows 2000 server. This is caused by the fact that the NTLM Security Support Provider Service(NTLMSSP) is no longer used by most application services on Windows 2000-based computers. Because of this, SMTP or other application services do not specify a dependency for NTLMSSP and may start before NTLMSSP. The Winsock Proxy Client Layered Service Provider checks to see if NTLMSSP is started before remoting any Winsock call from the application. If the services start in the incorrect order, the remote bind will not work.

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To resolve this problem, make the service you are server proxying dependent on the NTLMSSP service to ensure that the services start in the correct order. To do so, use Registry Editor (Regedt32.exe) to view the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentContolSet\Services\application service name

Add the following registry value, and then quit Registry Editor: 
   Value Name: DependOnService
   Data Type:  REG_MULTI_SZ
   Value:      NtLmSsp

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

For additional information about server proxy configurations, click the article numbers below to view the articles in the Microsoft Knowledge Base:

184030 Using Server Proxy with SSL in Proxy Server 2.0

187652 Accessing Intranet Data Protected by Microsoft Proxy Server 2.0

181420 How to Configure Exchange or Other SMTP with Proxy Server

185638 How to Set Up Server Proxy with SQL Server 6.5

177153 Additional Proxy Server 2.0 Configurations

Modification Type:MajorLast Reviewed:10/10/2002
Keywords:kbprb KB249230
©2002 Microsoft Corporation. All rights reserved.