SMTPEVT 20031 or 20033 Entries in the Application Log After You Apply ISA Server SP1 (322234)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2000 SP1
This article was previously published under Q322234

SYMPTOMS

After you apply Internet Security and Acceleration (ISA) Server Service Pack 1 (SP1), you may receive the following events: 
Type     : Error
Source   : SmtpEvt
Catagory : None
Event ID : 20031
Message  : " An unknown SMTP command "

OR

Type     : Error
Source   : SmtpEvt
Catagory : None
Event ID : 20033
Message  : " The SMTP command exceeded its allowed length "

CAUSE

After the ISA Server SMTP filter is updated by ISA Server 2000 SP1, event ID 17220 and 17240 are changed to 20031 and 20033. Because of this, you cannot correctly view the 17220 and 17240 events in the Application Log after you apply ISA Server 2000 SP1. Instead, you receive a "The description for Event ID (x) in Source (Y) cannot be found" message.

STATUS

This behavior is by design.

MORE INFORMATION

SmtpEvt 20031 or 17220 - An Unknown SMTP command

This message is logged when the SMTP Filter service in ISA Server receives a command that is not listed under the SMTP Commands tab in the SMTP Filter properties. The command that was passed appears in the DATA section of the event message. If the command was expected, you must add this command to the SMTP Filter properties SMTP Commands tab.

SmtpEvt 20033 or 17240 - The SMTP command exceeded its allowed length

This message is logged when the SMTP Filter service in ISA Server receives a command that is longer than the permitted length that is listed under the SMTP Commands tab in the SMTP Filter properties. The command that was passed appears in the DATA section of the event message. If the command was expected, you must modify the permitted length of this command in the SMTP Filter properties SMTP Commands tab.

Notes

  • The preceding events are in-bound commands only. The SMTP filter does not process SMTP filtering on out-bound commands.
  • As of May 2002, there is no mechanism in the product to include the IP address of the computer that is making the inbound connection. To find the IP address of the computer that is making the inbound connection, you can match the Event Log time to the GMT-adjusted Firewall Log time.
For additional information about UTC times in ISA Server, click the article number below to view the article in the Microsoft Knowledge Base:

258237 All Logs in ISA Server Use GMT (UTC) Times

Modification Type:MajorLast Reviewed:5/7/2002
Keywords:kbenv kberrmsg kbprb KB322234
©2002 Microsoft Corporation. All rights reserved.