One of my favorite features of the ISA firewall is secure RPC publishing. While this feature took a hit after the Blaster worm was released to the wild, the hit wasn't related to the RPC publishing feature. In fact, the secure Exchange RPC publishing feature actually protected all Exchange Servers published behind the ISA firewall.
I have to admit that the attractiveness of the secure RPC publishing solution isn't what it used to be, given that we now have RPC/HTTP and can publish RPC/HTTP servers behind the ISA firewall and do it securely by taking advantage of the HTTP Security Filter.
However, RPC/HTTP does have a number of requirements that some ISA firewall admins don't want to deal with. There are the certificate deployment issues, you need the right version of Outlook, and you need the right versions of Exchange and Windows. If you can't meet all of these requirements, then secure RPC publishing remains a good solution.
However, if you have Exchange Server 2007 behind an ISA 2006 firewall and use secure Exchange RPC publishing, you might find that while users can connect to the Exchange Server, they don't receive new mail notifications. The problem is that the UUID for the notification RPC interface is missing in the properties of the Exchange RPC Server protocol. You'll see this happen after installing the update on the ISA firewall that supports publishing Exchange 2007 925403
You can fix this problem by installing ISA 2006 SP1. If you don't want to install SP1, you can workaround the problem by adding the correct RPC interface in the definition of the Exchange RPC server protocol.
Go to http://support.microsoft.com/kb/951713 for the details on how to add the new RPC interface.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
MVP — Forefront Edge Security (ISA/TMG/IAG)