Microsoft KB Archive/249230

From BetaArchive Wiki
Knowledge Base

Article ID: 249230

Article Last Modified on 2/28/2007


  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Proxy Server 2.0 Standard Edition

This article was previously published under Q249230


When you use the "Server Proxy" method of exposing internal application servers to the Internet through Microsoft Proxy Server 2.0, the internal services may fail to bind to the proxy during boot time if the internal application server is running Windows 2000. Application servers such as SMTP, POP3, HTTP, HTTPS, FTP, Telnet, and so on can be exposed to the Internet in a secure manner by hiding the server behind a Microsoft Proxy Server. This configuration is known as Server Proxying and involves configuring the internal application server in order to bind to ports on the external interface of the Proxy.

NOTE: For more information, including steps needed to perform these configurations, please view the articles listed later in this article.


This problem can occur and the remote binding of server applications may fail when the application service starts during boot on a Windows 2000 server. This is caused by the fact that the NTLM Security Support Provider Service(NTLMSSP) is no longer used by most application services on Windows 2000-based computers. Because of this, SMTP or other application services do not specify a dependency for NTLMSSP and may start before NTLMSSP. The Winsock Proxy Client Layered Service Provider checks to see if NTLMSSP is started before remoting any Winsock call from the application. If the services start in the incorrect order, the remote bind will not work.


WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To resolve this problem, make the service you are server proxying dependent on the NTLMSSP service to ensure that the services start in the correct order. To do so, use Registry Editor (Regedt32.exe) to view the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentContolSet\Services\application service name

Add the following registry value, and then quit Registry Editor:

   Value Name: DependOnService
   Data Type:  REG_MULTI_SZ
   Value:      NtLmSsp


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.


For additional information about server proxy configurations, click the article numbers below to view the articles in the Microsoft Knowledge Base:

184030 Using Server Proxy with SSL in Proxy Server 2.0

187652 Accessing Intranet Data Protected by Microsoft Proxy Server 2.0

181420 How to Configure Exchange or Other SMTP with Proxy Server

185638 How to Set Up Server Proxy with SQL Server 6.5

177153 Additional Proxy Server 2.0 Configurations

Additional query words: proxy2 firewall remote bind ()

Keywords: kbpending kbprb KB249230