We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
9 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Outlook 2000 over a VPN connection and MTU settings
Posted on 2002-06-03
We currently run Exchange server 5.5 over a Windows NT4.0 Server box, we use Sonicwall Pro as a firewall and the VPN client that comes with it for our VPN activities.
Anytime anyone connects to the network via VPN they can perform any operation that they want, browse the network, Internal web based applications, etc. They cannot however use Outlook 2000 to check their e-mail. You can see the e-mail server and you can even ping it and get a reply. If you open Outlook it sits there for a few minutes and then ask if you want to work offline.
I have done a substantial amount of research into the subject and it appears the Outlook over VPN is a problem for a lot of people. Apparently the main culprit is the ip packet size. The VPN’s addition of ipsec makes the packets to large for Exchange and Outlook to handle.
A possible fix I would assume is to go into Exchange Server or NT4.0 on the box all this sits on and lower the MTU value of NT or Exchange. My question is there any way to do this. I thought maybe TweekUI, but I can’t seem to find one for NT 4.0 server.
Also any thoughts or comments that I may be totally off base and there is another solution, I’m more than willing to entertain suggestions.
Thank You
Charles
Anytime anyone connects to the network via VPN they can perform any operation that they want, browse the network, Internal web based applications, etc. They cannot however use Outlook 2000 to check their e-mail. You can see the e-mail server and you can even ping it and get a reply. If you open Outlook it sits there for a few minutes and then ask if you want to work offline.
I have done a substantial amount of research into the subject and it appears the Outlook over VPN is a problem for a lot of people. Apparently the main culprit is the ip packet size. The VPN’s addition of ipsec makes the packets to large for Exchange and Outlook to handle.
A possible fix I would assume is to go into Exchange Server or NT4.0 on the box all this sits on and lower the MTU value of NT or Exchange. My question is there any way to do this. I thought maybe TweekUI, but I can’t seem to find one for NT 4.0 server.
Also any thoughts or comments that I may be totally off base and there is another solution, I’m more than willing to entertain suggestions.
Thank You
Charles
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
- +1
6 Comments
I have found with my VPN clients that creating host files seem to eliminate alot of the timeout issues related to name resolution. How are your Outlook 2K clients configured?
Ken
Not sure what you mean by host files, but the Outlook 2K clients are configured to use the Exchange Server X400 protocol exclusively.
The same clients that have Outlook over VPN timeout issues have absolutly no problem when they come into the office and connect to the Exchange Server normally.
The crappy thing about this whole set-up is that it does occasionally work. I think sometimes traffic is low enough where packet overhead is a non-issue
Not sure what you mean by host files, but the Outlook 2K clients are configured to use the Exchange Server X400 protocol exclusively.
The same clients that have Outlook over VPN timeout issues have absolutly no problem when they come into the office and connect to the Exchange Server normally.
The crappy thing about this whole set-up is that it does occasionally work. I think sometimes traffic is low enough where packet overhead is a non-issue
Here's the link to the reg keys to change the MTU size...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q120642
to determine what MTU size to use, establish a VPN session and try to ping the mail server with ping -f -n <number of pings> -l <size> <destination ip> ex: ping -f -n 1 -l 1472 198.170.120.1. The problem may be between your clients and VPN server or even clients and their ISP. gonna take some experimenting.
Good Luck!
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q120642
to determine what MTU size to use, establish a VPN session and try to ping the mail server with ping -f -n <number of pings> -l <size> <destination ip> ex: ping -f -n 1 -l 1472 198.170.120.1. The problem may be between your clients and VPN server or even clients and their ISP. gonna take some experimenting.
Good Luck!
Basically there is no concrete answer to this, but you sir have done the best by far in helping me.
Thank You
Thank You
To anyone who may read this in the future I had to did deeper to actually fix the problem:
Believe it or not it had to do with a RAS server entry in the Registry. VPN opens a PPTP connection with NT and RAS handles all PPTP connections regardless of the source. You need to make 2 small additions to the registry, very quick, very easy, which you can then set the MTU to say 1404 which should stop all packet fragmentation and let you use your e-mail correctly
There is an article on www.microsoft.com in the knowledge base the Q article # is Q183229 it will explain how to make the additions to the registry.
Believe it or not it had to do with a RAS server entry in the Registry. VPN opens a PPTP connection with NT and RAS handles all PPTP connections regardless of the source. You need to make 2 small additions to the registry, very quick, very easy, which you can then set the MTU to say 1404 which should stop all packet fragmentation and let you use your e-mail correctly
There is an article on www.microsoft.com in the knowledge base the Q article # is Q183229 it will explain how to make the additions to the registry.
Featured Post
![[Webinar] Learn How Hackers Steal Your Credentials](https://filedb.experts-exchange.com/files/public/2017/5/21/e0b7778f-e79e-4b5d-9ec6-5496e40be42e.png)
Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
- Exclaimer
- Exchange
- Outlook
- Email Software
- Email Servers
- Email Clients
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory.
NOTE: For Outlook 2016 and 2013 perform the exact same steps.
Open a new email: Click the New email button in Outlook.
Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month9 days, 15 hours left to enroll
623 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.