Solved

VPN, Lotus Notes + DSL...Can't send mail but can receive. Help!

Posted on 2002-06-10
13
2,097 Views
Last Modified: 2007-11-27
I've got a big problem. I am in need of using my business network at home.

I use ADSL service from SW Bell and also use a VPN Dialer. I can log on with no problem and can read my Lotus Notes E-mail and even download attachments with no problems. The problem comes when I try to send any outgoing Lotus Note E-Mail. It hangs forever and them I get an error message that states "Network operation did not complete in a reasonable amount of time; please retry: mail.box"

I have researched this through my Lotus notes administrator and my network's IT department and they are all stumped. The IBM Forums offer little help as well. That's when I remembered the Experts Exchange. I found the most help here several years back and I'm hoping someone here has the knowledge to help me out.

Help!
0
Comment
Question by:teddford1957
  • 3
  • 3
  • 2
  • +4
13 Comments
 
LVL 1

Expert Comment

by:rmorphis
ID: 7071352
I saw a similar problem with Windows VPN, Outlook and SWbell DSL. We fixed it by reducing the packet size to reduce fragmentation. If your using a home router like linksys, you can make this change on the router. If your going straight to the DSL modem, your client OS will determine how you make the change....
0
 

Author Comment

by:teddford1957
ID: 7071791
Morphis,

Do you mean adjusting the MTU size? If so, what would you suggest?

Thanks
0
 
LVL 1

Expert Comment

by:rmorphis
ID: 7072879
Exactly. It's worth a shot, try the smallest(576). Good luck....
0
 

Author Comment

by:teddford1957
ID: 7076877
Morphis,

Well, I've tried and tried to no avail. If I go below 1050 on the MTU size, it won't even allow me into the VPN. I get disconnected. I've run from the lowest that you suggested and increased that number by intregals of 50 and just have no luck.

Any other suggestions?

Thanks
0
 
LVL 1

Expert Comment

by:rmorphis
ID: 7078458
Not really, if you can ping the VPN server, try to determine if fragmentation is the problem with
"ping -f -n <number of pings> -l <size> <destination ip> "
ex: ping -f -n 1 -l 1472 198.170.120.1. Mess with the size until the packet is lost, that's when the MTU is too low. Then establish a VPN session and try to ping the mail server the same way and see if packet loss increases. Even if this is the problem, there's only a limited number of things you can do from the client side. If you find something, at least you'll have some ammo for dealing with your IT department. I'm sure they'll love you for it. : )
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7081199
This couldn't be a DNS hang, could it?  Is the notes server able to properly resolve your VPN client IP (forward and back)?  What happens if you try to telnet into the notes server on it's mail port, and just let it hang for 10-15 min or so?  Do you get a response?  Can you isolate (through use of sniffers) where the transfer is breaking down?  Does this happen with any other protocols?

Remember, isolate, then solve.

Cheers,
-Jon
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Accepted Solution

by:
crusade1 earned 75 total points
ID: 7146349
What are you using for a Server. If it's Windows NT, believe it or not it had to do with a RAS server entry in the Registry. VPN opens a PPTP connection with NT and RAS handles all PPTP connections regardless of the source. You need to make 2 small additions to the registry, very quick, very easy, which you can then set the MTU to say 1404 which should stop all packet fragmentation and let you use your e-mail correctly

There is an article on www.microsoft.com in the knowledge base the Q article # is Q183229 it will explain how to make the additions to the registry.
0
 

Expert Comment

by:tryst
ID: 7426999
This works. I was having *exactly* the same problem as you, lowered these two registry settings (per Q183229) to 800 each and now I can send Lotus Notes mail! Found this via Google and while I was suspicious at first, I'm a believer now. Thank you for the question teddford1957 and rmorphis and crusade1 for your spot on answers.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NdisWan\Parameters:
IPMTU, REG_DWORD, 800 (decimal)
TunnelMTU, REG_DWORD, 800
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7872036
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question:

I recommend: split between crusade1 and tryst

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

thanks,
lrmoore
EE Cleanup Volunteer
---------------------
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7873408
>I recommend: split between crusade1 and tryst

I would include myself and morphis in that split as well.  The poster never answered regarding any of the suggestions we four made near the end of the thread.  In fact, I was the only one to suggest a non-MTU solution, which it seemed the poster was looking for (since he was seemingly attempting to rule out MTU as a problem)

Cheers,
-Jon

0
 

Expert Comment

by:crusade1
ID: 7874445
Hi all

Just some more help on this whole VPN issue. We eventually dumped trying to create a VPN tunnel using our firewall software and decided to install a Windows 2000 server and utilizes the RRAS service in it.

This has worked flawlessly. There is no problems with people using outlook to send or receive e-mail. All network resources are accessible as well

There was one small tweak that we needed to do and this may help with some of the issues that people are having. We needed to create a local DNS server on the network, and then on the client machines go in to the TCP/IP protocol properties and tell it to search for the local DNS server.

We called Microsoft for the help it was WELL worth the $225 for the engineer to walk me through a local DNS server setup for VPN users.

Without the local DNS server, it’s not possible for your client computers to resolve unique network id’s

Also if you are using DHCP you will need to reserve a group of IP addresses for exclusive use by VPN users. I’d say 10 addresses are plenty, if you don’t then you can get some weird IP addresses issues when the client connects to the server.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7878864
>Without the local DNS server, it’s not possible for your
>client computers to resolve unique network id’s

I think the beginning of that statement should read "Without a thorough understanding of DNS,"

In any case, this one is dead - I think crusade's comment underscores the relevance of my DNS suggestions (since it was DNS, and not MTU that eventually solved crusade's problem).

I stand by my recommendation regarding the pt split.

Cheers,
-Jon

0
 

Expert Comment

by:SpideyMod
ID: 7926666
Answered by crusade1 (seems to be spot on confirmed by tryst)

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now