Unable to connect to Exchange 2003 Server through VPN.

My CEO...being very picky about everything, wants to be able to access her e-mail on her laptop from anywhere in the United States.  We have a Verizon 1xEVDO Airprime CDMA Wireless modem express network card that provides her access to the internet.  We have a SonicWall firewall at work that we have setup a connection to using the SonicWall VPN Client software.  It connects to our file server fine...called NTFSROOT.  When I ping this it gets a reply of about .5seconds each time...not bad.  HOWEVER...when I PING the exchange server, which we call NTFSROOTB, it will not ping at all and reply back with "Ping request could not find host ntfsrootb.  Please check the name and try again."  HOWEVER...when I ping using the IP address..., it pings successfully.  When this occured, I went into the e-mail properties of Outlook 2003, and changed the Microsoft Exchange server to point to instead of NTFSROOTB.  When I select finish, then go back to double check the settings, the Exchange Server settings go back to the NTFSROOTB, instead of the IP address.  The error I get when attempting to connect to Microsoft Outlook 2003, is "Task 'Microsoft Exchange Server' reported error (0x8004011D): 'The server is not available.  Contact your administrator if this condition persists.'"  I have "Use Cached Exchanged Mode" UN-checked.  
Who is Participating?
lrmooreConnect With a Mentor Commented:
Did you pay attention to the spacing requirement in the domain controller line of the LMHOSTS file?
Using XP:

indows 2000/XP is using the extra time to search the remote computer for any Scheduled Tasks.
Note that though the fix is originally intended for only those affected, Windows 2000 users will experience
that the actual browsing speed of both the Internet & Windows Explorers improve significantly after applying it
since it doesn't search for Scheduled Tasks anymore.
Here's how :

Open up the Registry and go to :


Under that branch, select the key :{D6277990-4C6A-11CF-8D87-00AA0060F5BF} and delete it.

This is key that instructs Windows to search for Scheduled Tasks.
If you like you may want to export the exact branch so that you can restore the key if necessary.

This fix is so effective that it doesn't require a reboot and you can almost immediately determine yourself how much it speeds up your browsing processes.

Windows XP automatically searches the network for shares and printers upon connecting to the network. This is probably useful in a SOHO or home network but not the enterprise. To disable XP automatic discovery:
In Explorer, click Tools
Click Folder Options
Click the View tab,
Uncheck Automatically Search for Network Folders and Printers in Advanced settings list.


If there are NT4.0 or any other pre-Windows 2000 PCs on the LAN, XP will transmit your password to the pre-Windows 2000 PCs during its share and print search. It transmits the LM hash which is significantly weaker than XP or Windows 2000 hashes. In order to protect the LM hash, XP has a registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash which if set to 1 will prevent XP or Windows 2000 from generating the LM hash. pwdump will not be able to acquire the LM hash, which is a good thing.

Simple solution. Add a LMHOSTS file with three entries, 1 for the Exchange server, two for the domain controller, and put this LMHOSTS file on the laptop..

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
Or fix your DNS problem...
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Get her a blackberry, setup the blackberry enterprise server, then she can get her email and calander from anythere there is cell phone service.  
The problem is name resolution. You don't need to use an LMHOSTS file - it is perfectly possible to get it working without going that far.
After you have connected to the VPN see what DNS information is being set. This should be your internal servers. If it isn't - or you aren't getting any at all then you need to look at the VPN config.

However if it is just email, and she has a Windows XP laptop, and you are on a Windows 2003 AD, then why not use RPC/HTTP? Get a cheap certificate from FreeSSL.com, a bit of tweaking and voila - access to email, and a secure OWA as well.

spyder1125Author Commented:
The DNS information that I am getting when I do an ipconfig/all is not of my network....it must be that of Verizon on the PPP Connection of card, however in the Windows IP Configuration, the first one listed, it shows proper primary dns suffix and DNS suffix search list.  I'm not even sure if it is a true VPN setup on the laptop.  All that is setup is the SonicWALL VPN client....when I go into the program, the Security Policy Editor comes up...it lists a bunch of connections, 8 of them each under the GroupVPN category.  
The sonicwall VPN client might be getting DNS information from the sonicwall device itself. Most firewall devices have the ability to put DNS server information in to the their configuration, so it that device that I would look at next.
If you are not getting valid DNS information for your client machines then you need to see where that information is coming from.

This is exactly why I suggested the LMHOSTS file.
Try it, you'll like it...
LMHOSTS files are fine until you have to change the IP address of the Exchange server or something else changes with the network configuration. Then everything goes wrong.

I inherited a site where hosts or LMHOSTS files had been put on some machines - not all - and not documented. Caused a complex migration to Exchange 2003 to overrun by 3 weeks while all the machines were found and corrected. They now all run on DNS quite happily.

spyder1125Author Commented:
Thank you everyone for your input...I followed the LMHOSTS idea file...it was the easiest, Sembee even though your idea was just as good, it of course required buying something, and the IP address of the Exchange server won't be changing anytime soon, so for now this will suffice.  I am now able to connect to the exchanger server and receive e-mail....however it takes a long time....I haven't let it finish yet, but it started at 3 minutes remaining, then 7, then 11, now its up to 16....is there anything I can do about this, I dont think the CEO would like to wait such a long time to receive her e-mail.
Protest has been posted in the CS question thread
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.