Solved

Unable to connect to Exchange 2003 Server through VPN.

Posted on 2004-09-24
12
1,867 Views
Last Modified: 2012-08-13
My CEO...being very picky about everything, wants to be able to access her e-mail on her laptop from anywhere in the United States.  We have a Verizon 1xEVDO Airprime CDMA Wireless modem express network card that provides her access to the internet.  We have a SonicWall firewall at work that we have setup a connection to using the SonicWall VPN Client software.  It connects to our file server fine...called NTFSROOT.  When I ping this it gets a reply of about .5seconds each time...not bad.  HOWEVER...when I PING the exchange server, which we call NTFSROOTB, it will not ping at all and reply back with "Ping request could not find host ntfsrootb.  Please check the name and try again."  HOWEVER...when I ping using the IP address...192.168.0.15, it pings successfully.  When this occured, I went into the e-mail properties of Outlook 2003, and changed the Microsoft Exchange server to point to 192.168.0.15 instead of NTFSROOTB.  When I select finish, then go back to double check the settings, the Exchange Server settings go back to the NTFSROOTB, instead of the IP address.  The error I get when attempting to connect to Microsoft Outlook 2003, is "Task 'Microsoft Exchange Server' reported error (0x8004011D): 'The server is not available.  Contact your administrator if this condition persists.'"  I have "Use Cached Exchanged Mode" UN-checked.  
0
Comment
Question by:spyder1125
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12147150
Simple solution. Add a LMHOSTS file with three entries, 1 for the Exchange server, two for the domain controller, and put this LMHOSTS file on the laptop..

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP
0
 
LVL 2

Expert Comment

by:etsolow
ID: 12147350
Or fix your DNS problem...
0
 
LVL 6

Expert Comment

by:JRaster
ID: 12147710
Get her a blackberry, setup the blackberry enterprise server, then she can get her email and calander from anythere there is cell phone service.  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12147900
The problem is name resolution. You don't need to use an LMHOSTS file - it is perfectly possible to get it working without going that far.
After you have connected to the VPN see what DNS information is being set. This should be your internal servers. If it isn't - or you aren't getting any at all then you need to look at the VPN config.

However if it is just email, and she has a Windows XP laptop, and you are on a Windows 2003 AD, then why not use RPC/HTTP? Get a cheap certificate from FreeSSL.com, a bit of tweaking and voila - access to email, and a secure OWA as well.

Simon.
0
 

Author Comment

by:spyder1125
ID: 12163703
The DNS information that I am getting when I do an ipconfig/all is not of my network....it must be that of Verizon on the PPP Connection of card, however in the Windows IP Configuration, the first one listed, it shows proper primary dns suffix and DNS suffix search list.  I'm not even sure if it is a true VPN setup on the laptop.  All that is setup is the SonicWALL VPN client....when I go into the program, the Security Policy Editor comes up...it lists a bunch of connections, 8 of them each under the GroupVPN category.  
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 104

Expert Comment

by:Sembee
ID: 12168793
The sonicwall VPN client might be getting DNS information from the sonicwall device itself. Most firewall devices have the ability to put DNS server information in to the their configuration, so it that device that I would look at next.
If you are not getting valid DNS information for your client machines then you need to see where that information is coming from.

Simon.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12170816
This is exactly why I suggested the LMHOSTS file.
Try it, you'll like it...
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12171098
LMHOSTS files are fine until you have to change the IP address of the Exchange server or something else changes with the network configuration. Then everything goes wrong.

I inherited a site where hosts or LMHOSTS files had been put on some machines - not all - and not documented. Caused a complex migration to Exchange 2003 to overrun by 3 weeks while all the machines were found and corrected. They now all run on DNS quite happily.

Simon.
0
 

Author Comment

by:spyder1125
ID: 12173170
Thank you everyone for your input...I followed the LMHOSTS idea file...it was the easiest, Sembee even though your idea was just as good, it of course required buying something, and the IP address of the Exchange server won't be changing anytime soon, so for now this will suffice.  I am now able to connect to the exchanger server and receive e-mail....however it takes a long time....I haven't let it finish yet, but it started at 3 minutes remaining, then 7, then 11, now its up to 16....is there anything I can do about this, I dont think the CEO would like to wait such a long time to receive her e-mail.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12175779
Did you pay attention to the spacing requirement in the domain controller line of the LMHOSTS file?
Using XP:

indows 2000/XP is using the extra time to search the remote computer for any Scheduled Tasks.
Note that though the fix is originally intended for only those affected, Windows 2000 users will experience
that the actual browsing speed of both the Internet & Windows Explorers improve significantly after applying it
since it doesn't search for Scheduled Tasks anymore.
Here's how :

Open up the Registry and go to :

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/RemoteComputer/NameSpace

Under that branch, select the key :{D6277990-4C6A-11CF-8D87-00AA0060F5BF} and delete it.

This is key that instructs Windows to search for Scheduled Tasks.
If you like you may want to export the exact branch so that you can restore the key if necessary.

This fix is so effective that it doesn't require a reboot and you can almost immediately determine yourself how much it speeds up your browsing processes.

-------------
Windows XP automatically searches the network for shares and printers upon connecting to the network. This is probably useful in a SOHO or home network but not the enterprise. To disable XP automatic discovery:
In Explorer, click Tools
Click Folder Options
Click the View tab,
Uncheck Automatically Search for Network Folders and Printers in Advanced settings list.

--------------

If there are NT4.0 or any other pre-Windows 2000 PCs on the LAN, XP will transmit your password to the pre-Windows 2000 PCs during its share and print search. It transmits the LM hash which is significantly weaker than XP or Windows 2000 hashes. In order to protect the LM hash, XP has a registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash which if set to 1 will prevent XP or Windows 2000 from generating the LM hash. pwdump will not be able to acquire the LM hash, which is a good thing.

 
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12327003
Protest has been posted in the CS question thread
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now