Bandwidth Requirements for Exchange 2003 / Outlook 2003 over VPN...

Posted on 2004-12-01
Last Modified: 2007-12-19
I have a company that is attempting to connect a laptop to their Domain / Exchange 2003 server via a simple IPSEC PPTP VPN.  The VPN establishes connectivity with no issue and they can ping all they want to the systems back at HQ (ping latency ~60 - 120 ms).  OWA without the VPN works like  charm; no perceptible latency at all from the user's perspective.

Here are the problems:
1.  Outlook 2003 (not caching) opens initially without issue but immediately begins attempting to communicate with the Exchange 2003 server and seems unable to connect.
2.  Attempting to browse the network / shares is either rediculously slow or results in timeouts after very long delays.  

Here are the specs...
1.  Exchange and File Server:  MS Small Business Server 2003
2.  Exchange Client:  Outlook 2003 (non-caching mode)
2.  Remote Bandwidth:  Residential DSL broadband
3.  HQ Bandwidth:  Commercial DSL with speeds listed as 1.5mb to 6.0 mb down and 384mb up.
4.  Remote VPN client:  Standard VPN connection client in Windows XP (fully patched and service packed)
5.  HQ VPN Hardware:  Fortinet FortiGate 100 VPN / Firewall

I am running relatively the same configuration elsewhere (Exchange 2003 / Outlook XP) with the same VPN configuration and the only difference is that the HQ bandwidth is a full T1 rather than a DSL connection.

I downloaded the bandwidth report on Exchange 2003 and Outlook from Microsoft and read through it but it mostly talks about RPC over HTTP which doesn't solve my network browsing issue and if Bandwidth truly is the problem here, wouldn't solve the problem anyway.

Is the HQ DSL connection the issue here?  Or is software more likely the issue?

Bonus points for thorough well thought out responses :)
Question by:dhienzsch
    LVL 23

    Accepted Solution

    This sounds like a name resolution problem - can you successfully nslookup the mail server from the PPTP client ?

    Alternatively, I would suggest LMHOSTS, but this is only valid for NT/2000, and not SBS 2003 (unless you have backward compatability installed)?

    Also verify MTU:

    Author Comment

    I checked name resolution via nslookup and have no issues.  The domain name (companyname.local) can be resolved as well as workstations (workstationname.companyname.local) and the server (servername.companyname.local).

    The system is built from the ground up as a Windows XP / Windows 2003 system with no support for WINS / LMHOSTS.  As it is DNS only I could use HOSTS files but I don't think name resolution is the issue or Outlook wouldn't launch in the first place nor would you ever be able to browse the networkin any fashion.

    However, the subject of MTU's looks as though there may be something there.  The Netopia router that was provided by their DSL carrier has the MTU set to 1500 as does the Fortigate Firewall.  Should the MTU require modification, I imagine it would need to get bumped down at both locations?

    I will need to do some testing as per the instructions listed in the FAQ 695 URL listed above.

    Thanks for the advice... it will take me a couple of days to get the testing done as everything is remote and the users technically illiterate (as in "How do you spell PING").  I'll get back to you with the results.
    LVL 23

    Expert Comment

    by:Tim Holman
    The MTU needs changing on the client workstations, not the routers.  XP should autonegotiate, but it's worth checking regardless.

    There is this too, to do with SMB server signing, that may slow things down:;en-us;814112

    When your VPNd in, does the routing work properly - ie are packets taking a long way round to get back out ?

    Author Comment

    After doing some careful testing I believe this problem is finally related to bandwidth restrictions due to DSL connections on both ends.  

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Access License Server from 2 locations 4 49
    OpenVPN Usage 2 74
    Site-to-Site VPN 6 83
    LDAP Sending RST 11 59
    I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now