chemdry
asked on
VPN Connection works but outlook connecting to exchange server occasionaly works
Ok I have a Juniper Network Firewall 25 and I have set up a vpn to allow traveling users to connect to our network and so they can use their outlook on the road (we had a new mandate that made me remove OWA)
The vpn works great, everyone can connect, if they have offline files they synch and they can ping the internl servers by both UDN name and ip address. Here is the problem, I'm getting reports back from the field that their outlook sometime won't ever connect to exchange box. If they are in a hotel that they can connect using outlook, they always can. If they are in a hotel were the first try they can't they never can. We also have a few users that have Verizon wireless broadband card so they can connect where ever. I'll use this one as an example since I can try it out in the office.
Using the boadband card I connect and then connect to the vpn. I can ping, synch and remote desktop to our internal servers including the exchange server.
When I open exchange, it just sits at "trying to connect". If I run from the command line: outlook.exe /rpcdiag it shows it first trying to connect to a DC server and then the exchange server. Nothing is dispalyed in the Interface or conn columns. This makes me believe exchange doesn't know about the broadband interface.
I could really use some help on this one ASAP. I need to get this connection more reliable.
THanks,
Aaron
The vpn works great, everyone can connect, if they have offline files they synch and they can ping the internl servers by both UDN name and ip address. Here is the problem, I'm getting reports back from the field that their outlook sometime won't ever connect to exchange box. If they are in a hotel that they can connect using outlook, they always can. If they are in a hotel were the first try they can't they never can. We also have a few users that have Verizon wireless broadband card so they can connect where ever. I'll use this one as an example since I can try it out in the office.
Using the boadband card I connect and then connect to the vpn. I can ping, synch and remote desktop to our internal servers including the exchange server.
When I open exchange, it just sits at "trying to connect". If I run from the command line: outlook.exe /rpcdiag it shows it first trying to connect to a DC server and then the exchange server. Nothing is dispalyed in the Interface or conn columns. This makes me believe exchange doesn't know about the broadband interface.
I could really use some help on this one ASAP. I need to get this connection more reliable.
THanks,
Aaron
One easy solution may be to add a LMHOSTS file to their laptops with three entries:
10.0.0.1 PDCNAME #PRE #DOM:DOMAIN-NAME
10.0.0.1 "DOMAIN-NAME \0x1b" #PRE
10.0.0.25 EXCHANGE1 #PRE
Ref:
How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/kb/q180094/
Never fails me on while I'm on the road. Never been in a situation where I could not access Exchange server over the VPN.
10.0.0.1 PDCNAME #PRE #DOM:DOMAIN-NAME
10.0.0.1 "DOMAIN-NAME \0x1b" #PRE
10.0.0.25 EXCHANGE1 #PRE
Ref:
How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/kb/q180094/
Never fails me on while I'm on the road. Never been in a situation where I could not access Exchange server over the VPN.
Lrmoore's suggestion would be the first one to try if I were you. I had a lot of guys having the save problem. An entry either in LMHosts file or Hosts file will resolve your problem.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
Yes the user is able to connect to other resources on the VPN, just Outlook won't connect. I tried the LMHOST and it didn't work either.
We have OWA still up internal (must be vpn in to use it) for testing and backup for outlook not working. It seems the both Internet Explorer and Outlook aren't checking the vpn tunnel although when you go to a command prompt and ping it does....
When connected to the vpn (remember everything works with some connections and other connections ie a different hotel it doesn't and for this case I'm using the Verizon Wireless Broadband Air Card which is a connection that doesn't) and I open explorer and type in 10.1.1.2 which is our Exchange server, it comes back with this service isn't available on and shows a public IP address which I think is verizons and outlook doesn't show a interface it is trying to connect on.
On the LMHOST, I replace DOMAIN_NAME with ours and EXCHANGE1 with our exchange server right? That's what I did but want to make sure.
We have OWA still up internal (must be vpn in to use it) for testing and backup for outlook not working. It seems the both Internet Explorer and Outlook aren't checking the vpn tunnel although when you go to a command prompt and ping it does....
When connected to the vpn (remember everything works with some connections and other connections ie a different hotel it doesn't and for this case I'm using the Verizon Wireless Broadband Air Card which is a connection that doesn't) and I open explorer and type in 10.1.1.2 which is our Exchange server, it comes back with this service isn't available on and shows a public IP address which I think is verizons and outlook doesn't show a interface it is trying to connect on.
On the LMHOST, I replace DOMAIN_NAME with ours and EXCHANGE1 with our exchange server right? That's what I did but want to make sure.
Regarding the LMHOSTS, yes, replace "PDCNAME" with the name of the domain controller, "EXCHANGE1" replace with the name of the exchange server, the "domain-name" with your domain.
Rules of LMOSTS are explained in the reference article.
Spaces are tabs, not spaces, i.e.
10.0.0.1 <tab> DCNAME <tab> #PRE <tab> #DOM:DOMAIN-NAME
10.0.0.1 <tab> "DOMAIN-NAME \0x1b" <tab> #PRE
^ there must be eactly 20 characters between " " and the last 5 characters must be "\0x1b"
There must be a blank line with carriage return at the end
File must not have .txt or any other file extension
Use "nbtstat -R" after saving the file (Capital "R")
Use "nbtstat -c" to check that it worked (lowercase "c")
What kind of VPN are you using? Microsoft PPTP or other?
Rules of LMOSTS are explained in the reference article.
Spaces are tabs, not spaces, i.e.
10.0.0.1 <tab> DCNAME <tab> #PRE <tab> #DOM:DOMAIN-NAME
10.0.0.1 <tab> "DOMAIN-NAME \0x1b" <tab> #PRE
^ there must be eactly 20 characters between " " and the last 5 characters must be "\0x1b"
There must be a blank line with carriage return at the end
File must not have .txt or any other file extension
Use "nbtstat -R" after saving the file (Capital "R")
Use "nbtstat -c" to check that it worked (lowercase "c")
What kind of VPN are you using? Microsoft PPTP or other?
ASKER
I'm using the Juniper Netscreen 25 firewall with the Netscreen-Remote vpn client utility.
I've tried the LMHOSTS and it doesn't appear to be working. Since I'm not connected through microsoft vpn which assigns your computer an internal ip address it can't find the records. The Netscreen-remote assigns a 60.60.60.x ip address and nats the transversal back and forth.
Has anyone seen a way to force the network connection to check a particular connection first and then any other connections second?? I'm thinking that outlook and IE are looking at the broadband connection, not finding the servers, and then doesn't check the vpn connection. But ping seems to do so as I can ping everything.
I've tried the LMHOSTS and it doesn't appear to be working. Since I'm not connected through microsoft vpn which assigns your computer an internal ip address it can't find the records. The Netscreen-remote assigns a 60.60.60.x ip address and nats the transversal back and forth.
Has anyone seen a way to force the network connection to check a particular connection first and then any other connections second?? I'm thinking that outlook and IE are looking at the broadband connection, not finding the servers, and then doesn't check the vpn connection. But ping seems to do so as I can ping everything.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This FULLY fixed a similure problem I was having with VPN... AWESOME! Thanks!
Reason I ask is VPN's will often not work in some public locations such as hotels due to their routers not supporting or are not configured for VPN pass through, also some intentionally block all but ports 80 and 443. The other thing I have run into is either end of a tunnel needs to be on a different subnet. If your office is on a common subnet such as 192.168.0.0, 192.168.1.0, 192.168.100.0, or 10.0.0.0, it will often conflict with the remote site.