?
Solved

Windows 2003 AD + Exchange 2003 over Cisco VPN Concentrator - Email don't work

Posted on 2006-05-09
6
Medium Priority
?
359 Views
Last Modified: 2012-08-14
Hello,

We have recently migrated some remote users to our 2003 AD domain however we are now experiencing problems where the users cannot connect to Outlook 2003 via VPN.

We are using Cisco VPN client 3.6 and 4.05 - Its probably a 50-50 mixture.

Users used to be able to connect fine when we were using out Windows NT domain, Exchange 5.5 and Outlook 2003.

Users dial in via the Cisco VPN client and go into our Cisco VPN Concentrator, then they are authenticated against the concentrator and routed through out Cisco PIX depending on their user permissions. At this point they are inside our network. When they try and load up Outlook 2003 and do a send/receive it tries for ages and just sits at 50%. Never goes further.

When we route the users via the German VPN they can connect to email fine. The only difference is the Germany network is not yet on AD and they are using BIND DNS servers not Microsoft ones.

Any ideas, has anyone experienced this before is there a change we need to make to the PIX or to the Exchange server?

I did some packet sniffing via ethereal and it seems that our clients are trying to access our domain controller via kerboros using port 88 however the SYNs are sent but no ACKs are recevied. Could this be a problem?

Look forward to solutions ;-)

0
Comment
Question by:georgecooldude
  • 4
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Jandakel2
ID: 16638670
Hmmmm this is quite a weird problem.....  The DNS definitely sounds like it could be an issue, as DNS and AD go hand in hand.  Are you using Exchange Client on the machines, or are they pop'ing mail?

JK
0
 
LVL 4

Expert Comment

by:Jandakel2
ID: 16638688
http://www.petri.co.il/ports_used_by_exchange.htm

Firewall wise, these are the ports that Exchange uses.  Do the clients going through the German VPN filter through the PIX also?

JK
0
 
LVL 4

Expert Comment

by:Jandakel2
ID: 16638708
Sorry for the multiple posts....I keep thinking of things.....Something else you can do is to turn on all the logging for dropped and received packets on the 2003 server, as this will give you a pretty good indication of the traffic being dropped, what port etc.  Windows firewall settings>advanced>security Logging
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 5

Author Comment

by:georgecooldude
ID: 16638740
Hi Janakel2,

Were using Exchange client on the machines with Outlook 2003. Have checked all the ports on the petri.co.il link and they all look good. Most are added.

The german VPN is the same Cisco VPN Concentrator (slightly older IOS) however they are routed through a Checkpoint firewall. The servers dont have windows firewall turned on so we cant enable logging that way.
0
 
LVL 4

Accepted Solution

by:
Jandakel2 earned 2000 total points
ID: 16638820
I think a good place to start would be to check the Checkpoint firewall settings vs. the PIX settings.  Then I would turn ethereal on and isolate a conversation for an attempted VPN session, and do the same for one of the successful VPN connections and compare the two.  The DNS ports and maybe LDAP may be something to look at also (I believe they are listed in that link)

jK
0
 
LVL 5

Author Comment

by:georgecooldude
ID: 16662853
solved the problem using ethereal. looks like ad dns is going to the wrong places. changed some things on the firewall and all working ok
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question