rustyrpage
asked on
Strange Problem
This may be something that is too hard, but we'll see:
We have an Exchange 2003 server that we have two ways of connecting to:
1) We have people inside the company on the LAN that connect to the Exchange server via Outlook. We have no problems there
2) We have people on the outside that connect to the network via VPN first & then Exchange via Outlook.
We are having problems with the second group of people connecting to Outlook. Their Outlook says connected, but it doesn't download any new messages. They can send messages, but not receive. They are able to send/receive via OWA. The strange thing is that they can do everything else on the network over the VPN, so we do not think it is a VPN issue.
Has anyone ever heard of a similar issue? If so, what is the fix?
We have an Exchange 2003 server that we have two ways of connecting to:
1) We have people inside the company on the LAN that connect to the Exchange server via Outlook. We have no problems there
2) We have people on the outside that connect to the network via VPN first & then Exchange via Outlook.
We are having problems with the second group of people connecting to Outlook. Their Outlook says connected, but it doesn't download any new messages. They can send messages, but not receive. They are able to send/receive via OWA. The strange thing is that they can do everything else on the network over the VPN, so we do not think it is a VPN issue.
Has anyone ever heard of a similar issue? If so, what is the fix?
sned but not receive !?! that is odd .. still sounds like a VPN issue, or potentially a client side issue
ASKER
Here is why we do not think that is the case:
1) It isn't a client side issue, because that same computer can come onto our LAN & it works fine...it is affecting about 40 people in the field
2) It isn't a VPN issue, because restarting the Exchange server fixes it for a short time, then it stops.
1) It isn't a client side issue, because that same computer can come onto our LAN & it works fine...it is affecting about 40 people in the field
2) It isn't a VPN issue, because restarting the Exchange server fixes it for a short time, then it stops.
not a VPN issue? Hmm .. while restarting the Exchange Sever typically points to an Exchange problem .. keep in mind that it also resets your NICs .. and the port on the switch .. ??
If the inside users aren't experiencing the issue .. .EVER, then I would begin t/s this from a network standpoint ..
Now if you restart only the Exchange Services and THAT resolves the problem .. ??
If the inside users aren't experiencing the issue .. .EVER, then I would begin t/s this from a network standpoint ..
Now if you restart only the Exchange Services and THAT resolves the problem .. ??
This almost has to be something at the client end rather than the server. Are the VPN users using Outlook 2003? If so, have you checked the "Use cached mode" setting? Even over a VPN connection (provided it's broadband and not dial-up!), I tend to turn off the cached mode setting because users often get confused because they don't see new mail coming in as quickly as they expect. And regardless of client version, have you checked their Outlook settings for offline mode to see how often it is set to update? This sounds suspiciously like a problem with the speed of their connection and/or the settings as to how often to update the client.
If all that seems normal, one way to start troubleshooting would be to look at other functions in Outlook. For example, can they see and add/manage items on their contacts or calendar? IOW, is it just email that is the problem or is it Outlook in general?
If all that seems normal, one way to start troubleshooting would be to look at other functions in Outlook. For example, can they see and add/manage items on their contacts or calendar? IOW, is it just email that is the problem or is it Outlook in general?
ASKER
Yes, it is just restarting the Exchange Services...sorry for not being more clear.
ASKER
I know for sure it isn't a client issue...there are too many clients with the same problem that have worked for 2+ years.
The one thing that we tried is to switch NICs to see if it is a harward issue there...it has been up for a half hour, so we'll see.
The one thing that we tried is to switch NICs to see if it is a harward issue there...it has been up for a half hour, so we'll see.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, they can do all of that. (otherwise they couldn't be connected & send messages). They also can do EVERYTHING else on the network (file access, printing etc etc).
This sounds like an Exchange or the physical server problem...but, switching the NIC didn't fix it.
This sounds like an Exchange or the physical server problem...but, switching the NIC didn't fix it.
If they've been working for 2+ years previously, what changed? There has to be something...new version of the client, Exchange SP, OS patches, Outlook upgrade or SP?
Ok.. try this Outlook.exe /rpcdiag. and see what is doing!!! also please also is running the Windows XP check the firewall settings, better yet disable the firewall settings
ASKER
XP firewall is off.
I talked to the Exchange guy & he corrected me...the way they solved the problem is by disabling the NIC & then re-enabling it. That fixes it for 20-45 minutes or so.
Please, keep in mind that it is working 100% for people inside the office...so, the question begs itself how someone connecting over the VPN is any different than someone connected in the office.
I talked to the Exchange guy & he corrected me...the way they solved the problem is by disabling the NIC & then re-enabling it. That fixes it for 20-45 minutes or so.
Please, keep in mind that it is working 100% for people inside the office...so, the question begs itself how someone connecting over the VPN is any different than someone connected in the office.
ASKER
It is fully established for all of our servers...no fails, lots of requests.
ASKER
Sorry, that was the /rpcdiag results.
may be your firewall guy can enable verbose logging on the firewall and to see what the traffic is doing.By running outlook in RPCDIAG mode will tell you how is connecting and it may tell you where is hanging.\
when you say disable the Nic do you mena onthe server or workstation.
when you say disable the Nic do you mena onthe server or workstation.
ASKER
If we disable the NIC on the server, it lets it work for a little while...that's why we don't think it is anything on the firewall, VPN or client.
I did run the RPCDIAG mode & it wasn't hanging anywhere, it was successful the whole way.
I did run the RPCDIAG mode & it wasn't hanging anywhere, it was successful the whole way.
Disabling the NIC should have no bearing on EXCHANGE .. this WOULD however have bearing on your network!!!
this points to this being an issue with .. router/switch ,, possibly cable? but not the Exchange server
Thing is, you need ot run /RPCdiag on a client that is NOT working to see the problem .. then you can take this to your network team
this points to this being an issue with .. router/switch ,, possibly cable? but not the Exchange server
Thing is, you need ot run /RPCdiag on a client that is NOT working to see the problem .. then you can take this to your network team
Well ..... this is odd one. How many Nic 's does the server has......?
ASKER
It has two on-board ones...in 5 minutes we are going to take it down & try to put in a PCI one to see if that solves the problem.
This is seriously frustrating since it doesn't effect our inside people at all.
This is seriously frustrating since it doesn't effect our inside people at all.
ASKER
Does anyone know how the interface to Outlook over a VPN would be any different than over the LAN? (they get a local IP & use that)
Well please check the Binding order.... on the nic that is being use by the Exhange.
ASKER
Will I need to do that even if I install the PCI NIC & disable the other two?
I have neve had any issue with vpn.... as long as yo have connction to your DCs and Exchange server. the other thing about vpn is yoru Tcp/ip size (MTU) this can be also a factor. I had a similar issue that some one change the MTU and had the similar issues. .
yes... please check binding order.....
ASKER
So if the MTU size is too small, it would go down after a short amount of time?
yes....
some foldk adjust the mtus due to packet fragmentation and NAT transversing.
ASKER
Forgive my ignorance, but on the new NIC, won't that get defaulted back? What should it be?
have you chang The MTU setting on your server ?
and yes the new nic should have the default MTU settings....
This is good reading....
http://groups.google.com/group/comp.os.ms-windows.networking.tcp-ip/browse_frm/thread/8ab04567c70bc424/0b3981ebd3c72fdf?lnk=st&q=windows+Default+MTU&rnum=1#0b3981ebd3c72fdf
and yes the new nic should have the default MTU settings....
This is good reading....
http://groups.google.com/group/comp.os.ms-windows.networking.tcp-ip/browse_frm/thread/8ab04567c70bc424/0b3981ebd3c72fdf?lnk=st&q=windows+Default+MTU&rnum=1#0b3981ebd3c72fdf
ASKER
Then no, I do not believe that they have changed the MTU. Unfortunately, I am the middle man trying to get this problem fixed.
cool try the new nic and see what happens....
ASKER
But, it definetely sounds like a NIC issue though wouldn't you think?
Try the following from the client:
ping -f -l 1400 Exchangeserver
That is the standard way to test for MTU issues. If this ping goes through you vary the size up to around 1500.
If it does not go through you vary down until you find the MTU size.
Once you find the MTU size you will see that it is probably set somewhere in the VPN client.
Then you the option to change MTU in the VPN client or on the server NIC.
/Soren
also check this out it may or may not apply to you, but its worth reading.
http://groups.google.com/group/microsoft.public.security/browse_frm/thread/1d10637b1cb30af3/2650af3a0d089148?lnk=st&q=Windows+security+update+MTU&rnum=7#2650af3a0d089148
http://groups.google.com/group/microsoft.public.security/browse_frm/thread/1d10637b1cb30af3/2650af3a0d089148?lnk=st&q=Windows+security+update+MTU&rnum=7#2650af3a0d089148
ASKER
The MTU size is good. I will look at the other things now
ASKER
I don't think it is an update that caused the breakage either since they haven't done anything as far as updates are concerned.
how about your workstations....?
ASKER
No, they are not set to do auto-updates too...that issue was from 2005, so it isn't something that just happened.
HyperCat also has sa good sugestion test with one of the users without cache mode.
set up a test MAPI Profile.
set up a test MAPI Profile.
Also Please Run the Exchage best Practice anaylzer Tool against your Exchange servers. This can be downloaded from the Microsoft Web site.
while connected to ur outlook through VPN...ask one of the users having problem to create a new profile and see if they are successfull...and report back with the result...
also on one of the clients having problem change the binding order for outlook client to only include TCP and nothing else.....and report back with the result...
hklm\software\microsoft\ex change\exc hange provider.....this is the location
also on one of the clients having problem change the binding order for outlook client to only include TCP and nothing else.....and report back with the result...
hklm\software\microsoft\ex
ASKER
I tried to have them create a new profile & that didn't work. Like I said, that seems hard to believe it holds the answer to the problem at the client.
I have a laptop that I had hooked up to the LAN, it worked there...I disconnected from the LAN & connected with my EVDO card & it wasn't working over the VPN...same client, same configuration, with a problem.
Let's start shooting for answers that are more server based. At this point, I won't eliminate the firewall as an issue, but highly doubt that?
I am going to be out of touch (on a plane) for 6 hours, but please post what you can.
Thanks
I have a laptop that I had hooked up to the LAN, it worked there...I disconnected from the LAN & connected with my EVDO card & it wasn't working over the VPN...same client, same configuration, with a problem.
Let's start shooting for answers that are more server based. At this point, I won't eliminate the firewall as an issue, but highly doubt that?
I am going to be out of touch (on a plane) for 6 hours, but please post what you can.
Thanks
Ok. are you running Gib and Nic Teaming? are your exchange servers in cluster?. are you a all cisco shop ?
Another option is to turn on Logging on your switch and firewall and see what is going on. also may need use a a network monitoring tool (EtherReal), it is working internally and through OWA it should also work via VPN. the issue is either at your workstaions or firewall/VPN appliance.
The more info we get about your enviroment, without comprising security, and having better understanding about your Exchange enviroment. we can try to come up a solution, and again your best friend here will be a network anylzer tool and trun on logging on your VPN appliance.
Another option is to turn on Logging on your switch and firewall and see what is going on. also may need use a a network monitoring tool (EtherReal), it is working internally and through OWA it should also work via VPN. the issue is either at your workstaions or firewall/VPN appliance.
The more info we get about your enviroment, without comprising security, and having better understanding about your Exchange enviroment. we can try to come up a solution, and again your best friend here will be a network anylzer tool and trun on logging on your VPN appliance.
ASKER
None of these worked...but, the problem just went away after a while. WE are now switching to RPC over HTTP, so hopefully this won't even be an issue.