Solved

Strange Problem

Posted on 2006-11-07
44
201 Views
Last Modified: 2010-03-06
This may be something that is too hard, but we'll see:

We have an Exchange 2003 server that we have two ways of connecting to:

1) We have people inside the company on the LAN that connect to the Exchange server via Outlook.  We have no problems there
2) We have people on the outside that connect to the network via VPN first & then Exchange via Outlook.  

We are having problems with the second group of people connecting to Outlook.  Their Outlook says connected, but it doesn't download any new messages.  They can send messages, but not receive.  They are able to send/receive via OWA.  The strange thing is that they can do everything else on the network over the VPN, so we do not think it is a VPN issue.  

Has anyone ever heard of a similar issue?  If so, what is the fix?
0
Comment
Question by:rustyrpage
  • 20
  • 17
  • 3
  • +3
44 Comments
 
LVL 3

Expert Comment

by:rstovall
Comment Utility
sned but not receive !?!  that is odd .. still sounds like a VPN issue, or potentially a client side issue

0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Here is why we do not think that is the case:

1) It isn't a client side issue, because that same computer can come onto our LAN & it works fine...it is affecting about 40 people in the field
2) It isn't a VPN issue, because restarting the Exchange server fixes it for a short time, then it stops.
0
 
LVL 3

Expert Comment

by:rstovall
Comment Utility
not a VPN issue?  Hmm .. while restarting the Exchange Sever typically points to an Exchange problem .. keep in mind that it also resets your NICs .. and the port on the switch .. ??

If the inside users aren't experiencing the issue .. .EVER, then I would begin t/s this from a network standpoint ..

Now if you restart only the Exchange Services and THAT resolves the problem .. ??
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
This almost has to be something at the client end rather than the server.  Are the VPN users using Outlook 2003?  If so, have you checked the "Use cached mode" setting?  Even over a VPN connection (provided it's broadband and not dial-up!), I tend to turn off the cached mode setting because users often get confused because they don't see new mail coming in as quickly as they expect.  And regardless of client version, have you checked their Outlook settings for offline mode to see how often it is set to update?  This sounds suspiciously like a problem with the speed of their connection and/or the settings as to how often to update the client.

If all that seems normal, one way to start troubleshooting would be to look at other functions in Outlook.  For example, can they see and add/manage items on their contacts or calendar?  IOW, is it just email that is the problem or is it Outlook in general?
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Yes, it is just restarting the Exchange Services...sorry for not being more clear.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
I know for sure it isn't a client issue...there are too many clients with the same problem that have worked for 2+ years.  

The one thing that we tried is to switch NICs to see if it is a harward issue there...it has been up for a half hour, so we'll see.
0
 
LVL 3

Accepted Solution

by:
mario_andres earned 500 total points
Comment Utility
Please also try running connectivity test. can you ping the Exchange server and domain controller  by name and by FQDN. I found that this is ussually the issue... Name Resolution. also get thier TCP setting once they have VPN and  ensure that the network for the exchange servers and DC are reachable.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Yes, they can do all of that.  (otherwise they couldn't be connected & send messages).  They also can do EVERYTHING else on the network (file access, printing etc etc).

This sounds like an Exchange or the physical server problem...but, switching the NIC didn't fix it.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
If they've been working for 2+ years previously, what changed?  There has to be something...new version of the client, Exchange SP, OS patches, Outlook upgrade or SP?  
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
Ok.. try this Outlook.exe /rpcdiag. and see what is doing!!! also please also is running the  Windows XP check the firewall settings, better yet disable the firewall settings
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
XP firewall is off.

I talked to the Exchange guy & he corrected me...the way they solved the problem is by disabling the NIC & then re-enabling it.  That fixes it for 20-45 minutes or so.

Please, keep in mind that it is working 100% for people inside the office...so, the question begs itself how someone connecting over the VPN is any different than someone connected in the office.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
It is fully established for all of our servers...no fails, lots of requests.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Sorry, that was the /rpcdiag results.
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
may be your firewall guy can enable verbose logging on the firewall and to see what the traffic is doing.By running outlook in RPCDIAG mode will tell you how is connecting and it may tell you where is hanging.\

when you say disable the Nic do you mena onthe server or workstation.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
If we disable the NIC on the server, it lets it work for a little while...that's why we don't think it is anything on the firewall, VPN or client.

I did run the RPCDIAG mode & it wasn't hanging anywhere, it was successful the whole way.
0
 
LVL 3

Expert Comment

by:rstovall
Comment Utility
Disabling the NIC should have no bearing on EXCHANGE .. this WOULD however have bearing on your network!!!  

this points to this being an issue with .. router/switch ,, possibly cable? but not the Exchange server

Thing is, you need ot run /RPCdiag on a client that is NOT working to see the problem .. then you can take this to your network team
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
Well ..... this is odd one. How many Nic 's does the server has......?  
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
It has two on-board ones...in 5 minutes we are going to take it down & try to put in a PCI one to see if that solves the problem.

This is seriously frustrating since it doesn't effect our inside people at all.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Does anyone know how the interface to Outlook over a VPN would be any different than over the LAN?  (they get a local IP & use that)
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
Well please check the Binding order.... on the nic  that is being use by the Exhange.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Will I need to do that even if I install the PCI NIC & disable the other two?
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
I have neve had any issue with vpn.... as long as yo have connction to your DCs and Exchange server. the other thing about vpn is yoru Tcp/ip  size (MTU) this can be also a factor.  I had a similar issue that some one change the MTU and had the similar issues.  .
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
yes... please check binding order.....
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
So if the MTU size is too small, it would go down after a short amount of time?
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
yes....
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
some foldk adjust the mtus due to packet fragmentation and NAT transversing.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Forgive my ignorance, but on the new NIC, won't that get defaulted back?  What should it be?
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
have you chang The MTU setting on your server ?
and yes the new nic should have the default MTU settings....

This is good reading....

http://groups.google.com/group/comp.os.ms-windows.networking.tcp-ip/browse_frm/thread/8ab04567c70bc424/0b3981ebd3c72fdf?lnk=st&q=windows+Default+MTU&rnum=1#0b3981ebd3c72fdf
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
Then no, I do not believe that they have changed the MTU.  Unfortunately, I am the middle man trying to get this problem fixed.
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
cool try the new nic and see what happens....
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
But, it definetely sounds like a NIC issue though wouldn't you think?
0
 
LVL 2

Expert Comment

by:MuchoMacho
Comment Utility

Try the following from the client:
  ping -f -l 1400 Exchangeserver

That is the standard way to test for MTU issues. If this ping goes through you vary the size up to around 1500.
If it does not go through you vary down until you find the MTU size.

Once you find the MTU size you will see that it is probably set somewhere in the VPN client.
Then you the option to change MTU in the VPN client or on the server NIC.

/Soren
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
The MTU size is good.   I will look at the other things now
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
I don't think it is an update that caused the breakage either since they haven't done anything as far as updates are concerned.
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
how about your workstations....?
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
No, they are not set to do auto-updates too...that issue was from 2005, so it isn't something that just happened.
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
HyperCat also has sa good sugestion test with one of the users without cache mode.  
set up a test MAPI Profile.
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
Also Please Run the Exchage best Practice anaylzer Tool against your Exchange servers. This can be downloaded from the Microsoft Web site.  
0
 
LVL 26

Expert Comment

by:Vahik
Comment Utility
while  connected to ur outlook through VPN...ask one of the users having problem to create a new profile and see if they  are successfull...and report back with the result...

also on one of the clients having problem change the binding order for outlook client to only include TCP and nothing else.....and report back with the result...

hklm\software\microsoft\exchange\exchange provider.....this is the location
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
I tried to have them create a new profile & that didn't work.  Like I said, that seems hard to believe it holds the answer to the problem at the client.

I have a laptop that I had hooked up to the LAN, it worked there...I disconnected from the LAN & connected with my EVDO card & it wasn't working over the VPN...same client, same configuration, with a problem.

Let's start shooting for answers that are more server based.  At this point, I won't eliminate the firewall as an issue, but highly doubt that?

I am going to be out of touch (on a plane) for 6 hours, but please post what you can.

Thanks
0
 
LVL 3

Expert Comment

by:mario_andres
Comment Utility
Ok. are you running Gib and Nic Teaming? are your exchange servers in cluster?. are you a all cisco shop ?
Another option is to turn on Logging on your switch and firewall and see what is going on. also may need use a a network monitoring  tool (EtherReal),    it is working internally and through OWA it should also work  via VPN.   the issue is either at your workstaions or firewall/VPN appliance.

The more info we get about your enviroment, without comprising security,  and having better understanding  about your Exchange enviroment. we can try to come up a solution, and again your best friend here will be a network anylzer tool and trun on logging on your VPN appliance.
0
 
LVL 6

Author Comment

by:rustyrpage
Comment Utility
None of these worked...but, the problem just went away after a while.  WE are now switching to RPC over HTTP, so hopefully this won't even be an issue.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now