Strange Problem

sned but not receive !?!  that is odd .. still sounds like a VPN issue, or potentially a client side issue

Here is why we do not think that is the case:

1) It isn't a client side issue, because that same computer can come onto our LAN & it works fine...it is affecting about 40 people in the field
2) It isn't a VPN issue, because restarting the Exchange server fixes it for a short time, then it stops.

not a VPN issue?  Hmm .. while restarting the Exchange Sever typically points to an Exchange problem .. keep in mind that it also resets your NICs .. and the port on the switch .. ??

If the inside users aren't experiencing the issue .. .EVER, then I would begin t/s this from a network standpoint ..

Now if you restart only the Exchange Services and THAT resolves the problem .. ??

This almost has to be something at the client end rather than the server.  Are the VPN users using Outlook 2003?  If so, have you checked the "Use cached mode" setting?  Even over a VPN connection (provided it's broadband and not dial-up!), I tend to turn off the cached mode setting because users often get confused because they don't see new mail coming in as quickly as they expect.  And regardless of client version, have you checked their Outlook settings for offline mode to see how often it is set to update?  This sounds suspiciously like a problem with the speed of their connection and/or the settings as to how often to update the client.

If all that seems normal, one way to start troubleshooting would be to look at other functions in Outlook.  For example, can they see and add/manage items on their contacts or calendar?  IOW, is it just email that is the problem or is it Outlook in general?

Yes, it is just restarting the Exchange Services...sorry for not being more clear.

I know for sure it isn't a client issue...there are too many clients with the same problem that have worked for 2+ years.  

The one thing that we tried is to switch NICs to see if it is a harward issue there...it has been up for a half hour, so we'll see.

Yes, they can do all of that.  (otherwise they couldn't be connected & send messages).  They also can do EVERYTHING else on the network (file access, printing etc etc).

This sounds like an Exchange or the physical server problem...but, switching the NIC didn't fix it.

If they've been working for 2+ years previously, what changed?  There has to be something...new version of the client, Exchange SP, OS patches, Outlook upgrade or SP?  

Ok.. try this Outlook.exe /rpcdiag. and see what is doing!!! also please also is running the  Windows XP check the firewall settings, better yet disable the firewall settings

XP firewall is off.

I talked to the Exchange guy & he corrected me...the way they solved the problem is by disabling the NIC & then re-enabling it.  That fixes it for 20-45 minutes or so.

Please, keep in mind that it is working 100% for people inside the office...so, the question begs itself how someone connecting over the VPN is any different than someone connected in the office.

It is fully established for all of our servers...no fails, lots of requests.

Sorry, that was the /rpcdiag results.

may be your firewall guy can enable verbose logging on the firewall and to see what the traffic is doing.By running outlook in RPCDIAG mode will tell you how is connecting and it may tell you where is hanging.\

when you say disable the Nic do you mena onthe server or workstation.

If we disable the NIC on the server, it lets it work for a little while...that's why we don't think it is anything on the firewall, VPN or client.

I did run the RPCDIAG mode & it wasn't hanging anywhere, it was successful the whole way.

Disabling the NIC should have no bearing on EXCHANGE .. this WOULD however have bearing on your network!!!  

this points to this being an issue with .. router/switch ,, possibly cable? but not the Exchange server

Thing is, you need ot run /RPCdiag on a client that is NOT working to see the problem .. then you can take this to your network team

Well ..... this is odd one. How many Nic 's does the server has......?  

It has two on-board ones...in 5 minutes we are going to take it down & try to put in a PCI one to see if that solves the problem.

This is seriously frustrating since it doesn't effect our inside people at all.

Does anyone know how the interface to Outlook over a VPN would be any different than over the LAN?  (they get a local IP & use that)

Well please check the Binding order.... on the nic  that is being use by the Exhange.

Will I need to do that even if I install the PCI NIC & disable the other two?

I have neve had any issue with vpn.... as long as yo have connction to your DCs and Exchange server. the other thing about vpn is yoru Tcp/ip  size (MTU) this can be also a factor.  I had a similar issue that some one change the MTU and had the similar issues.  .

yes... please check binding order.....

So if the MTU size is too small, it would go down after a short amount of time?

yes....

some foldk adjust the mtus due to packet fragmentation and NAT transversing.

Forgive my ignorance, but on the new NIC, won't that get defaulted back?  What should it be?

have you chang The MTU setting on your server ?
and yes the new nic should have the default MTU settings....

This is good reading....

http://groups.google.com/group/comp.os.ms-windows.networking.tcp-ip/browse_frm/thread/8ab04567c70bc424/0b3981ebd3c72fdf?lnk=st&q=windows+Default+MTU&rnum=1#0b3981ebd3c72fdf

Then no, I do not believe that they have changed the MTU.  Unfortunately, I am the middle man trying to get this problem fixed.

cool try the new nic and see what happens....

But, it definetely sounds like a NIC issue though wouldn't you think?

Try the following from the client:
  ping -f -l 1400 Exchangeserver

That is the standard way to test for MTU issues. If this ping goes through you vary the size up to around 1500.
If it does not go through you vary down until you find the MTU size.

Once you find the MTU size you will see that it is probably set somewhere in the VPN client.
Then you the option to change MTU in the VPN client or on the server NIC.

/Soren

http://groups.google.com/group/microsoft.public.windowsxp.general/browse_frm/thread/397a52bf4a6b9944/26be455dccb39f85?lnk=st&q=Windows+security+update+MTU&rnum=5#26be455dccb39f85


http://support.microsoft.com/kb/898060/

also check this out it may or may not apply to you, but its worth reading.

http://groups.google.com/group/microsoft.public.security/browse_frm/thread/1d10637b1cb30af3/2650af3a0d089148?lnk=st&q=Windows+security+update+MTU&rnum=7#2650af3a0d089148

The MTU size is good.   I will look at the other things now

I don't think it is an update that caused the breakage either since they haven't done anything as far as updates are concerned.

how about your workstations....?

No, they are not set to do auto-updates too...that issue was from 2005, so it isn't something that just happened.

HyperCat also has sa good sugestion test with one of the users without cache mode.  
set up a test MAPI Profile.

Also Please Run the Exchage best Practice anaylzer Tool against your Exchange servers. This can be downloaded from the Microsoft Web site.  

while  connected to ur outlook through VPN...ask one of the users having problem to create a new profile and see if they  are successfull...and report back with the result...

also on one of the clients having problem change the binding order for outlook client to only include TCP and nothing else.....and report back with the result...

hklm\software\microsoft\exchange\exchange provider.....this is the location

I tried to have them create a new profile & that didn't work.  Like I said, that seems hard to believe it holds the answer to the problem at the client.

I have a laptop that I had hooked up to the LAN, it worked there...I disconnected from the LAN & connected with my EVDO card & it wasn't working over the VPN...same client, same configuration, with a problem.

Let's start shooting for answers that are more server based.  At this point, I won't eliminate the firewall as an issue, but highly doubt that?

I am going to be out of touch (on a plane) for 6 hours, but please post what you can.

Thanks

Ok. are you running Gib and Nic Teaming? are your exchange servers in cluster?. are you a all cisco shop ?
Another option is to turn on Logging on your switch and firewall and see what is going on. also may need use a a network monitoring  tool (EtherReal),    it is working internally and through OWA it should also work  via VPN.   the issue is either at your workstaions or firewall/VPN appliance.

The more info we get about your enviroment, without comprising security,  and having better understanding  about your Exchange enviroment. we can try to come up a solution, and again your best friend here will be a network anylzer tool and trun on logging on your VPN appliance.

None of these worked...but, the problem just went away after a while.  WE are now switching to RPC over HTTP, so hopefully this won't even be an issue.