Solved

Accsseing E-mails

Posted on 2006-11-16
12
491 Views
Last Modified: 2010-08-05
Hi,

We are working on a single location with a single AD Domain called aaa.com.But only for the people while they are away for travelling we are using RSA SecurID for connecting to our network. Now some of the users that use their laptops to connect to our network using RSA SecurID finding it difficult for accssing their e-mails or folders after RSA SecurID passed the authentication. I do not know is there anything still we have to set up for users to send/receive e-mails and connect to the servers.

We are running a netscreen box as a firewall and the router to come in to our network.

We got the following servers.
One Domain Controller, which is actins as DHCP and DNS
One Exchange Server 2003
2 File Servers etc.

Could you please find a solution for this problem.

Thanks in advance

Sujith
0
Comment
Question by:sujith_siva
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
12 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17956534
what kind of problems are they having? any errors or anything?
wht do you mean they are only using the aaa.com domain when they are away traveling?  why aren't they using your 'regular' domain when they are away?
are the laptops in question on the domain?
are the users logging into the domain on their laptops?
how are they tring to access email? what program? Outlook? outlook web access?
if using outlook, what protocol are they using to access email? pop3, mapi etc?
0
 

Author Comment

by:sujith_siva
ID: 17956896
There is no error message comes up only message is "Authorisation Failed" try later, but sometimes it will connect
and people can send/recieve e-mails sometimes don't.

The domain I am mentioning is the regular domain we are running in a single domain environment.
It does not connect to the mail server for send/recieve mails.
All the laptops are connected to the Domain getting an ip address from a DHCP server which is inside a firewall in the private LAN.Users are trying to log on to the domain by using RSA SecurID.And by looking at the RSA SecurID we can see that at what time they are trying and if the authentication is successful or failure.We are pretty sure that RSA SecurID authentication has any kind of problems.When the RSA SecurID authenticate users can connect to our exchange server and all the files and folders.

RSASecurID ask for the Token Number + paascode and the User name.
Once that part done it will allow you to your files and folders and e-mails(Outlook 2003 os the mail client).

As I said the netscreen box ix the firewall/router for connecting to our internal network.

thanks in advance

0
 
LVL 7

Expert Comment

by:dlangr
ID: 17961477
it is probably your netscreen not letting some ports trough, as some are dynamic, request may sometimes work an sometimes not, like you described. Easiest thing is to use the https service of exchange. see http://www.msexchange.org/tutorials/outlookrpchttp.html
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:dlangr
ID: 17961482
Easiest as you would only have to open up the https port. I would recommend the use of a VPN in combination with the https. Not sure if you have an VPN now.
0
 

Author Comment

by:sujith_siva
ID: 17963657
We don't have any VPN yet.How can I setup any VPN connection to allow the computers to speak with our local network .

Also our company have not running any Certificate services for authentication and I believe we need to run any Certificate services for running HTTPS.


 Any idea to open the port for easy comminication by using netscreen box.

all responses will be appreciated.

thanks
suj
0
 
LVL 9

Expert Comment

by:tim1731
ID: 17964502
options,

1.get a spare pc install sslexplorer on it and open a port on the firewall (443) and configure the users for it(free)
2.Install a cert on exchange and use ssl to access the exchange server(£30-200)
3.Buy a sonicwall ssl vpn device or netscreen ssl device and use it with the rsa device (£200-1800 depends on model)
4.Buy the remote client for the netscreen and setup vpn access (£87 for 10 concurrent users)
0
 

Author Comment

by:sujith_siva
ID: 17967880
We are already  installed the netscreen ns25 box as firewall/NAT/VPN and have 10 licenses.
But for installing a certificate in Exchange Server I have few queries?
If in any case if we want to change the name of the exchange server does this certificate allows to change the whole settings?
Does this certificate affect our DC if we want to rename it or change the location of the DC?

Is there anyway we can install VPN Policies on our netscreen box and how???

all inputs will be appreciated
thanks in advance

suj
0
 
LVL 9

Accepted Solution

by:
tim1731 earned 125 total points
ID: 17968333
Netscreen = http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&record_id=0244022611e8310108012c3c1901995

Cert for mail server is installed on the mail server and if you change the mail server you will need a new cert

http://www.startcom.org/ this will get you a free ssl cert
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 125 total points
ID: 17972866
- the certificate only needs to change if the fqdn you are running the website on changes. Not if you have a new machine, you would then just reinstall the certificate. also not if the machine changes it name. just when the url the clients access changes.
- no, it wont affect your ability to rename or change the location of the DC
0
 
LVL 7

Expert Comment

by:dlangr
ID: 18327461
Do you have further questions? Did our answers help? Please let us know, so others can learn from this.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question