Solved

Accsseing E-mails

Posted on 2006-11-16
12
451 Views
Last Modified: 2010-08-05
Hi,

We are working on a single location with a single AD Domain called aaa.com.But only for the people while they are away for travelling we are using RSA SecurID for connecting to our network. Now some of the users that use their laptops to connect to our network using RSA SecurID finding it difficult for accssing their e-mails or folders after RSA SecurID passed the authentication. I do not know is there anything still we have to set up for users to send/receive e-mails and connect to the servers.

We are running a netscreen box as a firewall and the router to come in to our network.

We got the following servers.
One Domain Controller, which is actins as DHCP and DNS
One Exchange Server 2003
2 File Servers etc.

Could you please find a solution for this problem.

Thanks in advance

Sujith
0
Comment
Question by:sujith_siva
  • 4
  • 3
  • 2
  • +1
12 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17956534
what kind of problems are they having? any errors or anything?
wht do you mean they are only using the aaa.com domain when they are away traveling?  why aren't they using your 'regular' domain when they are away?
are the laptops in question on the domain?
are the users logging into the domain on their laptops?
how are they tring to access email? what program? Outlook? outlook web access?
if using outlook, what protocol are they using to access email? pop3, mapi etc?
0
 

Author Comment

by:sujith_siva
ID: 17956896
There is no error message comes up only message is "Authorisation Failed" try later, but sometimes it will connect
and people can send/recieve e-mails sometimes don't.

The domain I am mentioning is the regular domain we are running in a single domain environment.
It does not connect to the mail server for send/recieve mails.
All the laptops are connected to the Domain getting an ip address from a DHCP server which is inside a firewall in the private LAN.Users are trying to log on to the domain by using RSA SecurID.And by looking at the RSA SecurID we can see that at what time they are trying and if the authentication is successful or failure.We are pretty sure that RSA SecurID authentication has any kind of problems.When the RSA SecurID authenticate users can connect to our exchange server and all the files and folders.

RSASecurID ask for the Token Number + paascode and the User name.
Once that part done it will allow you to your files and folders and e-mails(Outlook 2003 os the mail client).

As I said the netscreen box ix the firewall/router for connecting to our internal network.

thanks in advance

0
 
LVL 7

Expert Comment

by:dlangr
ID: 17961477
it is probably your netscreen not letting some ports trough, as some are dynamic, request may sometimes work an sometimes not, like you described. Easiest thing is to use the https service of exchange. see http://www.msexchange.org/tutorials/outlookrpchttp.html
0
 
LVL 7

Expert Comment

by:dlangr
ID: 17961482
Easiest as you would only have to open up the https port. I would recommend the use of a VPN in combination with the https. Not sure if you have an VPN now.
0
 

Author Comment

by:sujith_siva
ID: 17963657
We don't have any VPN yet.How can I setup any VPN connection to allow the computers to speak with our local network .

Also our company have not running any Certificate services for authentication and I believe we need to run any Certificate services for running HTTPS.


 Any idea to open the port for easy comminication by using netscreen box.

all responses will be appreciated.

thanks
suj
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 9

Expert Comment

by:tim1731
ID: 17964502
options,

1.get a spare pc install sslexplorer on it and open a port on the firewall (443) and configure the users for it(free)
2.Install a cert on exchange and use ssl to access the exchange server(£30-200)
3.Buy a sonicwall ssl vpn device or netscreen ssl device and use it with the rsa device (£200-1800 depends on model)
4.Buy the remote client for the netscreen and setup vpn access (£87 for 10 concurrent users)
0
 

Author Comment

by:sujith_siva
ID: 17967880
We are already  installed the netscreen ns25 box as firewall/NAT/VPN and have 10 licenses.
But for installing a certificate in Exchange Server I have few queries?
If in any case if we want to change the name of the exchange server does this certificate allows to change the whole settings?
Does this certificate affect our DC if we want to rename it or change the location of the DC?

Is there anyway we can install VPN Policies on our netscreen box and how???

all inputs will be appreciated
thanks in advance

suj
0
 
LVL 9

Accepted Solution

by:
tim1731 earned 125 total points
ID: 17968333
Netscreen = http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&record_id=0244022611e8310108012c3c1901995

Cert for mail server is installed on the mail server and if you change the mail server you will need a new cert

http://www.startcom.org/ this will get you a free ssl cert
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 125 total points
ID: 17972866
- the certificate only needs to change if the fqdn you are running the website on changes. Not if you have a new machine, you would then just reinstall the certificate. also not if the machine changes it name. just when the url the clients access changes.
- no, it wont affect your ability to rename or change the location of the DC
0
 
LVL 7

Expert Comment

by:dlangr
ID: 18327461
Do you have further questions? Did our answers help? Please let us know, so others can learn from this.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
nmap scanner? 7 82
Cisco Layer 2 Switches 6 52
Use of Training Budget 12 69
Cisco VSS or VCP on GNS3 or IOU 3 40
Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here (http://www.handcraftedsoftware.org/index.php?page=download) 2. Ensure that you disable the windows fi…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now