Unable to connect to Outlook over VPN when in China

Posted on 2009-03-30
Last Modified: 2012-05-06
Hi.  I have a remote VPN user who travels to China frequently.  We use a Watchguard Firebox client to terminate at our Firebox and then they have access to the internal network.  User has always had issues connecting to Outlook 2003 through our VPN at various locations in China. I've chalked it up to ISP issues over there and told him to go across the street or find another location and it usually works ok.   I recently moved my Exhange 2003 services to another server and since then he seems to be having even more issues.  During his last trip, he could not connect in most cases - sometimes he would not connect and then would connect the next day at the same hotel.  When he did manage to connect, Outlook disconnected after about 30 minutes.  He said he was still able to access our internal network after Outlook disconnected though.   He is able to connect to Outlook through VPN when stateside and even connects when attached through a dial-up line, although connection to Outlook is now quite a bit slower over dial-up than it used to be.
Did I miss a setting on the new server?  Outlook client has been changed to point to new server and I even added a pointer in the hosts table since he got back.  Can anyone think of anything else?
Question by:valmatic
  • 3
  • 3

Expert Comment

ID: 24022727
What version of Exchange are you running?  Are you running in Cached mode?  

Expert Comment

ID: 24023019
If the VPN is comming up then it's fundamentally working (assuming no settings are being changed client side such as the use default gateway on remote network option), most likely due to a poor connection, another test is to have your user hit the internal name of your OWA site.

Author Comment

ID: 24028146
Exchange 2003 SP2 and yes running in cached mode.  

Yes OWA works from the outside but he doesn't like it. Don't think he's tried an internal OWA connect through the VPN though.  That works fine in my tests too but who knows what's up in China?  I keep offering to go over there for a week to test but no dice so far.    One last bit.  I have had issues in the past with Wide Open West (ISP) users.  Turns out WOW likes to dole out bandwidth on an as needed basis so my users had trouble connecting to Oulook via VPN.  I had to call the provider on behalf of each of my home users and ask them to open their bandwidth and then no more problems..  I've always guessed this is the same issue but no idea who the CHinese providers are and like I said the issue seems to have changed somewhat.  I'd be happy if I got back to the point where my chinese users could connect at least some of the time and stay connected so I'm hoping I missed something in the setup of the new server - but can't spot anything...?  

thanks guys:)
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!


Accepted Solution

ged125 earned 500 total points
ID: 24030988
Have you tried RPC over HTTPS (renamed Outlook anywhere in Exchange 2007)?  It uses the RPC protocol encapsulated over HTTPS and it sounds like it would be a perfect solution for you.  It eliminates the need for VPN and basically does all the back-end communication through the OWA interface, but allows the user to use the standard outlook 2003 client.

Some useful links:

Do you have any other applications that require your users to VPN in?  The recent trend has been to move away from VPN and leverage application directly over a secure connection.

Let me know if this helps.

Author Comment

ID: 24033330
that sounds like exactly what I need.  Users currently use VPN to access a 3rd party manufacturing application based off of a A/S400 server as well as shared drives, MS Access/sql database apps, etc...
Are there any security issues with using RPC over Https though?  

Expert Comment

ID: 24033405
You have the same level of encryption as VPN, so no.  

Author Closing Comment

ID: 31564502
perfect - thanks for the help :)

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outlook keeps opened file locked 2 56
Doubt. 2 58
Firewall report connections 8 30
exchange 2013 2 23
Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now