Using Exchange via VPN

You shouldn't need to setup a hosts or LMHOSTS entry. Is name resolution working correctly over the VPN?

Simon.

How do I check to see if the name resolution is working?

Does Outlook connect over the VPN?
Checking name resolution is rather a basic networking skill.

Simon.

the name resolves during a tracert command, but your instructions were to check it over the VPN.  Is there a different way to check it when the VPN is active?

here is what I am getting:
mail.domain.com   resolves correctly
servername.domain.com does not resolve.
what is interesting is that when I put in the actual inside network IP address for my network when the VPN is active, outlook changes the name to servername.domain.com.  It must be getting it from somewhere.

Simon is FAR more knowlegable than I with Exchange, but I may be able to help with the VPN.
Is the Netscreen client configured to assign the VPN client the correct internal DNS server's IP for its DNS server? Is it also configured to receive the domain suffix? You should be able to confirm this from the cleint machine by running ipconfig /all while the VPN client is connected.
If not, is there a virtual/VPN adpter listed under network connections on the client for the Netscreen adapter? We may have to enable it. I am not familiar with the Netscreen client but I belive it is made by (same as) SafeNet.

I am a little embarrassed to tell you both this now, but I did leave out a detail that might turn out be really important.  My Vista machine is a virtual one running via Parallels on a MacBook Pro.  I didn't mention this before because I thought since part of the VPN was working it was a Exchange problem.
Here are the config / all results
Windows IP Configuration

   Host Name . . . . . . . . . . . . : WorkLT
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Parallels Ethernet Adapter
   Physical Address. . . . . . . . . : 00-1C-42-4A-31-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a1c8:77e9:1776:628c%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.211.55.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 21, 2009 8:34:00 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 28, 2009 8:44:03 AM
   Default Gateway . . . . . . . . . : 10.211.55.1
   DHCP Server . . . . . . . . . . . : 10.211.55.1
   DNS Servers . . . . . . . . . . . : 10.211.55.1
   Primary WINS Server . . . . . . . : 64.183.91.178
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{9D2F6B7C-DB3B-4180-9D94-39CDD01B1902}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


The Primary WINS server listed above is wrong,  That was my old DNS, we moved our server last week.  When I changed this WINS server info to the correct DNS address I could no longer establish a VPN connection.  I changed it back to the old WINS and was again able to make a VPN connection but still no connection to my exchange server via Outlook.
JS

Exchange 2003 can use WINS. Therefore if your are giving out the wrong WINS information you need to correct it. Do you have WINS servers on the domain controllers?

Simon.

Virtual machine should not matter.
In addition to Simon's WINS comments, is 10.211.55.1 the server or the Netscreen router? I suspect the latter. It should be pointing to your DNS server.

WINS Server is active on the Domain Controller.  It is using the inside address of 192.168.254.19.  Should I add that address to my WINS?

The 10.211.55.1 seems to be the Parallels gateway address?  The address is definately related to parallels since it manually assigned the IP address 10.211.55.2 to the Parallels adapter on the Virtual Vista Machine.

Sorry missed that. That is not the VPN adpter's configuration. While the VPN is connected, you should get additional IP addressing information for a virtual adapter.

OK. I just ran the config / all test again.  First with the VPN connected I get the report listed above.  Then I disabled my VPN policy, did ipconfig /release   ipconfig /renew.  The results of ipconig /all are still exactly the same as the sample above.  No reference to the VPN unless it is the Teredo Tunneling Pseudo-Interface which shows disconnected on both tests.  
Just to be clear, when the VPN policy is active and connected I can conned to drives on my server, browse basicallly do anything that I want except of course for using Outlook on my local laptop.
Hope this helps.

JS

I think I might have found something that will help.  I was reconfiguring the outlook account and used the inside address 192.168.254.19 on the exchange server.  I did the check name function and a dialog box appeared from the server to verify the password.  When I tried to connect via outlook it failed.  I went back to the outlook setup and the inside address had changed to servername.domain.com.  Is this stored somewhere on my local machine?  I think Microsoft is helping and changing the name with bad information.
JS

Does the Netscreen VPN client give you an icon in the lower right on which you can right click and choose "security policy editor"? If so do so, expand the policy, and click on "My Identity". Under virtual adpater on the right change it to "required", save the policy, and reboot. This should creat the VPN virtual adapter under network connections on which you can then add the DNS suffix and DNS server IP, assuming it uses the SafeNet client.

It didn't create the VPN.  I only have the Local Area Connection as well as a dial up connection under Network Connections.  I also reinstalled the Netscreen remote client and got an error that said that the IPSecNet was not installed.  The VPN is still working the same way as it was before.

Nothing stored locally. Outlook connects to the Exchange server, asks where the mailbox is, gets told, corrects THEN attempts to authenticate. The authentication attempt is failing, possibly because the name resolution isn't working.

Simon.

I found the answer in another discussion.  I edited the lmhosts file with the PDC and
exchange server inside address.  Exchange seems to be working fine.  I will continue with my testing.
What is  IPSecNet anyway?  

The point is - you shouldn't have to modify either LMHOSTS or the HOSTS file. Name resolution should be done by the VPN setup. I hate HOSTS files with a passion. People forget they are there and they simply get in the way of good network management. I have inherited two networks with undocumented hosts files and it took me weeks to clean up.

Simon.

You found the answer in another discussion to use the LMHosts file?????? That was my first post.
However, as Simon said it is not a good solution, it is a simple way to solve a problem using NetBIOS because proper DNS name resoltion isn't working. Though it works it is not a good option as as LMhosts and Hosts files have to be manualy managed, or scripted, rathet than having proper dynamic deployment of DNS configurations which will work for all clients. If the Netscreen client cannot be managed then the options deployed by the Netscreen appliance should be changed so that clients receive the proper DNS IP/s and domain suffix.