[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Using Exchange via VPN

I am trying to set up a remote office that utilizes all of the main office network files and emails via the Netscreen remote software.  The VPN establishes a connection & I have connected network drives  But now I need to be able to connect to the MS Exchange Server 2003.  How do I setup the remote machine to look for the database on the Server?
0
JSTechinLA
Asked:
JSTechinLA
  • 9
  • 6
  • 6
2 Solutions
 
Rob WilliamsCommented:
A common solution for Exchange is to add the exchange server's NetBIOS (short) name and IP to the client's LMHosts file.
http://msmvps.com/blogs/robwill/archive/2008/05/10/lmhosts-and-hosts-files.aspx
0
 
MesthaCommented:
You shouldn't need to setup a hosts or LMHOSTS entry. Is name resolution working correctly over the VPN?

Simon.
0
 
JSTechinLAAuthor Commented:
How do I check to see if the name resolution is working?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
MesthaCommented:
Does Outlook connect over the VPN?
Checking name resolution is rather a basic networking skill.

Simon.
0
 
JSTechinLAAuthor Commented:
the name resolves during a tracert command, but your instructions were to check it over the VPN.  Is there a different way to check it when the VPN is active?
0
 
JSTechinLAAuthor Commented:
here is what I am getting:
mail.domain.com   resolves correctly
servername.domain.com does not resolve.
what is interesting is that when I put in the actual inside network IP address for my network when the VPN is active, outlook changes the name to servername.domain.com.  It must be getting it from somewhere.
0
 
MesthaCommented:
Exchange/Outlook communicate, and the name is changed by Outlook to the server's real name. That is the normal behaviour. It doesn't mean that name resolution is working, it means that Outlook made the initial connection to Exchange, Exchange told it what the name should be and Outlook corrected it. It is the same behaviour with multiple Exchange servers - if you had more than one Exchange server you could point Outlook at any server, and Exchange would correct it for the server with the correct name.

If the name doesn't resolve over your VPN, then you need to look at why that is. It could be that your VPN isn't handing out the correct information to the client for DNS and/or WINS, or the tunnelling isn't configured correctly to send traffic for the domain down the VPN rather than over the internet. That is a VPN issue, which I cannot assist you with as I haven't used that VPN technology.

It should not be required to setup a hosts file (which someone is sure to suggest) and you should avoid doing that. A correctly configured VPN should provide full name resolution for the internal network, that is the point. A hosts file is a just a horrible fix that can cause more problems than it fixes.

Simon.
0
 
Rob WilliamsCommented:
Simon is FAR more knowlegable than I with Exchange, but I may be able to help with the VPN.
Is the Netscreen client configured to assign the VPN client the correct internal DNS server's IP for its DNS server? Is it also configured to receive the domain suffix? You should be able to confirm this from the cleint machine by running ipconfig /all while the VPN client is connected.
If not, is there a virtual/VPN adpter listed under network connections on the client for the Netscreen adapter? We may have to enable it. I am not familiar with the Netscreen client but I belive it is made by (same as) SafeNet.
0
 
JSTechinLAAuthor Commented:
I am a little embarrassed to tell you both this now, but I did leave out a detail that might turn out be really important.  My Vista machine is a virtual one running via Parallels on a MacBook Pro.  I didn't mention this before because I thought since part of the VPN was working it was a Exchange problem.
Here are the config / all results
Windows IP Configuration

   Host Name . . . . . . . . . . . . : WorkLT
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Parallels Ethernet Adapter
   Physical Address. . . . . . . . . : 00-1C-42-4A-31-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a1c8:77e9:1776:628c%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.211.55.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 21, 2009 8:34:00 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 28, 2009 8:44:03 AM
   Default Gateway . . . . . . . . . : 10.211.55.1
   DHCP Server . . . . . . . . . . . : 10.211.55.1
   DNS Servers . . . . . . . . . . . : 10.211.55.1
   Primary WINS Server . . . . . . . : 64.183.91.178
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{9D2F6B7C-DB3B-4180-9D94-39CDD01B1902}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


The Primary WINS server listed above is wrong,  That was my old DNS, we moved our server last week.  When I changed this WINS server info to the correct DNS address I could no longer establish a VPN connection.  I changed it back to the old WINS and was again able to make a VPN connection but still no connection to my exchange server via Outlook.
JS
0
 
MesthaCommented:
Exchange 2003 can use WINS. Therefore if your are giving out the wrong WINS information you need to correct it. Do you have WINS servers on the domain controllers?

Simon.
0
 
Rob WilliamsCommented:
Virtual machine should not matter.
In addition to Simon's WINS comments, is 10.211.55.1 the server or the Netscreen router? I suspect the latter. It should be pointing to your DNS server.
0
 
JSTechinLAAuthor Commented:
WINS Server is active on the Domain Controller.  It is using the inside address of 192.168.254.19.  Should I add that address to my WINS?

The 10.211.55.1 seems to be the Parallels gateway address?  The address is definately related to parallels since it manually assigned the IP address 10.211.55.2 to the Parallels adapter on the Virtual Vista Machine.
0
 
Rob WilliamsCommented:
Sorry missed that. That is not the VPN adpter's configuration. While the VPN is connected, you should get additional IP addressing information for a virtual adapter.
0
 
JSTechinLAAuthor Commented:
OK. I just ran the config / all test again.  First with the VPN connected I get the report listed above.  Then I disabled my VPN policy, did ipconfig /release   ipconfig /renew.  The results of ipconig /all are still exactly the same as the sample above.  No reference to the VPN unless it is the Teredo Tunneling Pseudo-Interface which shows disconnected on both tests.  
Just to be clear, when the VPN policy is active and connected I can conned to drives on my server, browse basicallly do anything that I want except of course for using Outlook on my local laptop.
Hope this helps.

JS
0
 
JSTechinLAAuthor Commented:
I think I might have found something that will help.  I was reconfiguring the outlook account and used the inside address 192.168.254.19 on the exchange server.  I did the check name function and a dialog box appeared from the server to verify the password.  When I tried to connect via outlook it failed.  I went back to the outlook setup and the inside address had changed to servername.domain.com.  Is this stored somewhere on my local machine?  I think Microsoft is helping and changing the name with bad information.
JS
0
 
Rob WilliamsCommented:
Does the Netscreen VPN client give you an icon in the lower right on which you can right click and choose "security policy editor"? If so do so, expand the policy, and click on "My Identity". Under virtual adpater on the right change it to "required", save the policy, and reboot. This should creat the VPN virtual adapter under network connections on which you can then add the DNS suffix and DNS server IP, assuming it uses the SafeNet client.
0
 
JSTechinLAAuthor Commented:
It didn't create the VPN.  I only have the Local Area Connection as well as a dial up connection under Network Connections.  I also reinstalled the Netscreen remote client and got an error that said that the IPSecNet was not installed.  The VPN is still working the same way as it was before.
0
 
MesthaCommented:
Nothing stored locally. Outlook connects to the Exchange server, asks where the mailbox is, gets told, corrects THEN attempts to authenticate. The authentication attempt is failing, possibly because the name resolution isn't working.

Simon.
0
 
JSTechinLAAuthor Commented:
I found the answer in another discussion.  I edited the lmhosts file with the PDC and
exchange server inside address.  Exchange seems to be working fine.  I will continue with my testing.
What is  IPSecNet anyway?  
0
 
MesthaCommented:
The point is - you shouldn't have to modify either LMHOSTS or the HOSTS file. Name resolution should be done by the VPN setup. I hate HOSTS files with a passion. People forget they are there and they simply get in the way of good network management. I have inherited two networks with undocumented hosts files and it took me weeks to clean up.

Simon.
0
 
Rob WilliamsCommented:
You found the answer in another discussion to use the LMHosts file?????? That was my first post.
However, as Simon said it is not a good solution, it is a simple way to solve a problem using NetBIOS because proper DNS name resoltion isn't working. Though it works it is not a good option as as LMhosts and Hosts files have to be manualy managed, or scripted, rathet than having proper dynamic deployment of DNS configurations which will work for all clients. If the Netscreen client cannot be managed then the options deployed by the Netscreen appliance should be changed so that clients receive the proper DNS IP/s and domain suffix.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now