?
Solved

Exchange over a VPN

Posted on 2009-04-29
9
Medium Priority
?
317 Views
Last Modified: 2012-06-21
When setting up an Exchange account over my VPN, I can't resolve the account name nor the server.  I can successfully ping the FQDM of the Exchange server, as well as the server's IP address.  I can telnet to port 25 and 443.  I can also ping my Domain Controller and WINS server.  This leads me to believe that my firewall is not the issue; all traffic between our main subnet and my VPN subnet should be OPEN.  I am using a robust point to point VPN policy on my Sonicwall firewall, which I've successfully used before.  I've also set up numerous Exchange accounts for my Outlook users over VPNs before, however this VPN is giving me trouble.  Any troubleshooting suggestions?
(I'm using Exchange 2007 and Outlook 2007)
Thanks in advance,
Bryan
0
Comment
Question by:cuiinc
  • 3
  • 3
  • 3
9 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24264448
In order to run Exchange/Outlook over a VPN connection, you have to enable NetBIOS over TCP/IP over the VPN.
0
 
LVL 1

Author Comment

by:cuiinc
ID: 24265969
i have enabled NetBIOS over TCP in the network settings of the client.  Additionally, i have specified a WINS server on the client, as well as on the firewall (our DHCP).  I believe NetBIOS is working because I can browse to server names (not IPs) from an explorer window.  Is there a way to confirm decisively that NetBIOS is working?
0
 
LVL 8

Expert Comment

by:A2the6th
ID: 24270589
I occasionally see this from home users who VPN to our office.  If they have the same local IP address scope as we are using at the office.  They may get succesful pings on FQDN's and still not get mail.  

for example let's say my head quarters is using 192.168.1.x and the home users just plugs in his router and by default it has 192.168.1.x as it's local network.  The users local gateway can get confused as to where to send packets destined for the 1.x network.  

You may want to check the IP of the local user's network and the network that the users is connecting to with the VPN.  If they are the same, change the local users network.

I hope that helps
Chace
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24271572
If you can browse through Windows Explorer or My Computer and get a browse list of all of the workstations on the office network, then NetBIOS is working.
0
 
LVL 1

Author Comment

by:cuiinc
ID: 24272595
Thanks to both of you for the comments.  Based on "hypercat's" comment, I am now unsure that NetBIOS is working.  Under Microsoft Windows Networks, I only get a browse list of the computers in the workgroup, NOT the domain to which I am connecting via VPN.  

To explain a bit further: this workgroup is on a subnet of 192.168.1.x.  I am connecting it to the domain XZY, which is 192.168.75.x.  The workgroup's firewall tunnels into XYZ, and grabs the WINS and DNS servers from XYZ.  This firewall is also the DHCP server for the workgroup.  So, when I am within the workgroup, my clients get an ip address for the workgroup subnet (192.168.1.x) and DNS info from the domain XYZ.

What puzzles me is that I can type a simple servername into a browser window (\\fileserver), and the workgroup correctly resolves it, connecting to domain XYZ.  Yet, I can't see a browse list of XYZ computers, nor can I get Outlook to find my Exchange server.  Any other suggestions?
0
 
LVL 8

Expert Comment

by:A2the6th
ID: 24272920
When you are connected to the XYZ domain, can you ping the exchange server by name or IP.  If you can get it by name, then you may want to rebuild your outlook profile.  If you only get it by IP then you can modify your Outlook profile to use the IP address instead of mail servers name.

If Outlooks works via the IP address then you are looking at a DNS issue.  If not, then we are still facing some communication issue.

Let me know the results of the above.

Thanks
Chace
0
 
LVL 1

Author Comment

by:cuiinc
ID: 24273030
I can successfully ping the name and IP of the Exchange server from the workgroup and from XYZ domain...  However, when setting up an Outlook account from within the workgroup, I can NOT find the Exchange server with name nor IP.  
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24273614
Well, this is a little weird, but since you're using Exchange 2007 (I didn't notice this before), have you tried using RPC over HTTP (i.e., Outlook Anywhere) instead of the standard Outlook TCP/IP connection?  This option is in the More Settings/Connection tab when you set up the Outlook profile on the workstation. This should work and avoid the NetBios issue entirely.
0
 
LVL 8

Accepted Solution

by:
A2the6th earned 2000 total points
ID: 24274142
cuiinc, I pasted a link to a site that talks about some alternate ways to send email.  The one in particular that I think you should try is the telnet version of email.

The steps are listed in the link.  If this works you will have successfully sent an email across your VPN tunnel.  This would lead me to believe there is an issue with the Outlook client install on that machine.  If it doesn't work you may be looking at a firewall or routing issue.  

http://www.msexchange.org/articles/Sending-Email-without-Client.html

Give this a crack and let me know the results.  Unfortunately I am heading out so I won't be able to pick this up until the morning.

Chace
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question