Outlook hangs on VPN, OWA fine

Paddy_Boy_Floyd
Paddy_Boy_Floyd used Ask the Experts™
on
I have a Windows 2k3 SBS sitting behind a SonicWall.   Our users connect using the windows PPTP VPN.   When connecting, the VPN connection connects quickly and without issue.  However, when the VPN connection is active, Outlook hangs.   It will give either the message that its trying to connect to exchange or waiting to update this folder and the icon will indicate "Outlook is requesting data from the server".  

Alternatively, with out connecting on the VPN, I can get to OWA fine and the mail to our blackberries all sync with out issue.   In addition, I can remote desktop to the server external address fine.  

While connected on the VPN, I can watch the traffic on the connection and there never seems to be much activity.   Also, while connected I can ping the server internal IP as well as the server hostname.

Any ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Why are you not using HTTPs over RPC - then you can lose the VPN and it is much simpler?
http://www.amset.info/exchange/rpc-http.asp
All you need is a trusted SSL certificate - or a properly setup self-signed one, a few tweaks here and there and off you go.  Then your users can use Outlook as if they were sitting in the office, anywhere in the world.

Commented:
Using RPC-over-HTTP will be the best long term solution, but if you are interested in figuring out the VPN issue, can you please test the following for me:
Once on VPN, Start > Run - \\ExchangeServerName\
What happens?

Author

Commented:
Over the VPN, opening the server and the file share is slow and has odd behavior, such as it will pull up some of the directories, while other times it gives the message that it can't access the share.   For example, I went to //server/users/me and it opened to contents of that directory but when I tried to open a ~1meg picture in my directory, it would hang and then after a while give me the can't access the resource message.  While waiting on the file to open, I watched the connection and there was minimal activity.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Alan HardistyCo-Owner
Top Expert 2011

Commented:
VPN is always slow and if you are only using it to access Outlook, then HTTPs over RPC is a much better solution.
I always add the IP of the server to the lmhosts.sam file locally then reboot the machine.  It speeds up acces 5-fold to the server.
Alternatively, you need to point your local DNS to the server for DNS resolution.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
The location of the lmhosts.sam file is c:\windows\system32\drivers\etc

Commented:
agree with everyone on hosts file-  it is the simplest approach for connecting to the exchange server , but some reasons outlook can be slow over the vpn can be due to MTU size of the packets. The exchange server sends large packets with the DF bit set (Don't Fragment). This when added with the IPSec headers goes beyond the MTU of the Firewalls. Some firewalls by default ignore the DF bits and fragments the packets and forwards it onto the VPN tunnel. Although, these are re-assembled at the client side, this can cause problems with outlook clients as they keep re-initiating connections until they run out of connection objects on the Exchange server. That's when they can no longer connect to the Exchange server and the server reports  events with "MaxObjExceeded" in the event logs  Some firewalls have MSS (maximum segment size) settings for tcp packets which can remedy the above issues.

Again, agree with everyone on HTTPs/RPC, as it has fewer networking issues- "lighter"

but if the vpn deployment is in your company's security policy, firewall tweaking as well as MTU issues on the client machines can usually be satifactorily remedied



Gah - I feel like a goof.  My employee, the so called "SonicWall expert" had the configuration screwed up and the load balancing was causing the connections to be dropped.

Regerdless, I do greatly appreciate all the assistance.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Oh well - as long as you got the solution, it makes no difference how you got there!
Well done.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial