csystemnet
asked on
Unable synchronize Outlook 2007 2003 with Exchange 2003 over VPN, error 0x8004011D
Hallo,
I have big trouble with outlook 2003 or 2007 that want to communicate with exchange 2003 over VPN. I have read many pages about it on internet and also on EE but noone leads me to solve my problem.
Mabye I found one diference than is described in other problems of "0x8004011D": we use fortinet products for making VPN connection. And problem is on clients side which use forticlient IPSec or SSL VPN tunel. If the client gets IP address from VPN DHCP server connection between client's outlook and exchange isnt estabilished. But if I set IP address manualy to out of range of VPN DHCP the connection is estabilished but only once. If I close outlook and disconnet VPN connection and connect client to VPN again with the same manual IP address Outlook doesnt connect with exchange.
On client side I can always ping the exchange server its IP or domain name. There is no firewall activated on client side, router, exchange. Exchange on local network works correctly. OWA works correctly.
I tried reset or flash with newest firmware the router but without effect.
Thank you for your help.
I have big trouble with outlook 2003 or 2007 that want to communicate with exchange 2003 over VPN. I have read many pages about it on internet and also on EE but noone leads me to solve my problem.
Mabye I found one diference than is described in other problems of "0x8004011D": we use fortinet products for making VPN connection. And problem is on clients side which use forticlient IPSec or SSL VPN tunel. If the client gets IP address from VPN DHCP server connection between client's outlook and exchange isnt estabilished. But if I set IP address manualy to out of range of VPN DHCP the connection is estabilished but only once. If I close outlook and disconnet VPN connection and connect client to VPN again with the same manual IP address Outlook doesnt connect with exchange.
On client side I can always ping the exchange server its IP or domain name. There is no firewall activated on client side, router, exchange. Exchange on local network works correctly. OWA works correctly.
I tried reset or flash with newest firmware the router but without effect.
Thank you for your help.
How is the name space setup? Is your AD namespace the same as the public DNS? for instance like domain.com for both? If so I have the fix.
This is a common issue that I have seen...when the name space is the same and your doing split dns then your workstations can query either the public dns or the AD dns...when it queries the public dns it will fail.
You need to setup a script or process that places the \Device\NdisWanIp entry on the top in the ' registry value Bind (multi-string) that is found under the key ' HKLM\SYSTEM\CurrentControl Set\Servic es\Tcpip\L inkage\
If the entry already is at the top, no registry update is done.
Script:
' KB311218 - Cannot Change the Binding Order for Remote Access Connections
' ========================== ========== ========== ========== ========== ======
' VBScript that places the \Device\NdisWanIp entry on the top in the
' registry value Bind (multi-string) that is found under the key
' HKLM\SYSTEM\CurrentControl Set\Servic es\Tcpip\L inkage\.
' If the entry already is at the top, no registry update is done.
Const HKLM = &H80000002
sComputer = "." ' use "." for local computer
' Connect to WMI's StdRegProv class
Set oReg = GetObject("winmgmts:{imper sonationLe vel=impers onate}!\\" _
& sComputer & "\root\default:StdRegProv" )
' Define registry location
sKeyPath = "SYSTEM\CurrentControlSet\ Services\T cpip\Linka ge"
sValueName = "Bind"
oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues
arValuesNew = Array()
For i = 0 To UBound(arValues)
If i = 0 Then
If LCase(arValues(i)) = "\device\ndiswanip" Then
' Entry is already first in the list, no point in continuing
Exit For
Else
' Put NdisWanIp in the first element in the new array
ReDim Preserve arValuesNew(0)
arValuesNew(0) = "\Device\NdisWanIp"
End If
End If
' Continue adding the rest of the elements to the new array
If LCase(arValues(i)) <> "\device\ndiswanip" Then
iCountNew = UBound(arValuesNew) + 1
ReDim Preserve arValuesNew(iCountNew)
arValuesNew(iCountNew) = arValues(i)
End If
Next
' If there are elements to be found in the array, update the
' registry value
If UBound(arValuesNew) > -1 Then
oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew
End If
This is a common issue that I have seen...when the name space is the same and your doing split dns then your workstations can query either the public dns or the AD dns...when it queries the public dns it will fail.
You need to setup a script or process that places the \Device\NdisWanIp entry on the top in the ' registry value Bind (multi-string) that is found under the key ' HKLM\SYSTEM\CurrentControl
If the entry already is at the top, no registry update is done.
Script:
' KB311218 - Cannot Change the Binding Order for Remote Access Connections
' ==========================
' VBScript that places the \Device\NdisWanIp entry on the top in the
' registry value Bind (multi-string) that is found under the key
' HKLM\SYSTEM\CurrentControl
' If the entry already is at the top, no registry update is done.
Const HKLM = &H80000002
sComputer = "." ' use "." for local computer
' Connect to WMI's StdRegProv class
Set oReg = GetObject("winmgmts:{imper
& sComputer & "\root\default:StdRegProv"
' Define registry location
sKeyPath = "SYSTEM\CurrentControlSet\
sValueName = "Bind"
oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues
arValuesNew = Array()
For i = 0 To UBound(arValues)
If i = 0 Then
If LCase(arValues(i)) = "\device\ndiswanip" Then
' Entry is already first in the list, no point in continuing
Exit For
Else
' Put NdisWanIp in the first element in the new array
ReDim Preserve arValuesNew(0)
arValuesNew(0) = "\Device\NdisWanIp"
End If
End If
' Continue adding the rest of the elements to the new array
If LCase(arValues(i)) <> "\device\ndiswanip" Then
iCountNew = UBound(arValuesNew) + 1
ReDim Preserve arValuesNew(iCountNew)
arValuesNew(iCountNew) = arValues(i)
End If
Next
' If there are elements to be found in the array, update the
' registry value
If UBound(arValuesNew) > -1 Then
oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew
End If
ASKER
Hallo EndureKona, thank you for your advice. We use different name space...
ASKER
Hallo limjianan,
I know about RPC over HTTP/S, but I would like to know why was the described problem appeared? Becouse this problem isnt only in one company, but it starts to appear in another. And strange is that VPN clients have been using outlook over VPN for more then 2 years and there was no problem.
I know about RPC over HTTP/S, but I would like to know why was the described problem appeared? Becouse this problem isnt only in one company, but it starts to appear in another. And strange is that VPN clients have been using outlook over VPN for more then 2 years and there was no problem.
hmm...
what kind of vpn connection u used?
i have tested my vpn (microsoft) connection to oulook and it seems working fine.
after the vpn connected, do you see other issues than exchange 2003?
like file browsing and etc?
what kind of vpn connection u used?
i have tested my vpn (microsoft) connection to oulook and it seems working fine.
after the vpn connected, do you see other issues than exchange 2003?
like file browsing and etc?
ASKER
limjianan: I use software VPN client (FortiClient). When Iam connected to VPN i can see everything (ping to IP, name, network sharing, ...) to excahnge or another PC/servers in local network. But using outlook with exchange over VPN doesnt work.
under your outlook 2003/2007
can you paste the error logs about the sync issue?
can you paste the error logs about the sync issue?
ASKER
Hallo, sorry for later reply. Error message is atteched files
error.jpg
error.jpg
i have a thought about the issues..
the only thing i can think on is the name
after you connect to vpn, the dns server IP address change.
so when you query to exchange server.
it can be <servername> or <servername>.domain.local or <servername>.<domain-netbi osname> or <externalwebmaildomain>
i would try to ping all possible name and see issit all of them able to resolve a internal IP address
the only thing i can think on is the name
after you connect to vpn, the dns server IP address change.
so when you query to exchange server.
it can be <servername> or <servername>.domain.local or <servername>.<domain-netbi
i would try to ping all possible name and see issit all of them able to resolve a internal IP address
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
limjianan: I can ping excahnge server with its full domain name (<servername>.domain.local ). The same is setted in outlook configuration.
well apparently it is a fortinet issue, so we will leave the question as it.
i would recommend instead of closing of your question,
choose your answer as the accepted answer. at least that give you a conclusion of this question.
i would recommend instead of closing of your question,
choose your answer as the accepted answer. at least that give you a conclusion of this question.
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm