Solved

exchange 2003

Posted on 2010-08-26
7
214 Views
Last Modified: 2012-05-10
i have exchange 2003 on a windows server 2003 standard edition server. lately i noticed that if i VPN into my network and open outlook, at times ( it seems random ) outlook says it can't contact the exchange server. so the first thing i thought of was network/VPN issues. however, i could use remote desktop and connect to my exchange server without a problem, while outlook couldn't contact the server. so I was wondering if there is a good way to analyze the "health" of exchange to see if there is a problem with exchange? I already looked in windows logs but didn't find much there.
0
Comment
Question by:JeffBeall
7 Comments
 
LVL 1

Expert Comment

by:sduffey
ID: 33535112
When you are VPN'd into the network are you able to resolve the Exchange server by name?
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 33535132
yes
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33535186
VPN's do add extra overhead, so slow connections will be impacted by this.  But before answering this I should recommend to you to look into RPC over HTTPS.  This is best way to connect an outlook client to an exchange server remotelly, and it works great.  But if you have a business need to use the VPN, then there is a few things you can check...

The first thing is the MTU. Look for a tool called MTUROUTE and run it in DOS, basically it pings so use it against a system on the other side of the VPN and see what the MTU is.  Sometimes VPN's will drop a 1500 MTU down to 1436 or something else.  That's OK provided your VPN adapter is set to 1436 MTU (With Cisco VPN Client it allows you to adjust the MTU for example.)  I wouldn't necessarily change your systems primary NIC to anything other that 1500 though.  

What kind of firewall are you running?  I'm just curious because I know with Checkpoint R65 running on SPLAT they come defaulted to 10,000 byte TCP window size, and this can cause weird issues like that.  You can change it to 65535 with this command:
fw ctl set int fwtcpstr_max_window 65535
also you can check it  by replacing set with get and omitting the 65535. This setting is not persistent, if this is your problem reply and I will tell you how to make it persistent. That's a long shot and might only apply to a Checkpoint firewall.

Also check to see if the VPN supports TCP Keepalive, it's possible that it's timing you out and during the time your re-establishing SA outlook says it can't contact exchange.
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 1

Author Comment

by:JeffBeall
ID: 33535231
i do have RPC over HTTPS setup, I was using the VPN to get at some files.
my firewall is through a company called Corente. they use iptables on linux boxes
i could call Corente to ask about the TPC keepalive thing.
0
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
ID: 33535336
I was going to mention MTU also. I was trying to find my old notes on it. We had a lot of people getting "Connecting to server...." timeout errors when on a WAN at remote offices.
This may be the old article we had found, and it did help clients.
http://support.microsoft.com/kb/315008
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33542463
I would still investigate the MTU thing first.  How does your VPN client work?  Is it SSL based or do you have a peice of software that you've installed on your system like NCP or is it just like an L2TP VPN?  If there is a software component, then I would like to know if that software creates an adapter which you can see on the device manager (devmgmt.msc)?  For example a Cisco VPN Client will create an adapter called "Cisco Systems VPN Adapter".
0
 
LVL 3

Assisted Solution

by:Fr0zT
Fr0zT earned 250 total points
ID: 33542516
Actually come to think of it if you are using RPC over HTTPS then I need to know if your VPN is using a split tunnel or not.  If you are using a Split Tunnel then this is not a VPN issue because RPC over HTTPS will not be traveling over the VPN and this problem is something else.

You can test if you have a split tunnel by launching your VPN and going to whatismyip.org.  The IP that it shows you will iether be your own public IP (Same as before VPN launched) or it will be the companies Public IP.  If it is still your own IP then you are using Split Tunnel and the problem lies somewhere else.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Sometimes Outlook might have problems sending a message. There may be various causes- corrupted PST, AV scanner etc. The message, instead of going to the Sent Items folder, sits in the Outbox indefinitely. To remove it you can use a free tool cal…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now