Solved

exchange 2003

Posted on 2010-08-26
7
222 Views
Last Modified: 2012-05-10
i have exchange 2003 on a windows server 2003 standard edition server. lately i noticed that if i VPN into my network and open outlook, at times ( it seems random ) outlook says it can't contact the exchange server. so the first thing i thought of was network/VPN issues. however, i could use remote desktop and connect to my exchange server without a problem, while outlook couldn't contact the server. so I was wondering if there is a good way to analyze the "health" of exchange to see if there is a problem with exchange? I already looked in windows logs but didn't find much there.
0
Comment
Question by:JeffBeall
7 Comments
 
LVL 1

Expert Comment

by:sduffey
ID: 33535112
When you are VPN'd into the network are you able to resolve the Exchange server by name?
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 33535132
yes
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33535186
VPN's do add extra overhead, so slow connections will be impacted by this.  But before answering this I should recommend to you to look into RPC over HTTPS.  This is best way to connect an outlook client to an exchange server remotelly, and it works great.  But if you have a business need to use the VPN, then there is a few things you can check...

The first thing is the MTU. Look for a tool called MTUROUTE and run it in DOS, basically it pings so use it against a system on the other side of the VPN and see what the MTU is.  Sometimes VPN's will drop a 1500 MTU down to 1436 or something else.  That's OK provided your VPN adapter is set to 1436 MTU (With Cisco VPN Client it allows you to adjust the MTU for example.)  I wouldn't necessarily change your systems primary NIC to anything other that 1500 though.  

What kind of firewall are you running?  I'm just curious because I know with Checkpoint R65 running on SPLAT they come defaulted to 10,000 byte TCP window size, and this can cause weird issues like that.  You can change it to 65535 with this command:
fw ctl set int fwtcpstr_max_window 65535
also you can check it  by replacing set with get and omitting the 65535. This setting is not persistent, if this is your problem reply and I will tell you how to make it persistent. That's a long shot and might only apply to a Checkpoint firewall.

Also check to see if the VPN supports TCP Keepalive, it's possible that it's timing you out and during the time your re-establishing SA outlook says it can't contact exchange.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 1

Author Comment

by:JeffBeall
ID: 33535231
i do have RPC over HTTPS setup, I was using the VPN to get at some files.
my firewall is through a company called Corente. they use iptables on linux boxes
i could call Corente to ask about the TPC keepalive thing.
0
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
ID: 33535336
I was going to mention MTU also. I was trying to find my old notes on it. We had a lot of people getting "Connecting to server...." timeout errors when on a WAN at remote offices.
This may be the old article we had found, and it did help clients.
http://support.microsoft.com/kb/315008
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33542463
I would still investigate the MTU thing first.  How does your VPN client work?  Is it SSL based or do you have a peice of software that you've installed on your system like NCP or is it just like an L2TP VPN?  If there is a software component, then I would like to know if that software creates an adapter which you can see on the device manager (devmgmt.msc)?  For example a Cisco VPN Client will create an adapter called "Cisco Systems VPN Adapter".
0
 
LVL 3

Assisted Solution

by:Fr0zT
Fr0zT earned 250 total points
ID: 33542516
Actually come to think of it if you are using RPC over HTTPS then I need to know if your VPN is using a split tunnel or not.  If you are using a Split Tunnel then this is not a VPN issue because RPC over HTTPS will not be traveling over the VPN and this problem is something else.

You can test if you have a split tunnel by launching your VPN and going to whatismyip.org.  The IP that it shows you will iether be your own public IP (Same as before VPN launched) or it will be the companies Public IP.  If it is still your own IP then you are using Split Tunnel and the problem lies somewhere else.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question