Solved

exchange 2003

Posted on 2010-08-26
7
224 Views
Last Modified: 2012-05-10
i have exchange 2003 on a windows server 2003 standard edition server. lately i noticed that if i VPN into my network and open outlook, at times ( it seems random ) outlook says it can't contact the exchange server. so the first thing i thought of was network/VPN issues. however, i could use remote desktop and connect to my exchange server without a problem, while outlook couldn't contact the server. so I was wondering if there is a good way to analyze the "health" of exchange to see if there is a problem with exchange? I already looked in windows logs but didn't find much there.
0
Comment
Question by:JeffBeall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:sduffey
ID: 33535112
When you are VPN'd into the network are you able to resolve the Exchange server by name?
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 33535132
yes
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33535186
VPN's do add extra overhead, so slow connections will be impacted by this.  But before answering this I should recommend to you to look into RPC over HTTPS.  This is best way to connect an outlook client to an exchange server remotelly, and it works great.  But if you have a business need to use the VPN, then there is a few things you can check...

The first thing is the MTU. Look for a tool called MTUROUTE and run it in DOS, basically it pings so use it against a system on the other side of the VPN and see what the MTU is.  Sometimes VPN's will drop a 1500 MTU down to 1436 or something else.  That's OK provided your VPN adapter is set to 1436 MTU (With Cisco VPN Client it allows you to adjust the MTU for example.)  I wouldn't necessarily change your systems primary NIC to anything other that 1500 though.  

What kind of firewall are you running?  I'm just curious because I know with Checkpoint R65 running on SPLAT they come defaulted to 10,000 byte TCP window size, and this can cause weird issues like that.  You can change it to 65535 with this command:
fw ctl set int fwtcpstr_max_window 65535
also you can check it  by replacing set with get and omitting the 65535. This setting is not persistent, if this is your problem reply and I will tell you how to make it persistent. That's a long shot and might only apply to a Checkpoint firewall.

Also check to see if the VPN supports TCP Keepalive, it's possible that it's timing you out and during the time your re-establishing SA outlook says it can't contact exchange.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:JeffBeall
ID: 33535231
i do have RPC over HTTPS setup, I was using the VPN to get at some files.
my firewall is through a company called Corente. they use iptables on linux boxes
i could call Corente to ask about the TPC keepalive thing.
0
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
ID: 33535336
I was going to mention MTU also. I was trying to find my old notes on it. We had a lot of people getting "Connecting to server...." timeout errors when on a WAN at remote offices.
This may be the old article we had found, and it did help clients.
http://support.microsoft.com/kb/315008
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33542463
I would still investigate the MTU thing first.  How does your VPN client work?  Is it SSL based or do you have a peice of software that you've installed on your system like NCP or is it just like an L2TP VPN?  If there is a software component, then I would like to know if that software creates an adapter which you can see on the device manager (devmgmt.msc)?  For example a Cisco VPN Client will create an adapter called "Cisco Systems VPN Adapter".
0
 
LVL 3

Assisted Solution

by:Fr0zT
Fr0zT earned 250 total points
ID: 33542516
Actually come to think of it if you are using RPC over HTTPS then I need to know if your VPN is using a split tunnel or not.  If you are using a Split Tunnel then this is not a VPN issue because RPC over HTTPS will not be traveling over the VPN and this problem is something else.

You can test if you have a split tunnel by launching your VPN and going to whatismyip.org.  The IP that it shows you will iether be your own public IP (Same as before VPN launched) or it will be the companies Public IP.  If it is still your own IP then you are using Split Tunnel and the problem lies somewhere else.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question