exchange 2003

i have exchange 2003 on a windows server 2003 standard edition server. lately i noticed that if i VPN into my network and open outlook, at times ( it seems random ) outlook says it can't contact the exchange server. so the first thing i thought of was network/VPN issues. however, i could use remote desktop and connect to my exchange server without a problem, while outlook couldn't contact the server. so I was wondering if there is a good way to analyze the "health" of exchange to see if there is a problem with exchange? I already looked in windows logs but didn't find much there.
LVL 1
JeffBeallAsked:
Who is Participating?
 
FDiskWizardConnect With a Mentor Commented:
I was going to mention MTU also. I was trying to find my old notes on it. We had a lot of people getting "Connecting to server...." timeout errors when on a WAN at remote offices.
This may be the old article we had found, and it did help clients.
http://support.microsoft.com/kb/315008
0
 
sduffeyCommented:
When you are VPN'd into the network are you able to resolve the Exchange server by name?
0
 
JeffBeallAuthor Commented:
yes
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
Fr0zTCommented:
VPN's do add extra overhead, so slow connections will be impacted by this.  But before answering this I should recommend to you to look into RPC over HTTPS.  This is best way to connect an outlook client to an exchange server remotelly, and it works great.  But if you have a business need to use the VPN, then there is a few things you can check...

The first thing is the MTU. Look for a tool called MTUROUTE and run it in DOS, basically it pings so use it against a system on the other side of the VPN and see what the MTU is.  Sometimes VPN's will drop a 1500 MTU down to 1436 or something else.  That's OK provided your VPN adapter is set to 1436 MTU (With Cisco VPN Client it allows you to adjust the MTU for example.)  I wouldn't necessarily change your systems primary NIC to anything other that 1500 though.  

What kind of firewall are you running?  I'm just curious because I know with Checkpoint R65 running on SPLAT they come defaulted to 10,000 byte TCP window size, and this can cause weird issues like that.  You can change it to 65535 with this command:
fw ctl set int fwtcpstr_max_window 65535
also you can check it  by replacing set with get and omitting the 65535. This setting is not persistent, if this is your problem reply and I will tell you how to make it persistent. That's a long shot and might only apply to a Checkpoint firewall.

Also check to see if the VPN supports TCP Keepalive, it's possible that it's timing you out and during the time your re-establishing SA outlook says it can't contact exchange.
0
 
JeffBeallAuthor Commented:
i do have RPC over HTTPS setup, I was using the VPN to get at some files.
my firewall is through a company called Corente. they use iptables on linux boxes
i could call Corente to ask about the TPC keepalive thing.
0
 
Fr0zTCommented:
I would still investigate the MTU thing first.  How does your VPN client work?  Is it SSL based or do you have a peice of software that you've installed on your system like NCP or is it just like an L2TP VPN?  If there is a software component, then I would like to know if that software creates an adapter which you can see on the device manager (devmgmt.msc)?  For example a Cisco VPN Client will create an adapter called "Cisco Systems VPN Adapter".
0
 
Fr0zTConnect With a Mentor Commented:
Actually come to think of it if you are using RPC over HTTPS then I need to know if your VPN is using a split tunnel or not.  If you are using a Split Tunnel then this is not a VPN issue because RPC over HTTPS will not be traveling over the VPN and this problem is something else.

You can test if you have a split tunnel by launching your VPN and going to whatismyip.org.  The IP that it shows you will iether be your own public IP (Same as before VPN launched) or it will be the companies Public IP.  If it is still your own IP then you are using Split Tunnel and the problem lies somewhere else.
0
All Courses

From novice to tech pro — start learning today.