Solved

exchange 2003

Posted on 2010-08-26
7
217 Views
Last Modified: 2012-05-10
i have exchange 2003 on a windows server 2003 standard edition server. lately i noticed that if i VPN into my network and open outlook, at times ( it seems random ) outlook says it can't contact the exchange server. so the first thing i thought of was network/VPN issues. however, i could use remote desktop and connect to my exchange server without a problem, while outlook couldn't contact the server. so I was wondering if there is a good way to analyze the "health" of exchange to see if there is a problem with exchange? I already looked in windows logs but didn't find much there.
0
Comment
Question by:JeffBeall
7 Comments
 
LVL 1

Expert Comment

by:sduffey
ID: 33535112
When you are VPN'd into the network are you able to resolve the Exchange server by name?
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 33535132
yes
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33535186
VPN's do add extra overhead, so slow connections will be impacted by this.  But before answering this I should recommend to you to look into RPC over HTTPS.  This is best way to connect an outlook client to an exchange server remotelly, and it works great.  But if you have a business need to use the VPN, then there is a few things you can check...

The first thing is the MTU. Look for a tool called MTUROUTE and run it in DOS, basically it pings so use it against a system on the other side of the VPN and see what the MTU is.  Sometimes VPN's will drop a 1500 MTU down to 1436 or something else.  That's OK provided your VPN adapter is set to 1436 MTU (With Cisco VPN Client it allows you to adjust the MTU for example.)  I wouldn't necessarily change your systems primary NIC to anything other that 1500 though.  

What kind of firewall are you running?  I'm just curious because I know with Checkpoint R65 running on SPLAT they come defaulted to 10,000 byte TCP window size, and this can cause weird issues like that.  You can change it to 65535 with this command:
fw ctl set int fwtcpstr_max_window 65535
also you can check it  by replacing set with get and omitting the 65535. This setting is not persistent, if this is your problem reply and I will tell you how to make it persistent. That's a long shot and might only apply to a Checkpoint firewall.

Also check to see if the VPN supports TCP Keepalive, it's possible that it's timing you out and during the time your re-establishing SA outlook says it can't contact exchange.
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 1

Author Comment

by:JeffBeall
ID: 33535231
i do have RPC over HTTPS setup, I was using the VPN to get at some files.
my firewall is through a company called Corente. they use iptables on linux boxes
i could call Corente to ask about the TPC keepalive thing.
0
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
ID: 33535336
I was going to mention MTU also. I was trying to find my old notes on it. We had a lot of people getting "Connecting to server...." timeout errors when on a WAN at remote offices.
This may be the old article we had found, and it did help clients.
http://support.microsoft.com/kb/315008
0
 
LVL 3

Expert Comment

by:Fr0zT
ID: 33542463
I would still investigate the MTU thing first.  How does your VPN client work?  Is it SSL based or do you have a peice of software that you've installed on your system like NCP or is it just like an L2TP VPN?  If there is a software component, then I would like to know if that software creates an adapter which you can see on the device manager (devmgmt.msc)?  For example a Cisco VPN Client will create an adapter called "Cisco Systems VPN Adapter".
0
 
LVL 3

Assisted Solution

by:Fr0zT
Fr0zT earned 250 total points
ID: 33542516
Actually come to think of it if you are using RPC over HTTPS then I need to know if your VPN is using a split tunnel or not.  If you are using a Split Tunnel then this is not a VPN issue because RPC over HTTPS will not be traveling over the VPN and this problem is something else.

You can test if you have a split tunnel by launching your VPN and going to whatismyip.org.  The IP that it shows you will iether be your own public IP (Same as before VPN launched) or it will be the companies Public IP.  If it is still your own IP then you are using Split Tunnel and the problem lies somewhere else.
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now