Solved

Cannot get mail via vpn on some 3rd party wireless networks

Posted on 2010-09-01
9
304 Views
Last Modified: 2012-05-10
Hi Experts

I have a new client with a SBS 2003 server running exchange 2003. Clients are Windows XPPro with office 2003. In the office wired or wireless all works well. From each users home all users VPn in and outlook connect to exchange OK and users see the company files on a mapped drive. Users also heve 3G dongles and these connect OK.

Occasionally a user will be abroad in a hotel  on a wireless network and are able to connect via the vpn.However they cannot get mail or see the company shared drive. If they disconnect and use a 3g dongle all works fine.  This is not just limited to hotels it can be any wireless network some free access some not.

Any advice/thoughts would be great as this one has me stumped due the ramdomness

Cheers

David
0
Comment
Question by:HiltonPark
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 5

Expert Comment

by:MrN1c3
ID: 33575497
The sites where your users are having problems, are probably just running proxy servers, so will only allow http & https traffic on ports 80 & 443.  VPN will use other TCPIP ports, which these hotels are blocking.

Just advise your users to do what they are doing, ie use the dongle.

Alternatively you could setup a vpn over ssl solution
0
 

Expert Comment

by:iris01
ID: 33575511
Often random wireless networks will take over DNS and such services, meaning that regardless of the VPN connection the client wont be able to resolve the IP of the mail server.

Two things to test would be to

A) Add an entry to the hosts file (C:\windows\system32\drivers\etc) pointing to the mail server, bypassing the DNS on the wireless networks
B) Set the RAS/VPN connections above the wireless adapter in the NIC Binding Order (In network connections go to Advanced Menu > Advanced Settings)
0
 
LVL 1

Author Comment

by:HiltonPark
ID: 33575606
Hi iris01

Thanks for your tips on things to check. I am with you on option B but option A went straight over the top. Can you be  a bit more specific in adding the entry the hosts file.

Cheers

David
0
 

Accepted Solution

by:
iris01 earned 250 total points
ID: 33575714
No problem

Open up notepad from there open the host file which is located at c:\windows\system32\drivers\etc (it has no file extension)

You will see a guide to how to edit it on top, and probably an entry such as

127.0.0.1          localhost

Now, let's say your SBS/Exchange server is called SERVER1 (or SERVER1.domain.local) and is on an IP address of 192.168.1.1, you would add a line to the file saying

192.168.1.1       SERVER1

and may aswell add one for SERVER1.domain.local while you're there;

192.168.1.1       SERVER1.domain.local

Then just save the file and try the connection again.

This file is referenced first for name resolution, followed by DNS servers, so any entries in here will override any on DNS servers.

You can check this has worked by pinging the mail server, if you do this before and after the hosts change you should see the server resolves to the wrong IP address before the change, and the correct one after, which should enable you to connect outlook.

A better solution may be to use RPC over HTTP, assuming you have outlook web access up and running (is configured by default in SBS, you just need to forward the traffic through your firewall), you can find a guide to setting up the clients here;

http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 
LVL 1

Author Comment

by:HiltonPark
ID: 33575767
Hi iris01

Thanks for the info I'll give it a try this PM. I take your point about RPc over http which I have used in the past. I did not think it would make any difference here but any port in a storm.

I'll report back.

Best regards

David
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33575817
David
The usual suspect in a vpn/outlook disconnected scenario is fragmented packets.
Exchange/outlook sends packets with df set, vpn takes the packets and fragments it while transporting and reassembles them in other end.

Way out
Configure max mtu of your vpn to correspond to this. That's the max mtu which won't be fragmented.
Given your case with travelling users this will be difficult to do for every network where they login from.

Better solution is to configure the users outlook to pull emails over rpc/https directly from exchange and forget the vpn altogether.

0
 
LVL 5

Expert Comment

by:DanMar
ID: 33587253
0
 
LVL 1

Author Comment

by:HiltonPark
ID: 33588498
Hello Sunnyc7 & DanMar,

Sunnyc7

I take your point re rpc/https as it was suggested earlier.So I am trying this out.

DanMar

Thanks for the KB article which I have read. I will try this out on a test rig first

Cheers

Dave
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33590342
Dave
Please post back if you need any help with this.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
If you don't know how to downgrade, my instructions below should be helpful.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now