[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 315
  • Last Modified:

Cannot get mail via vpn on some 3rd party wireless networks

Hi Experts

I have a new client with a SBS 2003 server running exchange 2003. Clients are Windows XPPro with office 2003. In the office wired or wireless all works well. From each users home all users VPn in and outlook connect to exchange OK and users see the company files on a mapped drive. Users also heve 3G dongles and these connect OK.

Occasionally a user will be abroad in a hotel  on a wireless network and are able to connect via the vpn.However they cannot get mail or see the company shared drive. If they disconnect and use a 3g dongle all works fine.  This is not just limited to hotels it can be any wireless network some free access some not.

Any advice/thoughts would be great as this one has me stumped due the ramdomness

Cheers

David
0
HiltonPark
Asked:
HiltonPark
  • 3
  • 2
  • 2
  • +2
1 Solution
 
MrN1c3Commented:
The sites where your users are having problems, are probably just running proxy servers, so will only allow http & https traffic on ports 80 & 443.  VPN will use other TCPIP ports, which these hotels are blocking.

Just advise your users to do what they are doing, ie use the dongle.

Alternatively you could setup a vpn over ssl solution
0
 
iris01Commented:
Often random wireless networks will take over DNS and such services, meaning that regardless of the VPN connection the client wont be able to resolve the IP of the mail server.

Two things to test would be to

A) Add an entry to the hosts file (C:\windows\system32\drivers\etc) pointing to the mail server, bypassing the DNS on the wireless networks
B) Set the RAS/VPN connections above the wireless adapter in the NIC Binding Order (In network connections go to Advanced Menu > Advanced Settings)
0
 
HiltonParkAuthor Commented:
Hi iris01

Thanks for your tips on things to check. I am with you on option B but option A went straight over the top. Can you be  a bit more specific in adding the entry the hosts file.

Cheers

David
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
iris01Commented:
No problem

Open up notepad from there open the host file which is located at c:\windows\system32\drivers\etc (it has no file extension)

You will see a guide to how to edit it on top, and probably an entry such as

127.0.0.1          localhost

Now, let's say your SBS/Exchange server is called SERVER1 (or SERVER1.domain.local) and is on an IP address of 192.168.1.1, you would add a line to the file saying

192.168.1.1       SERVER1

and may aswell add one for SERVER1.domain.local while you're there;

192.168.1.1       SERVER1.domain.local

Then just save the file and try the connection again.

This file is referenced first for name resolution, followed by DNS servers, so any entries in here will override any on DNS servers.

You can check this has worked by pinging the mail server, if you do this before and after the hosts change you should see the server resolves to the wrong IP address before the change, and the correct one after, which should enable you to connect outlook.

A better solution may be to use RPC over HTTP, assuming you have outlook web access up and running (is configured by default in SBS, you just need to forward the traffic through your firewall), you can find a guide to setting up the clients here;

http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm
0
 
HiltonParkAuthor Commented:
Hi iris01

Thanks for the info I'll give it a try this PM. I take your point about RPc over http which I have used in the past. I did not think it would make any difference here but any port in a storm.

I'll report back.

Best regards

David
0
 
sunnyc7Commented:
David
The usual suspect in a vpn/outlook disconnected scenario is fragmented packets.
Exchange/outlook sends packets with df set, vpn takes the packets and fragments it while transporting and reassembles them in other end.

Way out
Configure max mtu of your vpn to correspond to this. That's the max mtu which won't be fragmented.
Given your case with travelling users this will be difficult to do for every network where they login from.

Better solution is to configure the users outlook to pull emails over rpc/https directly from exchange and forget the vpn altogether.

0
 
DanMarCommented:
0
 
HiltonParkAuthor Commented:
Hello Sunnyc7 & DanMar,

Sunnyc7

I take your point re rpc/https as it was suggested earlier.So I am trying this out.

DanMar

Thanks for the KB article which I have read. I will try this out on a test rig first

Cheers

Dave
0
 
sunnyc7Commented:
Dave
Please post back if you need any help with this.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now