?
Solved

Cannot get mail via vpn on some 3rd party wireless networks

Posted on 2010-09-01
9
Medium Priority
?
313 Views
Last Modified: 2012-05-10
Hi Experts

I have a new client with a SBS 2003 server running exchange 2003. Clients are Windows XPPro with office 2003. In the office wired or wireless all works well. From each users home all users VPn in and outlook connect to exchange OK and users see the company files on a mapped drive. Users also heve 3G dongles and these connect OK.

Occasionally a user will be abroad in a hotel  on a wireless network and are able to connect via the vpn.However they cannot get mail or see the company shared drive. If they disconnect and use a 3g dongle all works fine.  This is not just limited to hotels it can be any wireless network some free access some not.

Any advice/thoughts would be great as this one has me stumped due the ramdomness

Cheers

David
0
Comment
Question by:HiltonPark
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 5

Expert Comment

by:MrN1c3
ID: 33575497
The sites where your users are having problems, are probably just running proxy servers, so will only allow http & https traffic on ports 80 & 443.  VPN will use other TCPIP ports, which these hotels are blocking.

Just advise your users to do what they are doing, ie use the dongle.

Alternatively you could setup a vpn over ssl solution
0
 

Expert Comment

by:iris01
ID: 33575511
Often random wireless networks will take over DNS and such services, meaning that regardless of the VPN connection the client wont be able to resolve the IP of the mail server.

Two things to test would be to

A) Add an entry to the hosts file (C:\windows\system32\drivers\etc) pointing to the mail server, bypassing the DNS on the wireless networks
B) Set the RAS/VPN connections above the wireless adapter in the NIC Binding Order (In network connections go to Advanced Menu > Advanced Settings)
0
 
LVL 1

Author Comment

by:HiltonPark
ID: 33575606
Hi iris01

Thanks for your tips on things to check. I am with you on option B but option A went straight over the top. Can you be  a bit more specific in adding the entry the hosts file.

Cheers

David
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Accepted Solution

by:
iris01 earned 1000 total points
ID: 33575714
No problem

Open up notepad from there open the host file which is located at c:\windows\system32\drivers\etc (it has no file extension)

You will see a guide to how to edit it on top, and probably an entry such as

127.0.0.1          localhost

Now, let's say your SBS/Exchange server is called SERVER1 (or SERVER1.domain.local) and is on an IP address of 192.168.1.1, you would add a line to the file saying

192.168.1.1       SERVER1

and may aswell add one for SERVER1.domain.local while you're there;

192.168.1.1       SERVER1.domain.local

Then just save the file and try the connection again.

This file is referenced first for name resolution, followed by DNS servers, so any entries in here will override any on DNS servers.

You can check this has worked by pinging the mail server, if you do this before and after the hosts change you should see the server resolves to the wrong IP address before the change, and the correct one after, which should enable you to connect outlook.

A better solution may be to use RPC over HTTP, assuming you have outlook web access up and running (is configured by default in SBS, you just need to forward the traffic through your firewall), you can find a guide to setting up the clients here;

http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm
0
 
LVL 1

Author Comment

by:HiltonPark
ID: 33575767
Hi iris01

Thanks for the info I'll give it a try this PM. I take your point about RPc over http which I have used in the past. I did not think it would make any difference here but any port in a storm.

I'll report back.

Best regards

David
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33575817
David
The usual suspect in a vpn/outlook disconnected scenario is fragmented packets.
Exchange/outlook sends packets with df set, vpn takes the packets and fragments it while transporting and reassembles them in other end.

Way out
Configure max mtu of your vpn to correspond to this. That's the max mtu which won't be fragmented.
Given your case with travelling users this will be difficult to do for every network where they login from.

Better solution is to configure the users outlook to pull emails over rpc/https directly from exchange and forget the vpn altogether.

0
 
LVL 5

Expert Comment

by:DanMar
ID: 33587253
0
 
LVL 1

Author Comment

by:HiltonPark
ID: 33588498
Hello Sunnyc7 & DanMar,

Sunnyc7

I take your point re rpc/https as it was suggested earlier.So I am trying this out.

DanMar

Thanks for the KB article which I have read. I will try this out on a test rig first

Cheers

Dave
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33590342
Dave
Please post back if you need any help with this.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month8 days, 8 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question