Javier Gonzalez
asked on
Exchange 2007 topologie issue
We have a main Microsoft forest with multiple sites around the world.
Each sites are connected to the headquarter in Brussels by VPN tunnelings. In Brussels, we decided to install a few months ago a first exchange 2007 server with 4 roles (Mailboxes server, CAS server, UM server, and hub server) and a second one with the Edge transport server (to filter all Spam).
On each satellite offices, the users are using the microsoft oulook client 2003 / 2007 but configure to use Outlook anywhere (RPC connection through HTTP). We are meeting latency time for these clients to reach the exchange server in Brussels and during the day, by period, the messages are blocked in the outbox a long time (30 minutes). This case is general on all remote offices (with very good Internet connection too) and we suppose that the outlook clients are configured perfectly.
My question is how can I improve this exchange topology? My first idea was to install exchange server too on the remote offices but I would like to leave all mailboxes stored in Brussels (to backup them easily). Do you have better ideas?
I hope I was clear in my explanation with my bad English...
Thanks,
Javier
Each sites are connected to the headquarter in Brussels by VPN tunnelings. In Brussels, we decided to install a few months ago a first exchange 2007 server with 4 roles (Mailboxes server, CAS server, UM server, and hub server) and a second one with the Edge transport server (to filter all Spam).
On each satellite offices, the users are using the microsoft oulook client 2003 / 2007 but configure to use Outlook anywhere (RPC connection through HTTP). We are meeting latency time for these clients to reach the exchange server in Brussels and during the day, by period, the messages are blocked in the outbox a long time (30 minutes). This case is general on all remote offices (with very good Internet connection too) and we suppose that the outlook clients are configured perfectly.
My question is how can I improve this exchange topology? My first idea was to install exchange server too on the remote offices but I would like to leave all mailboxes stored in Brussels (to backup them easily). Do you have better ideas?
I hope I was clear in my explanation with my bad English...
Thanks,
Javier
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you check with your networking guy to configure a different route for RPC requests.
what is the purpose of VPN ?
you can break the VPN and see if your mail flow is restored - for testing.
what is the purpose of VPN ?
you can break the VPN and see if your mail flow is restored - for testing.
ASKER
I cannot break it because the users are using it as their default gateway.
It's Nortel Contivity 1050.
I know that the guy there, had configured a route for HTTP, HTTPS, FTP, etc for external requests and then avoid that users to cross the tunnel to surf on Internet.
But here in that case I don't know... I'm going to sniff the packet transmission tomorrow just to be sure.
Thanks a lot for your suggestions,
Keep you inform,
Javier
It's Nortel Contivity 1050.
I know that the guy there, had configured a route for HTTP, HTTPS, FTP, etc for external requests and then avoid that users to cross the tunnel to surf on Internet.
But here in that case I don't know... I'm going to sniff the packet transmission tomorrow just to be sure.
Thanks a lot for your suggestions,
Keep you inform,
Javier
I cannot break it because the users are using it as their default gateway.
>> why would users in branch office use the VPN as a default gateway, shouldnt they be getting it from the firewall /router over there or a windows server if they have one ?
maybe you can ask this person to include RPC requests to external too.
Please post back how this goes.
>> why would users in branch office use the VPN as a default gateway, shouldnt they be getting it from the firewall /router over there or a windows server if they have one ?
maybe you can ask this person to include RPC requests to external too.
Please post back how this goes.
ASKER
The VPN routers in the branch offices are acting likes a firewall too that's why. I have to verify the rules with my colleague there to be sure that RPC requests are routed to the net too.
Don't worry, I'll keep you inform.
Javier
Don't worry, I'll keep you inform.
Javier
Thanks javier
ASKER
Hi Sunnyc7,
Just a little message to give you a feedback.
Indeed all RPC traffic is passing through the tunnel, I asked to create a new route to force the redirection directly to the net. I'm waiting now a report from the users in Amsterdam if that issue has disappeared.
Keep you in touch,
Just a little message to give you a feedback.
Indeed all RPC traffic is passing through the tunnel, I asked to create a new route to force the redirection directly to the net. I'm waiting now a report from the users in Amsterdam if that issue has disappeared.
Keep you in touch,
ASKER
Hi Sunnyc7,
As promised, I'm back to give you my feedback.
We forced the RPC (HTTPS) connections to outside (creating a new route into the router) and the latency time simply disappear!
Thanks a million man, for your quick intervention and good solution!!
Javier
As promised, I'm back to give you my feedback.
We forced the RPC (HTTPS) connections to outside (creating a new route into the router) and the latency time simply disappear!
Thanks a million man, for your quick intervention and good solution!!
Javier
Javier. you are welcome.
Glad to be of help.
Glad to be of help.
ASKER
C:\>nslookup bvdep.net
Server: dc-ams1.bvdep.net
Address: 172.29.139.1
Naam: bvdep.net
Addresses: 172.29.139.1
172.28.1.2
172.29.138.17
172.28.1.1
172.29.250.179
172.29.251.27
172.29.142.13
172.29.135.9
172.28.1.21
-----
C:\>ping mail-bxl-a.be.bvdep.net
Pingen naar mail-bxl-a.be.bvdep.net [172.28.1.170] met 32 bytes aan gegevens:
Antwoord van 172.28.1.170: bytes=32 tijd=25 ms TTL=125
Antwoord van 172.28.1.170: bytes=32 tijd=23 ms TTL=125
Antwoord van 172.28.1.170: bytes=32 tijd=38 ms TTL=125
Antwoord van 172.28.1.170: bytes=32 tijd=23 ms TTL=125
Ping-statistieken voor 172.28.1.170:
Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
(0% verlies).
De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
Minimum = 23ms, Maximum = 38ms, Gemiddelde = 27ms
-----
See attached files
"Tot stand gebracht" means "established"
-----
Without the -E and -R arguments:
C:\>RPCPing.exe -t ncacn_http -o RpcProxy=mail-bxl-a.be.bvd
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
Activiteits-id RPC-pingset: {0abe27c9-787e-41a2-b7a5-5
Uitzondering 1722 (0x000006BA)
Aantal records: 3
Proces-id is 1372
Systeemtijd is: 9/16/2010 17:0:19:692
Genererend onderdeel is 13
Status is 0x6BA, 1722
Detectielocatie is 1352
Vlaggen is 0
Aantal parameters is 1
Lange waarde: 0xc002100a
Proces-id is 1372
Systeemtijd is: 9/16/2010 17:0:19:692
Genererend onderdeel is 14
Status is 0xC002100A, -1073606646
Detectielocatie is 1380
Vlaggen is 0
Aantal parameters is 2
Lange waarde: 0x2f8f
Unicode-tekenreeks: /rpc/rpcproxy.dll?HP5750SU
Proces-id is 1372
Systeemtijd is: 9/16/2010 17:0:19:692
Genererend onderdeel is 14
Status is 0x10000, 65536
Detectielocatie is 1385
Vlaggen is 0
Aantal parameters is 2
Lange waarde: 0x10
Binaire waarde: lengte 1627 57068230 3F058230 10203A0 2100202
With the -E and -R arguments:
C:\>RPCPing.exe -t ncacn_http -o RpcProxy=mail-bxl-a.be.bvd
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
Activiteits-id RPC-pingset: {0f12f853-58af-4cbd-8858-0
RPCPinging proxyserver mail-bxl-a.be.bvdep.net met Echo Request Packet
Beleid Automatisch aanmelden instellen op hoog
WinHttpSetCredentials voor doelserver aangeroepen
Fout 87 : De parameter is onjuist.
geretourneerd in WinHttpSetCredentials
Ping is mislukt (ping failed)
I think you are right, It seems that the RPC connection is made inside the tunnel (I have to verify the routing config to be sure) and not directly to the internet...
Do you know the second test failed(with the -E -R arguments)?
Thanks,
Javier
test.jpg