Solved

Exchange 2007 topologie issue

Posted on 2010-09-16
10
551 Views
Last Modified: 2012-05-10
We have a main Microsoft forest with multiple sites around the world.
Each sites are connected to the headquarter in Brussels by VPN tunnelings. In Brussels, we decided to install a few months ago a first exchange 2007 server with 4 roles (Mailboxes server, CAS server, UM server, and hub server) and a second one with the Edge transport server (to filter all Spam).
On each satellite offices, the users are using the microsoft oulook client 2003 / 2007 but configure to use Outlook anywhere (RPC connection through HTTP). We are meeting latency time for these clients to reach the exchange server in Brussels and during the day, by period, the messages are blocked in the outbox a long time (30 minutes). This case is general on all remote offices (with very good Internet connection too) and we suppose that the outlook clients are configured perfectly.
My question is how can I improve this exchange topology? My first idea was to install exchange server too on the remote offices but I would like to leave all mailboxes stored in Brussels (to backup them easily). Do you have better ideas?

I hope I was clear in my explanation with my bad English...

Thanks,
Javier
0
Comment
Question by:Javier Gonzalez
  • 5
  • 5
10 Comments
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33692654
You mentioned

SITEX -> brussels - connected through VPN
SiteX Outlook -> brussels exchange > connected using RPC/HTTPS

Can you go to sitex and try this

nslookup yourdomain.com

ping exchangeservername.local

--
Close outlook
then type
outlook /rpcdaig
Post a screenshot of connections monitor here
--

rpcping form outlook to your exchange server

RPCPing.exe -t ncacn_http -o RpcProxy=fqdn.yourdomain.com -P "testuser,yourdomain,testpassword" -I "testuser,yourdomain,testpassword" -H 1 -u 10 -a connect -F 3 -E -v -3 -R none -q
--

My guess > outlook is trying to use the VPN to connect to brussels, unless you specified separate routing in your Router @ these branch locations to use Internet route when Clients are trying to connect to exchange.

0
 

Author Comment

by:Javier Gonzalez
ID: 33694174
From our site in Amsterdam:


C:\>nslookup bvdep.net
Server:  dc-ams1.bvdep.net
Address:  172.29.139.1

Naam:    bvdep.net
Addresses:  172.29.139.1
          172.28.1.2
          172.29.138.17
          172.28.1.1
          172.29.250.179
          172.29.251.27
          172.29.142.13
          172.29.135.9
          172.28.1.21

-----


C:\>ping mail-bxl-a.be.bvdep.net

Pingen naar mail-bxl-a.be.bvdep.net [172.28.1.170] met 32 bytes aan gegevens:
Antwoord van 172.28.1.170: bytes=32 tijd=25 ms TTL=125
Antwoord van 172.28.1.170: bytes=32 tijd=23 ms TTL=125
Antwoord van 172.28.1.170: bytes=32 tijd=38 ms TTL=125
Antwoord van 172.28.1.170: bytes=32 tijd=23 ms TTL=125

Ping-statistieken voor 172.28.1.170:
    Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
    (0% verlies).

De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
    Minimum = 23ms, Maximum = 38ms, Gemiddelde = 27ms

-----

 See attached files

 

"Tot stand gebracht" means "established"

-----

Without the -E and -R arguments:

C:\>RPCPing.exe -t ncacn_http -o RpcProxy=mail-bxl-a.be.bvdep.net -P "user,bvdep.net,password" -I "user,bvdep.net,password" -H 1 -u 10 -a connect -F 3 -v 3 -q

RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
 Activiteits-id RPC-pingset:  {0abe27c9-787e-41a2-b7a5-586751741995}
 Uitzondering 1722 (0x000006BA)
 Aantal records: 3
 Proces-id is 1372
 Systeemtijd is: 9/16/2010 17:0:19:692
 Genererend onderdeel is 13
 Status is 0x6BA, 1722
 Detectielocatie is 1352
 Vlaggen is 0
 Aantal parameters is 1
 Lange waarde: 0xc002100a
 Proces-id is 1372
 Systeemtijd is: 9/16/2010 17:0:19:692
 Genererend onderdeel is 14
 Status is 0xC002100A, -1073606646
 Detectielocatie is 1380
 Vlaggen is 0
 Aantal parameters is 2
 Lange waarde: 0x2f8f
 Unicode-tekenreeks: /rpc/rpcproxy.dll?HP5750SUPPORTPO.nl.bvdep.net:593
 Proces-id is 1372
 Systeemtijd is: 9/16/2010 17:0:19:692
 Genererend onderdeel is 14
 Status is 0x10000, 65536
 Detectielocatie is 1385
 Vlaggen is 0
 Aantal parameters is 2
 Lange waarde: 0x10
 Binaire waarde: lengte 1627 57068230 3F058230 10203A0 2100202

With the -E and -R arguments:

C:\>RPCPing.exe -t ncacn_http -o RpcProxy=mail-bxl-a.be.bvdep.net -P "user,bvdep.net,password" -I "user,bvdep.net,password" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none -q

RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
 Activiteits-id RPC-pingset:  {0f12f853-58af-4cbd-8858-0d37fb120d4e}
 RPCPinging proxyserver mail-bxl-a.be.bvdep.net met Echo Request Packet
 Beleid Automatisch aanmelden instellen op hoog
 WinHttpSetCredentials voor doelserver aangeroepen
 Fout 87 : De parameter is onjuist.
 geretourneerd in WinHttpSetCredentials
 Ping is mislukt (ping failed)


I think you are right, It seems that the RPC connection is made inside the tunnel (I have to verify the routing config to be sure) and not directly to the internet...

Do you know the second test failed(with the -E -R arguments)?

Thanks,
Javier

test.jpg
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33694797
Can you check with your networking guy to configure a different route for RPC requests.

what is the purpose of VPN ?
you can break the VPN and see if your mail flow is restored - for testing.
0
 

Author Comment

by:Javier Gonzalez
ID: 33694988
I cannot break it because the users are using it as their default gateway.
It's Nortel Contivity 1050.
I know that the guy there, had configured a route for HTTP, HTTPS, FTP, etc for external requests and then avoid that users to cross the tunnel to surf on Internet.
But here in that case I don't know... I'm going to sniff the packet transmission tomorrow just to be sure.

Thanks a lot for your suggestions,
Keep you inform,
Javier
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33695436
I cannot break it because the users are using it as their default gateway.
>> why would users in branch office use the VPN as a default gateway, shouldnt they be getting it from the firewall /router over there or a windows server if they have one ?

maybe you can ask this person to include RPC requests to external too.

Please post back how this goes.
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:Javier Gonzalez
ID: 33695583
The VPN routers in the branch offices are acting likes a firewall too that's why. I have to verify the rules with my colleague there to be sure that RPC requests are routed to the net too.

Don't worry, I'll keep you inform.

Javier
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33695601
Thanks javier
0
 

Author Comment

by:Javier Gonzalez
ID: 33717101
Hi Sunnyc7,

Just a little message to give you a feedback.
Indeed all RPC traffic is passing through the tunnel, I asked to create a new route to force the redirection directly to the net. I'm waiting now a report from the users in Amsterdam if that issue has disappeared.
Keep you in touch,
0
 

Author Closing Comment

by:Javier Gonzalez
ID: 33743907
Hi Sunnyc7,

As promised, I'm back to give you my feedback.
We forced the RPC (HTTPS) connections to outside (creating a new route into the router) and the latency time simply disappear!
Thanks a million man, for your quick intervention and good solution!!

Javier
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33743961
Javier. you are welcome.
Glad to be of help.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now