computer_says_no
asked on
Problems connecting to Exchange over VPN
hello experts,
I have rather a strange problem in that one of our remote sites (connected via Watchguard Site to Site VPN) are not able to connect to Exchange. Everything is fine apart from the Exchange connection so files, printing web etc are all fine. When the same laptops travel to our other sites they are fine??? And they can connect at home via PPTP. Incidentally, one of the members of staff rebooted (on Win 7) and then recieved a different problem and we had to rejoin. Although this action was successfully completed.....still no Outlook!! HELP!!
thanks!
computersaysno
I have rather a strange problem in that one of our remote sites (connected via Watchguard Site to Site VPN) are not able to connect to Exchange. Everything is fine apart from the Exchange connection so files, printing web etc are all fine. When the same laptops travel to our other sites they are fine??? And they can connect at home via PPTP. Incidentally, one of the members of staff rebooted (on Win 7) and then recieved a different problem and we had to rejoin. Although this action was successfully completed.....still no Outlook!! HELP!!
thanks!
computersaysno
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i've found that most of these problems are because of dns not being setup properly for the tunnel.
If you want to use resources on the other side, you should use the sbs as dns for the clients in remote office.
Or you could edit the host file for the clients to make them aware of the sbs
If you want to use resources on the other side, you should use the sbs as dns for the clients in remote office.
Or you could edit the host file for the clients to make them aware of the sbs
also could you tell us if you've setup an incoming rule also? vpn users at remote office should have an "any-to-any" rule both for incoming nor outcoming connection from/to the branchoffice.
Did you setup the vpn connection by hand or by the watchguard system manager wizard?
Did you setup the vpn connection by hand or by the watchguard system manager wizard?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, you talkp about a laptop. Can PCs connect to the exchange server from the remote location?
ASKER
Okay....thanks for all the comments.
I think I can safely say that network connectivity is fine. I can ping the FQDN of the DC, can telnet to the server on port 25....everything looks.fine. Not that it's really relevant but users can happily use their webmail using internal URLs here.....and when they go to other remote sites (with identical setups bar the IP network obviously) Outlook simply connects....as it does when they go home and PPTP in??? Here....the status bar in outlook simply says.....NEED PASSWORD but does not accept one?
I have tried setting up new Outlook profiles (just to see if it is a profile corruption) but get stuck at the username/password stage every time despite my being absolutely certain I am using the correct details....whether it be user&password, domain\user&password or user@fqdn&password.....
To me this looks like a server problem....authentication that only affects users when they are at this particular site....
I have done the autoconfig thing...it says
Autoconfiguration has started, this may take a minutes
Autoconfiguration was unable to determine your settings
thanks
computersaysno
I think I can safely say that network connectivity is fine. I can ping the FQDN of the DC, can telnet to the server on port 25....everything looks.fine. Not that it's really relevant but users can happily use their webmail using internal URLs here.....and when they go to other remote sites (with identical setups bar the IP network obviously) Outlook simply connects....as it does when they go home and PPTP in??? Here....the status bar in outlook simply says.....NEED PASSWORD but does not accept one?
I have tried setting up new Outlook profiles (just to see if it is a profile corruption) but get stuck at the username/password stage every time despite my being absolutely certain I am using the correct details....whether it be user&password, domain\user&password or user@fqdn&password.....
To me this looks like a server problem....authentication that only affects users when they are at this particular site....
I have done the autoconfig thing...it says
Autoconfiguration has started, this may take a minutes
Autoconfiguration was unable to determine your settings
thanks
computersaysno
Have you disabled the firewall of the laptop?
Can PCs on the remote network connect to the Exchange server?
Can these ports pass through your VPN tunnel?
For the LDAP client to connect to the Exchange Server computer, the ports that need to be configured on the firewall are based purely on the authentication method in use. With Basic authentication, the Exchange Server computer listens on port 389. For SSL authentication, the port that the Exchange Server computer listens on is 636. Microsoft Exchange Server supports LDAP as defined in RFC-1777.
Can PCs on the remote network connect to the Exchange server?
Can these ports pass through your VPN tunnel?
For the LDAP client to connect to the Exchange Server computer, the ports that need to be configured on the firewall are based purely on the authentication method in use. With Basic authentication, the Exchange Server computer listens on port 389. For SSL authentication, the port that the Exchange Server computer listens on is 636. Microsoft Exchange Server supports LDAP as defined in RFC-1777.
ASKER
Hi
Okay, I rebooted a machine (which has been left for me to test) and now although it logs in, I cannot access any network resources without it prompting for username and password, which again, it is not accepting. I have disabled the firewall and it still does the same thing.
This is no longer an Exchange issue, this is a fundamental problem with authentication but only from this site as the main office and the other remote site are still working fine. Furthermore if I connect from here (home) I join with no problems accessing resources, it's just this one site....everything points towards the firewall in this remote site but I just can't seem to figure out what? Or does SBS have individual authentication/license files for computers while they are at different sites which have somehow become corrupt for this particular site? This is a head wrecker!!!
Thanks
computersaysno
Okay, I rebooted a machine (which has been left for me to test) and now although it logs in, I cannot access any network resources without it prompting for username and password, which again, it is not accepting. I have disabled the firewall and it still does the same thing.
This is no longer an Exchange issue, this is a fundamental problem with authentication but only from this site as the main office and the other remote site are still working fine. Furthermore if I connect from here (home) I join with no problems accessing resources, it's just this one site....everything points towards the firewall in this remote site but I just can't seem to figure out what? Or does SBS have individual authentication/license files for computers while they are at different sites which have somehow become corrupt for this particular site? This is a head wrecker!!!
Thanks
computersaysno
I always setup remote sites with their own D.C. So I don't know first hand what kind of tweak may be needed when the D.C. is setup at a remote site.
We will need to have a lot more info on your network to continue on this one. Cause it could be a lot of things.
Do you have a detailed schematic that you can provide us, and that would not compromize your security?
A CHECK LIST:
1-Your VPN tunel is not on a slow link and have an acceptable latency
2-Routing is properly done
3-Please confirm: You only have one SBS server that servs as the only D.C. with all the roles at the main site
4-DNS is properly setup at remote site, to also resolve all A.D. services to the SBS server
5-That firewall does not block any required ports
We will need to have a lot more info on your network to continue on this one. Cause it could be a lot of things.
Do you have a detailed schematic that you can provide us, and that would not compromize your security?
A CHECK LIST:
1-Your VPN tunel is not on a slow link and have an acceptable latency
2-Routing is properly done
3-Please confirm: You only have one SBS server that servs as the only D.C. with all the roles at the main site
4-DNS is properly setup at remote site, to also resolve all A.D. services to the SBS server
5-That firewall does not block any required ports
ASKER
Thanks, that last comment made me realise that they do have their own DC which appears to be completely out of sync with the rest of the network. I am bringing it back to base and reloading it, this will surely fix the issue as the networking is all fine and has worked up until a few weeks ago with no recent changes. The member server DC clearly isn't authenticating properly and is the final piece of the puzzle, really sorry I didn't mention it, just didn't think because I was initially fault finding Exchange.
Thanks for all your help
computersaysno
Thanks for all your help
computersaysno
Glad I could help ;-)
ASKER
thanks for the prompt response.
users in the remote office have complete, unrestricted access to the main site where the SBS box is (outgoing allowed, so any going to any). All was working fine but suddenly there is no access....but only specifically Outlook, everything else is okay? Is there a specific test I can do from the remote site to just double check the right ports are passing traffic in case the box is corrupt?
computersaysno