Avatar of computer_says_no
computer_says_no
 asked on

Problems connecting to Exchange over VPN

hello experts,

I have rather a strange problem in that one of our remote sites (connected via Watchguard Site to Site VPN) are not able to connect to Exchange.  Everything is fine apart from the Exchange connection so files, printing web etc are all fine.  When the same laptops travel to our other sites they are fine???  And they can connect at home via PPTP.  Incidentally, one of the members of staff rebooted (on Win 7) and then recieved a different problem and we had to rejoin.  Although this action was successfully completed.....still no Outlook!!  HELP!!

thanks!

computersaysno
SBSExchange

Avatar of undefined
Last Comment
ReneGe

8/22/2022 - Mon
SOLUTION
Massimiliano Loi

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
setasoujiro

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
computer_says_no

ASKER
Hi,

thanks for the prompt response.

users in the remote office have complete, unrestricted access to the main site where the SBS box is (outgoing allowed, so any going to any).  All was working fine but suddenly there is no access....but only specifically Outlook, everything else is okay? Is there a specific test I can do from the remote site to just double check the right ports are passing traffic in case the box is corrupt?

computersaysno
setasoujiro

i've found that most of these problems are because of dns not being setup properly for the tunnel.
If you want to use resources on the other side, you should use the sbs as dns for the clients in remote office.

Or you could edit the host file for the clients to make them aware of the sbs
Massimiliano Loi

also could you tell us if you've setup an incoming rule also? vpn users at remote office should have an "any-to-any" rule both for incoming nor outcoming connection from/to the branchoffice.
Did you setup the vpn connection by hand or by the watchguard system manager wizard?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ReneGe

Also, you talkp about a laptop. Can PCs connect to the exchange server from the remote location?
computer_says_no

ASKER
Okay....thanks for all the comments.

I think I can safely say that network connectivity is fine. I can ping the FQDN of the DC, can telnet to the server on port 25....everything looks.fine.  Not that it's really relevant but users can happily use their webmail using internal URLs here.....and when they go to other remote sites (with identical setups bar the IP network obviously) Outlook simply connects....as it does when they go home and PPTP in??? Here....the status bar in outlook simply says.....NEED PASSWORD but does not accept one?

I have tried setting up new Outlook profiles (just to see if it is a profile corruption) but get stuck at the username/password stage every time despite my being absolutely certain I am using the correct details....whether it be user&password, domain\user&password or user@fqdn&password.....

To me this looks like a server problem....authentication that only affects users when they are at this particular site....

I have done the autoconfig thing...it says

Autoconfiguration has started, this may take a minutes
Autoconfiguration was unable to determine your settings

thanks

computersaysno
ReneGe

Have you disabled the firewall of the laptop?

Can PCs on the remote network connect to the Exchange server?

Can these ports pass through your VPN tunnel?

For the LDAP client to connect to the Exchange Server computer, the ports that need to be configured on the firewall are based purely on the authentication method in use. With Basic authentication, the Exchange Server computer listens on port 389. For SSL authentication, the port that the Exchange Server computer listens on is 636. Microsoft Exchange Server supports LDAP as defined in RFC-1777.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
computer_says_no

ASKER
Hi

Okay, I rebooted a machine (which has been left for me to test) and now although it logs in, I cannot access any network resources without it prompting for username and password, which again, it is not accepting.  I have disabled the firewall and it still does the same thing.

This is no longer an Exchange issue, this is a fundamental problem with authentication but only from this site as the main office and the other remote site are still working fine.  Furthermore if I connect from here (home) I join with no problems accessing resources, it's just this one site....everything points towards the firewall in this remote site but I just can't seem to figure out what?  Or does SBS have individual authentication/license files for computers while they are at different sites which have somehow become corrupt for this particular site?  This is a head wrecker!!!

Thanks

computersaysno
ReneGe

I always setup remote sites with their own D.C.  So I don't know first hand what kind of tweak may be needed when the D.C. is setup at a remote site.

We will need to have a lot more info on your network to continue on this one.  Cause it could be a lot of things.

Do you have a detailed schematic that you can provide us, and that would not compromize your security?

A CHECK LIST:
1-Your VPN tunel is not on a slow link and have an acceptable latency
2-Routing is properly done
3-Please confirm: You only have one SBS server that servs as the only D.C. with all the roles at the main site
4-DNS is properly setup at remote site, to also resolve all A.D. services to the SBS server
5-That firewall does not block any required ports
computer_says_no

ASKER
Thanks, that last comment made me realise that they do have their own DC which appears to be completely out of sync with the rest of the network.  I am bringing it back to base and reloading it, this will surely fix the issue as the networking is all fine and has worked up until a few weeks ago with no recent changes.  The member server DC clearly isn't authenticating properly and is the final piece of the puzzle, really sorry I didn't mention it, just didn't think because I was initially fault finding Exchange.

Thanks for all your help

computersaysno
Your help has saved me hundreds of hours of internet surfing.
fblack61
ReneGe

Glad I could help ;-)