Jiannystein
asked on
Peculiar IBM Lotus Notes / Cisco VPN Issue
Dear all experts,
I am lost in this issue that recently happened on my company:
The staffs in my company are using Notes client, we are connected to our Domino server locally and we access few database that are located in 2 remote servers sitting side-by-side (GCM02 and GCM03).
Since yesterday, we cannot access only GCM02, Notes just freeze and hang after we choose any databases in GCM02.
I am able to ping the GCM02 via cmd prompt, trace GCM02 via Notes client Trace function and telnet GCM02.
After some exhaustive observation and diagnosis, we managed to fix this issue by installing a third party software, 'Cisco Systems VPN Client 5.0.07.0410', without any configuration after installation [1].
I conlude the following:
1) Laptop can only access GCM02 server after reinstall the VPN client
2) Laptop can still access other Domino servers in the network (in particularly GCM03)
3) Laptop cannot access GCM02 regardless of the version of Lotus Notes being used
4) Using different IDs to access GCM02 after installation [1] had no issues accessing
5) Reinstalling Lotus Notes will not solve this issue
On problematic laptop (before installing VPN), Wireshark showed that client received ACK packets twice, but such reading doesn't show on non issue laptop:
Please let me know if you need these as I can't attach them here:
> Both PSR recordings on before and after installing VPN client.
> Both registry files that I exported before and after installing VPN client.
> Cisco VPN installer that I used as workaround
I hope to hear good news from fellow experts here, thanks and have a nice day.
-Stephen
I am lost in this issue that recently happened on my company:
The staffs in my company are using Notes client, we are connected to our Domino server locally and we access few database that are located in 2 remote servers sitting side-by-side (GCM02 and GCM03).
Since yesterday, we cannot access only GCM02, Notes just freeze and hang after we choose any databases in GCM02.
I am able to ping the GCM02 via cmd prompt, trace GCM02 via Notes client Trace function and telnet GCM02.
After some exhaustive observation and diagnosis, we managed to fix this issue by installing a third party software, 'Cisco Systems VPN Client 5.0.07.0410', without any configuration after installation [1].
I conlude the following:
1) Laptop can only access GCM02 server after reinstall the VPN client
2) Laptop can still access other Domino servers in the network (in particularly GCM03)
3) Laptop cannot access GCM02 regardless of the version of Lotus Notes being used
4) Using different IDs to access GCM02 after installation [1] had no issues accessing
5) Reinstalling Lotus Notes will not solve this issue
On problematic laptop (before installing VPN), Wireshark showed that client received ACK packets twice, but such reading doesn't show on non issue laptop:
Please let me know if you need these as I can't attach them here:
> Both PSR recordings on before and after installing VPN client.
> Both registry files that I exported before and after installing VPN client.
> Cisco VPN installer that I used as workaround
I hope to hear good news from fellow experts here, thanks and have a nice day.
-Stephen
ASKER
Hi sjef_bosman,
Checked, there was a symantec endpoint update on the night before so I tried installing Notes on a fresh installed Windows 7, Notes freezes even using Ctrl+O or accesing 02 db via Workspace.
I believe there's no issue on network side, as we are able to ping the server as I mentioned earlier.
In Domino Admin Client, I can only see my local server and its cluster within my domain. Using File Open on Domino Admin Client was the same, freezes and hang - manually created the nsd log for this as attached nsd-W32I-USER-PC-2013-06-28-16-5.log
Not sure if this helps..
Update:
Manage to reproduce the problem by uninstalling and reinstalling the network drivers
I have to uninstall and reinstall the VPN client (w/ system restart) in order for Notes to open GCM02 again.
Weird, no issues on GCM03, it can be accessed with or without VPN.
Checked, there was a symantec endpoint update on the night before so I tried installing Notes on a fresh installed Windows 7, Notes freezes even using Ctrl+O or accesing 02 db via Workspace.
I believe there's no issue on network side, as we are able to ping the server as I mentioned earlier.
In Domino Admin Client, I can only see my local server and its cluster within my domain. Using File Open on Domino Admin Client was the same, freezes and hang - manually created the nsd log for this as attached nsd-W32I-USER-PC-2013-06-28-16-5.log
Not sure if this helps..
Update:
Manage to reproduce the problem by uninstalling and reinstalling the network drivers
I have to uninstall and reinstall the VPN client (w/ system restart) in order for Notes to open GCM02 again.
Weird, no issues on GCM03, it can be accessed with or without VPN.
This smells like admins playing with policies and firewall settings
Can you upgrade to R8.5.3, at least one client ? R8.5.1 is rather buggy.
Hi there ,,,
Firstly I would like to ask you to access one of the databases of the GCM02 using Inotes Web access and check if it wil work or not ...
Secondly, Could you create a " Server Connection Document" on lotus notes client of one of the troubling laptops
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.notes85.help.doc%2Flocacc_create_edit_conn_t.html
Then try to access any database of GCM02
Best Wishes
Firstly I would like to ask you to access one of the databases of the GCM02 using Inotes Web access and check if it wil work or not ...
Secondly, Could you create a " Server Connection Document" on lotus notes client of one of the troubling laptops
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.notes85.help.doc%2Flocacc_create_edit_conn_t.html
Then try to access any database of GCM02
Best Wishes
From the nsd you attached, ALL network adapters showed either Status: Disconnected or Unreacheable. => If you have no network connection, you cannot reach the Domino server...
What would also give answers if the VPN client is correctly connecting is opening a copmmand prompt and do a 'route print'. Perform that on both a working laptop and a faulty one, and compare. The faulty one is probably missing the routes to the network containing the GCM02...
What would also give answers if the VPN client is correctly connecting is opening a copmmand prompt and do a 'route print'. Perform that on both a working laptop and a faulty one, and compare. The faulty one is probably missing the routes to the network containing the GCM02...
ASKER
Hi larsberntrop,
On my side, nothing was done on the firewall and GCM side verbally claimed that they didn't do anything to their side as well while me and my team are cracking our heads on this.
Hi sjef_bosman,
I have only tried up to 8.5.2 FP4 and face similar problem. I have requested my vendor for the 8.5.3 installer, to see if all these are caused by a bug.
Btw, is there any where I can get it online? Couldn't find it on Passport advantage site.
Hi akhafaf,
I have iNotes but I am not sure how to access GCM02 databases with it.
I have created the server document in problematic client but the problem persists.
Hi larsberntrop,
Thanks for your response. Did a 'tracert' and noticed that the latency of problematic laptop is double or more (avg 450ms) than the non issue one (avg 198ms) but they both worked.
On my side, nothing was done on the firewall and GCM side verbally claimed that they didn't do anything to their side as well while me and my team are cracking our heads on this.
Hi sjef_bosman,
I have only tried up to 8.5.2 FP4 and face similar problem. I have requested my vendor for the 8.5.3 installer, to see if all these are caused by a bug.
Btw, is there any where I can get it online? Couldn't find it on Passport advantage site.
Hi akhafaf,
I have iNotes but I am not sure how to access GCM02 databases with it.
I have created the server document in problematic client but the problem persists.
Hi larsberntrop,
Thanks for your response. Did a 'tracert' and noticed that the latency of problematic laptop is double or more (avg 450ms) than the non issue one (avg 198ms) but they both worked.
Ok ,,, on the problematic client lap top could you ,,, telnet GCM02 1352
In order to access Inotes just access the Internet Explorer and type GCM02 in the address then you will be redirected to access it
"If you are able to access GCM02 on the IBM Administrator just check if there is a "redirecting database" on it or if you can create it .
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_CREATING_A_DATABASE_REDIRECT_FILE_STEPS.html "
I hope This Helps
In order to access Inotes just access the Internet Explorer and type GCM02 in the address then you will be redirected to access it
"If you are able to access GCM02 on the IBM Administrator just check if there is a "redirecting database" on it or if you can create it .
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_CREATING_A_DATABASE_REDIRECT_FILE_STEPS.html "
I hope This Helps
ASKER
Hi akhafaf,
Yes I'm able to telnet into GCM02 and trace it via Notes.
However, upon Ctrl+O or double clicking any its database, the Notes Client just hang.
There's not much to see in the conf as GCM02 is managed by the admin there and we are connected to both GCM02 and GCM03 via point-to-point VPN.
Yes I'm able to telnet into GCM02 and trace it via Notes.
However, upon Ctrl+O or double clicking any its database, the Notes Client just hang.
There's not much to see in the conf as GCM02 is managed by the admin there and we are connected to both GCM02 and GCM03 via point-to-point VPN.
Ok ,, As I understood from what you mentioned above is that some laptops connect and some dont ... However,, did you check if there is any common thing between all these laptops ?
e.g. NICs , IPaddresses Subnets , or could be a common Networking router or Switch , RAM CPU.
I hope this helps .
e.g. NICs , IPaddresses Subnets , or could be a common Networking router or Switch , RAM CPU.
I hope this helps .
ASKER
Those that are able to connect, have that Cisco VPN client installed; and those problematic one, either I uninstalled their network drivers or VPN is not installed/reinstalled after network drivers being reinstalled.
My company environment is wireless based and the APs are standardized.
The only common thing I can think of is the VPN Client.
My company environment is wireless based and the APs are standardized.
The only common thing I can think of is the VPN Client.
Statement: Notes itself does not hang. Never. It may crash, it may show errors, but it does not hang.
Hence my hypothesis: it's the network somehow, and a faulty driver is part of the communication (network).
There is a debug parameter in notes.ini that you can set, to analyse the NRPC network traffic. See http://gcc.uni-paderborn.de/WWW/WI/WI2/wi2_lit.nsf/KPoolThemes/52D563F0AE630424C1256A630026FA27?OpenDocument
Did you check if there are upgrades available on the VPN client?
Hence my hypothesis: it's the network somehow, and a faulty driver is part of the communication (network).
There is a debug parameter in notes.ini that you can set, to analyse the NRPC network traffic. See http://gcc.uni-paderborn.de/WWW/WI/WI2/wi2_lit.nsf/KPoolThemes/52D563F0AE630424C1256A630026FA27?OpenDocument
Did you check if there are upgrades available on the VPN client?
@sjef_bosman ,,, this is what I was up to in my last two comments there is no issue with Lotus Domino it is either a network issue or could be a certain issue with these laptops ...
have you compared a 'route print' from both a defective laptop and a working one?
what are the differences?
what are the differences?
Looking at the log you posted it says you do not have a cross certificate to server 02 !!
Port trace only checks for port connectivity not authentication.
Is it possible the I'd on server has expired or got changed for some reason.
From the server that is working other side of router, go to console and do a trace to server name and then try repl to server as it may show additional error info.
Also check cross certificate if servers are in different domain to your user Id
Port trace only checks for port connectivity not authentication.
Is it possible the I'd on server has expired or got changed for some reason.
From the server that is working other side of router, go to console and do a trace to server name and then try repl to server as it may show additional error info.
Also check cross certificate if servers are in different domain to your user Id
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This might help: http://www.dslreports.com/tweaks/MTU
There are some URLs which have ome similar issues,,,
http://www.freetechie.com/blog/lotus-notes-error-network-operation-did-not-complete-in-a-reasonable-amount-of-time-resolution/
http://www-10.lotus.com/ldd/nd85forum.nsf/DateAllFlatWeb/f6e6fae75d9e1e6e85257752004b7677?OpenDocument
http://www-01.ibm.com/support/docview.wss?uid=swg21086718
I hope they help
http://www.freetechie.com/blog/lotus-notes-error-network-operation-did-not-complete-in-a-reasonable-amount-of-time-resolution/
http://www-10.lotus.com/ldd/nd85forum.nsf/DateAllFlatWeb/f6e6fae75d9e1e6e85257752004b7677?OpenDocument
http://www-01.ibm.com/support/docview.wss?uid=swg21086718
I hope they help
the strange thing about some VPN solutions is that the vpn stuff is hacked onto the packet, and the MTU size needs to be adhjusted so th packets plus VPN overhead fit into the MTU further downstream.
So yes, I've seen it before.
Also like you, I scratch my head at the oddity that you need to manage MTU by hand to get a working connection. My suggestion: try to switch to another VPN solution not implemented by monkeys.
So yes, I've seen it before.
Also like you, I scratch my head at the oddity that you need to manage MTU by hand to get a working connection. My suggestion: try to switch to another VPN solution not implemented by monkeys.
I assume that, since the connection problems are so wide-spread, it has nothing to do with Lotus Notes itself, unless you somehow blocked port 1352 (the Notes port). But you say that you can trace the 02 server from a Notes client? If the Trace works (using File/Preferences..., Notes Ports, Trace), what happens when you try to open the server, using File/Open/Lotus Notes Application (or Ctrl-O) on the 02 server?
I assume it's a network configuration problem, e.g. there is an IP address conflict or so. Can people from other company locations still access the 02 server?
Did you try to access the 02 server using the Domino Admin client?
Did you try to increase the Port TCP/IP delay settings, in the Preferences?