Exchange 2003, Outlook 2003, VPN Connection Issues

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: beth.stover@xxxxxxxxx
• Date: 23 May 2007 11:00:47 -0700

---

Hi All,

I've seen a lot of posts regarding Outlook through VPN, but I didn't
see any that address my issue specifically. My apologies if this has
already been discussed.

My environment:

I have one Exchange 2003 SP3 server in a main office. It runs on
Windows 2003 Server Standard Edition SP1. We have 275 users total.
30 of these users are in a remote office 500 miles away. We have 2
T1's at the main office and 1 T1 at the remote site. We use Netscreen
208's at the main office and a Netscreen GT at the remote site. The
two sites are connected via a VPN using the Netscreen Hardware, so
there are no VPN clients being used. The VPN is open, so there are no
port restrictions involved. All clients (XP) at the remote site are
members of the domain. All servers and clients are fully patched to-
date. The users in the remote site have Outlook 2003 installed on
their desktops. We are not using cached mode for Outlook 2003. There
is a DNS server in the main site. The clients in the remote site use
this DNS server through the VPN. There are no DNS issues -- clients
in the remote site can ping all resources including the Exchange
server in the main site by FQDN. Connectivity for all resources seems
fine from the remote site to the main site through the VPN -- ping,
tracert, DNS, domain authentication, etc. All T1's have been tested
and are functioning as expected. The T1 in the remote site
experiences 80% usage -- typically for 1 hour in the morning and 1
hour in the afternoon. Other than that, usage is @ 15%. I've
confirmed the MTU settings are default on the client, Netscreens and
the routers.

The problem:

Intermittently, the users in the remote office cannot connect to the
Exchange server using Outlook from their desktops. In some cases,
Outlook "hangs" and cannot connect and there is no error. Other
times, the users cannot connect and they get a pop-up message in
Outlook, "Exchange server is unavailable." In each case, a reboot of
the client usually resolves this problem. The problem is happening
almost every day for one or two users, but different users are
affected each time. (It's not always the same users). When the
problems happen, bandwidth usage is at a reasonable level, the clients
can ping the Exchange Server using FQDN, and other traffic is not
affected. Most often, Outlook works fine in this configuration, so I
know everything is configured properly for basic connectivity. I have
checked the Exchange server, and there are no problems reported on the
server when the problem occurs.

Also, I have 2 other remote sites connected in the same way -- using
Netscreen GT, T1, DNS at main site, and Outlook from desktop. One
site is 1000 miles away (10 users). The other site is 3000 miles away
(15 users). The two other remote sites do not experience connection
problems to Exchange.

We have given the users the option of using OWA or connecting via
Terminal Server, but they really, really want to use Outlook from
their desktops. We opted not to use RPC over HTTP because of security
concerns, so that's not an option here.

I've contacted the vendor for the T1 in the remote site several times,
and they assure me that the pipe is working as epxected.

Can anyone give me some ideas on how to troubleshoot this problem with
the one remote location with 30 users? I'm not looking to change how
the users connect, as we have given them other options. What I really
need to figure out is how to resolve the problems with Outlook on the
desktop through a VPN not connecting.

Thanks in advance.

.

---

• Follow-Ups:
  • Re: Exchange 2003, Outlook 2003, VPN Connection Issues
    • From: John Oliver, Jr. [MVP]

• Prev by Date: Re: Need help with SPF DNS Issue. Undeliverable Mail smtp:550 MI:SPF
• Next by Date: Re: Need help with SPF DNS Issue. Undeliverable Mail smtp:550 MI:SPF
• Previous by thread: config outlook anywhere 2007, ssl help. how to create self signed cert like in 2003
• Next by thread: Re: Exchange 2003, Outlook 2003, VPN Connection Issues
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Cant connect to Outlook over the web without the VPN ... VPN method since all the traffic is transferred through a virtual VPN ... Can I assume that you haven't enabled the RPC over HTTPS on the SBS Server? ... reconfigure the remote Outlook client. ... (microsoft.public.windows.server.sbs) Re: Security question re- VPN clients on wireless networks ... Vpn's are only as secure as the remote site. ... trojan/virus etc it could get to the server via the VPN. ... is fairly safe and a little faster than running it though a VPN. ... (microsoft.public.windows.server.sbs) Re: Vista VPN issues ... I can resolve the name from a command prompt and the IP address in the server ... PC's fine via a VPN with either Outlook 2007 or Outlook 2003. ... I don't currently have a Vista box running Office 2007, ... (microsoft.public.windows.server.sbs) Re: OL2007B2 - Cannot Connect To Exchange Through VPN ... VPN to an Exchange server on the same network as an Outlook 2007B2 client ... the VPN connection is on another non-routable subnet. ... (microsoft.public.outlook.installation) Re: Negative caching ... Server of Windows 2008? ... resolve local addresses in the remote site I have set up Conditional ... Problem arises when the VPN tunnel is down, where my DNS server is unable ... (microsoft.public.windows.server.dns)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.admin  > 2007-05