Discussions

Exchange over VPN too many MAPI connections server 2003 not close TCPsessio

Tags:
+
0 Votes
Locked

Exchange over VPN too many MAPI connections server 2003 not close TCPsessio

shady108
Exchange Disconnected over VPN too many MAPI connections
hi , am having problems with outlook over a vpn. It works for a while but then shows disconnected. I have found out its because exchange 2003 limits you to 32 mapi connections, and when this user connects ove rthe VPN the connections arent being closed when they log off. This doesnt happen to people who work in the office. Is there a reaosn these connections arent being closed when the VPN session ends? users are connecting over the VPN using a Netgear SSL-312 portal connection. thanks !!


done a bit more investigating, can see its a tcpip problem.... each time the vpn user connect hes assigned a new ip address to connect to the exchange server, but when he disconnects from vpn the exchange server isnt closing the tcpip connection .... is there a way to force this to close the connections?
  • +
    0 Votes
    pwebb

    I've had this problem as well with a few of my clients that use VPN on a regular to heavy basis. One of our engineers suggested this fix, which worked for me: Restart the Exchange Information Store service on the Exchange server. This will reset the MAPI connections that Exchange knows about and will allow them to connect.

    In addition, it's generally a good idea to have servers reboot on a monthly or weekly basis. For most of our clients a scheduled reboot on Sunday mornings around 5:00am does a world of good, and it will also reset the MAPI connections on the Exchange server.

    Hope this helps!

    +
    0 Votes
    wicklewamb

    After many long hours of testing we think we have established the cause to this problem which there is a temporary fix.

    The problem?

    Laptop machines were intermittently ?freezing? for approximately 40 ? 60 seconds which meant new connections being established on each occasion. Once 32 concurrent MAPI connections had occurred, Exchange would put the users Outlook to a disconnected state. We have seen the problem self rectify after 2 hours which we now know is because of the Exchange ?keepalivetime? being set to drop old sessions after this time.

    We could also drop connections manually via TCPview and Currports programs but this wouldn?t prevent the problem reoccurring. Strangely, statically assigning DNS to the client would sometimes stop the machine from further hangs ? something I personally found very unusual and have never seen before!

    Other issues included disconnecting from Oracle and Optiva applications.

    The cause?
    This hasn?t been an easy find and after trying many different tests we suspect the Checkpoint R60 client to be the culprit. Something seems to happen within the Checkpoint client which, when a machine changes subnets, it doesn?t like the changes on its IP stack thus causing the freezing and disconnects. Machines which remain with the same IP address never encounter the problem, only when a new IP is released to the client ? we have also seen instances with laptops not changing subnets but DHCP release expiring and a different IP address being assigned (user returning from holidays for example or travelling between sites).

    The Solution?
    If you uninstall SecuRemote, or unbind SecuRemote from the NIC's IP stack, the problems seem to disappear. I?m hoping there is a patch for this issue, but in the mean time, if you encounter the above mentioned issues you can unbind the SecuRemote by accessing the NIC?s LAN properties and deselecting Check Point SecuRemote followed by restarting the machine.

    The downside to this would be the R60 is no longer an option until a suitable patch is found...

    Hope this works for you!

  • +
    0 Votes
    pwebb

    I've had this problem as well with a few of my clients that use VPN on a regular to heavy basis. One of our engineers suggested this fix, which worked for me: Restart the Exchange Information Store service on the Exchange server. This will reset the MAPI connections that Exchange knows about and will allow them to connect.

    In addition, it's generally a good idea to have servers reboot on a monthly or weekly basis. For most of our clients a scheduled reboot on Sunday mornings around 5:00am does a world of good, and it will also reset the MAPI connections on the Exchange server.

    Hope this helps!

    +
    0 Votes
    wicklewamb

    After many long hours of testing we think we have established the cause to this problem which there is a temporary fix.

    The problem?

    Laptop machines were intermittently ?freezing? for approximately 40 ? 60 seconds which meant new connections being established on each occasion. Once 32 concurrent MAPI connections had occurred, Exchange would put the users Outlook to a disconnected state. We have seen the problem self rectify after 2 hours which we now know is because of the Exchange ?keepalivetime? being set to drop old sessions after this time.

    We could also drop connections manually via TCPview and Currports programs but this wouldn?t prevent the problem reoccurring. Strangely, statically assigning DNS to the client would sometimes stop the machine from further hangs ? something I personally found very unusual and have never seen before!

    Other issues included disconnecting from Oracle and Optiva applications.

    The cause?
    This hasn?t been an easy find and after trying many different tests we suspect the Checkpoint R60 client to be the culprit. Something seems to happen within the Checkpoint client which, when a machine changes subnets, it doesn?t like the changes on its IP stack thus causing the freezing and disconnects. Machines which remain with the same IP address never encounter the problem, only when a new IP is released to the client ? we have also seen instances with laptops not changing subnets but DHCP release expiring and a different IP address being assigned (user returning from holidays for example or travelling between sites).

    The Solution?
    If you uninstall SecuRemote, or unbind SecuRemote from the NIC's IP stack, the problems seem to disappear. I?m hoping there is a patch for this issue, but in the mean time, if you encounter the above mentioned issues you can unbind the SecuRemote by accessing the NIC?s LAN properties and deselecting Check Point SecuRemote followed by restarting the machine.

    The downside to this would be the R60 is no longer an option until a suitable patch is found...

    Hope this works for you!