Questions

Exchange 2003 not working over VPN

+
0 Votes
Locked

Exchange 2003 not working over VPN

fritz
Hi

My client is using Server 2003 with Exchange 2003, LAN access to Exchange works fine. However when connected via VPN Exchange is unable to connect.

What can I do to fix this?
+
0 Votes
shady108

we are doing the same mine works fine though :)

can you ping the exchange server from the vpn i.e externally by name??? if not does it work by IP?? may be a simple DNS issue

+
0 Votes
fritz

He Shady

I thought that might be a problem, then I manually added the IP with server name to the lmhost and hosts file. So I can ping the sever by name or IP.
But I am starting to think it is a DNS issue...I need to do some research on re-setting up DNS.
If you have any site's or ideas please let me know.

Thanx :-)

+
0 Votes

:)

shady108

are you also assigning the vpn users a new ip when they connect?

I.e

my network is setup like this

firewall/router 10.10.0.1

VPN 10.10.0.2

EXCHANGE 10.10.1.5
AD 10.10.1.1

when users connect the vpn assigns them an ip such as 192.168.1.100 this is what yours must also do, the ip must be completly different to whats on the network.

forwarding -

you also need to make sure the wan port they come in on is forwarding VPN traffic to the right place and on the correct subnet

+
0 Votes
shady108

what hardware are you using? we have a netgear SSL-312 so all VPN traffic connects through https which was very easy to set up a forwarding rule for

+
0 Votes
fritz

I'm using a cisco 800 series router doing the forwarding...not so easy but works well :-)

+
0 Votes

:-)

fritz

Hey Shady

I got them on a different IP address eg. 192.168.1.1 (LAN) 192.168.1.54 (RRAS VPN)

I never heard about different IP ranges, maybe I can give that a try and set it up in RRAS so when VPN clients come in they get a 192.168.2.* address and see if that works.

Yeah the port forwarding is working as when they VPN in it's the DC running server 2003, from there they connect to Exchange 2003.

Thanx again

+
0 Votes
Dumphrey

with a user. I ha dno problems logging in to the vpn and checking my email with Outlook, but another member of our company kept getting errors. As it turns out, his router was giving out the same subnet info as our DHCP server. Example. We are on a 192.168.1.X/24 network at work, his home router was also using a 192.168.1.x/24 network. So his coumputer was trying to send traffic for the VPN out his NORMAL interface and not the VPN interface. The easiest solution was to change his router dhcp setup to a different network. Now he gets his email happy as a clam.
Another thing to check is if they have a firewall client on their local box, and when they connect to the vpn, are they getting the right dns info from the dhcp server?

+
0 Votes
shady108

http://whitepapers.silicon.com/0,39024759,60258456p-39000358q,00.htm

take a look at that , you can setup Exchange RPC over https :)

+
0 Votes
fritz

Hey Shady

Looks like DNS is the problem, I just tested it on a fresh install of XP through the VPN and I can't ping server name only IP address...man now it's a long winded process to find the problem in DNS...

Thanx for you help!

+
0 Votes
Dumphrey

800 config to let the client know the ip address of the dns server. Optionaly, add the email server name/ip to the clients hosts file, that should work to give them email only.

+
0 Votes
fritz

Hi Guy's thanx alot for all your advice, I finally figured out what the problem is...
I reloaded DNS on the DC and all computers except the Exchange box registered their IP.

This is a new problem and I have never seen it before, does anyone have any advice?

Thanx :-)

+
0 Votes
Dumphrey

that it may not be checked on the adapter settings. Get tcp/ip properties of the netadapter on the server, click advanced, choose the dns tab, and make sure the "register this adapters addresses in dns" button is checked. If that does not work, a simple ipconfig /registerdns batch file run from scheduled tasks will do the trick. (Had to do this on one gimped 2000 machine until it could be replaced.)

+
0 Votes
fritz

Hey Dumphrey and Shady

Thanx for all your suggestions, it lead me to the problem and solution.
After alot of testing this and that and getting RPC error's, I did a winsock refresh and then it hit me...TCP/IP had to be reinstalled due to corruption...

What a hassle, but if anyone needs to know how to uninstall and reinstall TCP/IP on a server 2003 box, email me and I wil send the document...

So to sum it all up...problem solved!

Thanx all :-)

+
0 Votes
Dumphrey

a nice little winsock fix for XP and I think it works on 2003 as well, I would be a little suprised if it didn't.

But glad your problem is fixed =)