ISA 2004 VPN user can not access Exchange server once connected.

By alan.atkins ·
I really hope someone has seen the problem I am about to describe before because I am at my wits end. A couple of weeks ago I had to upgrade a box that ran AD, Exchange 2000, ISA 2000, and Server 2000 that was left over by the previous admin. I know it's a horrible practice which is why I was upgrading and migrating. Long story short I had to move ISA to a new serve r so I just put ISA 2004 on it. I upgrade the Exchange 2000 and server 2000 to Exchange 2003 and Server 2003 on the original "all in one" box. I have one external NIC facing the internet, and one internal NIC to connect to internal servers. I have all web publishing, ftp, and Exchange publishing rules working inside the network. My problem is that all of the sudden once laptop users connect to the VPN outside of the network they cannot connect Exchange through Outlook anymore. As I said I have created all the necessary rules that are working properly. I even have a domain controller that runs an Antivirus database and pushes updates out to clients, and when a VPN user gets connected it finds the DC virus updater and connects with no problems. It is uses some crazy property port. Mapped drives, and all other resources are available, but Outlook just stays disconnected from Exchange. I can create a new mail profile on my home machine, and the name resolves when setting my domain email account so I know it connects to some extent to Exchange. It will even start updating my newly created mail profile from Exchange. However current laptop VPN users who use it to connect o mail stores can not get connected. I have gotten some outside help consulting help, and I am still stuck. I could go ahead and set up OWA, but I just feel that will only compound the problem because something that should already be working is not. I believe that OWA set up may be futile until I can get this problem resolved. Please anybody that has ran into this problem before can you give me some things to look at as I am stuck without my Sales VPN users being able to connect their Exchange.

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

IP of Exchange Server

by retro77 In reply to ISA 2004 VPN user can not ...

Did the IP address of the exchange server or the name change? If the name changed, then the profiles have to be recreated. There are software solutions out there, but it seems you ahve to buy them.

Collapse -

No changes to IP or DNS name

by alan.atkins In reply to IP of Exchange Server

The IP and the name of the server for Exchange did not change. The biggest change was that I set up ISA 2004 from scratch on a new server, and then disabled the ISA 2000 server manager on the old box ( I wanted to keep it in tact just in case). However I cannot go back to the ISA 2000 configuration because while Microsoft has patch for ISA 2000 to run a 2003 server, it will not work for what our support staff of our software need. RDP connections kept dropping constantly when running ISA 20000 on the 2003 server even with the MS patch. So I had to scramble to set up ISA 2004 quickly so the Support staff could remote in and support our software on client machines. It does however no longer have the external IP or NIC enabled from when ISA 2000 was running on it. What?s stranger is that nslookups resolve from anywhere on the network, but ISA cannot ping the Exchange box. I am not sure if it could before as I said everything was on one box and there was no need to ping from ISA to Exchange because the services reside all on one connection... There has to be something I am missing, but I have no idea what. Like I said everything else internally, and through the VPN for that matter, work with no issues. I am stumped and have no answers.

Collapse -

I think

by retro77 In reply to No changes to IP or DNS n ...

Even if the name and IP didnt change on the Exchange server, I think you still have to recreate the Outlook profiles. Also did the AD accounts have to be created from scratch on the new DC? You may have a permissions issue. I would call those laptops into the office to have them rejoin the domain again and recreate the Outlook profiles.

Collapse -

just creating mail profiles in XP

by alan.atkins In reply to I think

Actually I meant the mail profiles created on the XP machines. I am crating a new mail profile to test VPN connections to Exchange from my home PC. It does connect when I set up the initial mail box to Exchange while connected to the VPN, but it is very flakey. I am rating my own profile with the email store of my email at work. I am using cached Exchange mode from the PC, and when it tries to retrieve the inbox settings it at least connects. But again it is very flakey. I don?t have a new DC, the Exchange server was just upgraded to 2003 with AD on it. I actually have two 2003 DC's that run the 5 FSMO roles already. So no I did not have to re-create any users in Active Directory. Also as long as the users are on the physical network there are no connection issues to Exchange.

Collapse -

so you think creating the mail profile on the laptops

by alan.atkins In reply to I think

So you think creating the mail profile over again on the laptops could resolve it. Anything is worth a shot, but it may be risky in the situation I am in now at home. If I re-create the mail profile from my laptop while connected to the VPN I could risk losing my mail store until I get back in the office if it can not connect to Exchange. I am using my own laptop to simulate the situation with my Sales VPN users. I am basically doing everything they were accustomed to. I log on laptop under cached domain log on, connect to work VPN, and then open Exchange. It just does not connect at all. It may be worth a shot though as I have tried everything.

Collapse -

Think about the problem.....

by CG IT In reply to so you think creating the ...

VPN is remote access where you connect to the network and obtain a LAN address [or you should get a LAN address]. Once the connection is made and you have a LAN address through RRAS, you computer is like any other computer on the LAN network. Only difference is traffic traverses the VPN tunnel between your computer and the LAN network.

Exchange in an active directory environment will only work with domain accounts so how Outlook is setup on the mobile laptops is probably where the problem is.

you might try having users be members of the mobile user security group [mobile user template].

ISA Server isn't the problem if you can make a VPN connection.

Collapse -

O.K. let's rule out ISA

by alan.atkins In reply to Think about the problem.. ...

Good point. Do you think it could possibly be a DHCP issue when giving out VPN users an addy? I only ask because that is the only thing I could think between the VPN users and Exchange. All the other services work for VPN users, just not Exchange and Outlook. I created a new mail profile (when I mean ?I created a new profile? I mean ANOTHER mail profile with my email account, and then try to connect to Exchange to retrieve the cached info) and when pointing to the Exchange server the FQDN resolves as well as my user name resolves to the full name. (Ex. aatkins => Alan Atkins) I know there has to be some sort of initial connection for that to happen. However when I open that new mail profile it will not connect to Exchange to retrieve the cached info. Even if I put the internal IP of the Exchange server, the server name resolves itself. So I guess you are right in that ISA may not be the issue. I just have no idea what.

Collapse -

have you tried Send/Receive

by CG IT In reply to O.K. let's rule out ISA

Cache mode of course caches until requested and sometimes mail clients even on computers on the LAN will not prompt for Exchange to do a Send/Receive. It will show "Off Line" in the lower right corner of Outlook. If you click on the send/receive button in the menu bar, your forcing Outlook to make a connection to Exchange.

Try that see what happens. If you can't force a send/receive from the mail client to Exchange, then there's more going on.

Collapse -

"send/receive" will conect user to Exchange

by alan.atkins In reply to O.K. let's rule out ISA

Yes I have used "Send/Receive" several times trying to coonect. It never does. Yes there is more going on, and apparenaly a lot more than I can figure out. I am cluelss and stuck. If anyone knows of ay outsourced network troubleshooting companies please let ne know. Teh one I havefound and havebeen using has ot been able to resole this issue yet. Thank you all for your suggestions.

Collapse -

have you tried what in these MS KB articles

by CG IT In reply to ISA 2004 VPN user can not ...

the other place to go is

Back to Networks Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums