Hi I have a problem whereby all users in all remote branches are unable to login to outlook. Outlook says exchange is unavailable. Branch offices connect via a VPN and there is no firewall between them, all ports are open. All users in my head office (same location as exchange) are unaffected. From the remote PCs, I can telnet to the exchange server on ports 443 and 25 and from exchange I can telnet back to the PCs on port 135 as well as the ports outlook uses at random, something like 46000-60000. I can ping the exchange server from the PCs. I can telnet to both the DCs on LDAP 3389. I can open the autodiscover webpage and successfully get message 600. From both the DCs, I can telnet and ping the remote PCs and also to exchange. I have noticed in the Connection Status tool of outlook, that Outlook says connecting to both the global catalog and the exchange server. If I use the DS Access registry key to force outlook to use my global catalog that holds the FSMO roles, it at least establishes a connection to that but exchange remains on status as connecting. The autodiscovery tool works also and is successful after I make the logonserver the main global catalog server. I have tried restarting all the servers (2 DCs and 1 exchange 2007 server) in all different sequences and still no luck. I have verified the certs are correct on exchange. I have also verified the autodiscovery service to be working successfully via powershell. No clear error messages appear in the exchange evert logs to explain the issue. OWA is fine also, both internall and externally as well as from the affected PCs. The last thing is if I try to recreate a mail profile and press the 'Check Name' button, it hangs and eventually times out. If I put the DC name in the exchange server field, it resolves correctly. Has anyone encountered anything like this before? Thanks in advance

You have a network problem, either name resolution or a firewall or something like that. By default for the "random" port, Outook uses TCP 1024-65535. If you configure Outlook Anywhere, then they'll just use TCP 443. Maybe that's the best answer for you.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."