VPN client having Exchange Connectivity Issues
Forum
I am working at a client site today. The client has tasked me with resolving an issue with a Remote user whom uses Cisco VPN client to connect to the network.
The issue at hand based on information that the client has discussed with me is as follows:
1. The remote user will launch his Cisco VPN client and it will connect successfully. Once he is through this, he is logged into the Single Domain at the client site, and has his drive mappings.
2. The client will launch Outlook. For some reason, he gets error messages and his emai does not flow. I had placed a sniffer on the client computer and captured the traffic. What i saw in the traffic was an ephemeral port 1127 that
was trying to connect in to the Exchange server.
NOTE: In this customers topology, there is a Front End Exchange Server in our DMZ, and then the Back End Server is inside. So the client in this case WOULD NOT connect to the Front End Server 1st, but rather straight thru the tunnel to the Back
End server.
I ended up opening port 1127 on our inside Firewall so that it could make it in to our Back End server, and this attempt was successful. What I do not understand is why that port was being used, and why it was not changing (it is supposed to be ephemeral).
One thing I cannot have happening is me having to be reactive for this client, and constantly have to change ports on the FW to allow him in.
Please help.
KMNRUserKevin Melton
April 11th, 2011 3:45pm
You don't mention the version of Exchange... excluding Exchange 2010 for a second, MAPI clients connect directly to the Exchange server for mailbox... unless they're connected using RPC/HTTPS in which case they'd connect to a FE potentially over 443..
but 443 <> 1127 so it's likely that he's not using RPC/HTTPS, so connection directly to the mailbox server would be expected.
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2011 3:53pm
Once you are inside the domain & access the resources(successfull drive mapping etc) then there shouldn't be any need to open any additional port(s).
Is this an issue with just one user or more..?
Are you able to ping exchange server in question?
What is typical error message you get when outlook doesn't work?
I would suggest reproducing the problem telneting on port 25 from the VPN client and check the mailflow using telnet and see if that is successfull..Regards, Pushkal MishrA
April 11th, 2011 4:19pm
I agree with your first statement entirely. That is what makes this issue unorthodox.
It is an issue with just one user.
We can ping the exchange server from the client once he is connected.
I am not certain whether the user does get any error message, or whether he just doesnt get mail. I think it is that he cannot connect to Exchange.... (disconnected message). I need to verify this.
I will try telnetting to 25.
thanks PushkalKevin Melton
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2011 4:43pm
Hi KMNR_User,
Any update for your issue?
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
April 12th, 2011 6:03am
No Update yet, Gavin. I will be back onsite at that client tomorrow and will be able to test the recommended solutions then.Kevin Melton
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 9:14am
To test connection using telnet please use this link
http://support.microsoft.com/kb/153119
Also If you see you can successfully submit emails using telnet & OWA(outlook Web Access) works fine then I recommand recreating outlook profile
and see if that makes a different Kevin.
Regards, Pushkal MishrA
April 12th, 2011 11:47am
Hi KMNR_user,
Which version of exchange do you use?
I would not suggest that you use VPN to connect to the exchange server.
Because when we connect to the domain through VPN, and the client would act as a internal client to connect to the exchange server, that means the RPC and MAPI protocols would be used, and they do not using the static port.
Some information for you:
http://support.microsoft.com/kb/270836
http://technet.microsoft.com/en-us/library/bb331973.aspx
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 10:32pm
thanks for the response. Kevin Melton
April 14th, 2011 1:05am