While you're at it, you have a lot to look at to see what's happening. Best bet is a network trace to see what it's looking for. It could be that the firewall is taking a long time to process, it could be that the clients are timing out looking for something, it could be that your link has a lot of latency, etc. Check the firewall logs as well. It should be very helpful in troubleshooting this. Keep in mind that each client revision has slightly different characteristics, so troubleshoot accordingly.
As for ports, you basically open up everything above 1024 TCP and the usual windows ports (TCP 135 etc). By the time all is done, you may as well just open all the ports for traffic to/from or switch to another protocol such as RPC/HTTP. Al -----Original Message----- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 2:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange 2003 and Firewalls Justin, Check to see which Global Catalog server these clients are trying to get at. Go to the Outlook Address Book, GAL, <right click>Properties. That will identify the current GC in use. Connections to it may be blocked by the firewall. Mike Thommes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tue 3/23/2004 1:04 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] Exchange 2003 and Firewalls 400+ Outlook clients over a T1. Have you looked at the bandwidth utilization? Sounds like the T1 is saturated to me. What about subnet in the remote office? Is it assigned to the correct site for authentication? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Tuesday, March 23, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange 2003 and Firewalls No it is a private T1, point to point. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert Sent: Tuesday, March 23, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange 2003 and Firewalls I take it this is a public T1 over the internet, comms via a VPN? -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: 23 March 2004 17:35 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange 2003 and Firewalls Physically the two orgs are connected by a T1 Line. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert Sent: Tuesday, March 23, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange 2003 and Firewalls Is this on the same physical site? -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: 23 March 2004 14:58 To: ActiveDir (E-mail) Subject: [ActiveDir] Exchange 2003 and Firewalls I have a facilities that insists on having a very old 3Com Firewall between our organizations. On his side of the firewall is has 400 + outlook clients, on my side I have the Exchange 2003 server and the Global Catalog Servers. Clients are taking an extremely long time to connect to mail and access resources. None of my other 9 facilities have this problems and the only thing different is that none of the others have a firewall between our two organizations. What ports do they have to open to allow proper communications between their clients and my servers? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use (including retransmission or copying) of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this transmission, please contact the sender and delete the material from any computer. The sender is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Any replies to this email may be monitored by the MCPS-PRS Alliance for quality control and other purposes. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use (including retransmission or copying) of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this transmission, please contact the sender and delete the material from any computer. The sender is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Any replies to this email may be monitored by the MCPS-PRS Alliance for quality control and other purposes. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
