Ronni, Given that your other VPN clients work OK except this one I think I'd be looking at the specifics of this guys VPN and network setup and start with the simple stuff like the Watchguard traffic monitor and logs to see if anything's getting blocked and with the name resolution and dialup performance at the client end, rather than diving in with a bunch of hotfixes.
We have a very similar setup here, and these tools fix pretty much all these issues here. Just my approach, Mike -----Original Message----- From: Smith, Ronni [mailto:[EMAIL PROTECTED]] Sent: 11 February 2003 22:20 To: Exchange Discussions Subject: Outlook over VPN - MTU issue? - problems with Q301337 fix? We are a one Exchange 5.5 server shop. A few months ago I began the process of moving us to a new server. New hardware, new name, following Ed's Move Server Method which I have already done once without issue on NT4 to NT4. This time we moved to Windows 2000 for the new server's OS. New server is therefore Exch 5.5 SP4 on Win2k SP2 + security fixes and old server was/is Exch 5.5 SP4 on NT4 SP 6a + security fixes. I moved mailboxes over the course of a few days and everyone was fine, running happily without issues, except for one guy (the "n-sigma where n is a big number" guy of course) whose home machine couldn't connect fully to the new mail server over VPN as it had when it was on the NT4 box. It does make connections to the Exchange Server. I can see that with netstat -a on either side but it does not appear to transfer data. He uses a software vpn client to connect to our network. So at first I was ready to blame the MTU issue and make the modifications necessary to correct that. However, when I researched it, it seemed as though I should be having the same problem with all the clients that use vpn. Now some of my vpn clients have an appliance (Watchguard SOHO at user's home connects to our Watchguard Firebox) and some have the software client. Those with the appliance might not see the issue but my box at home uses the software client (SafeNet created for Watchguard) and it works fine as do all the SOHOs. The only pertinent difference I can see between my n-sigma user's connection and mine is that he uses dial-up and I use a dsl line. I have also verified that this is dial-up related in that a second user also has the issue with dial-up access. I have googled. I have technetted. I have searched archives. I have found/done the following: I have read Q301337 "PMTU Detection May Not Work After You Install Windows 2000 SP2" and while it appears to be the most pertinent, I am leery of adding a fix that until recently was not available except through PSS just to fix 2 people's e-mail access from home. Certainly it is true that our software vpn assigns an address on the same subnet to the client pc. But that is true for my machine as well, so I am also not 100% convinced that this will solve my issue. Has anyone here installed the Q301337 hotfix Q301337_W2k_SP3_x86_en.exe on a Windows 2000 SP2 Exchange Server and found that it caused problems? If not I am willing to try it. But I find myself a bit nervous about that "Uninstall is not available" note at the bottom of the download page. I do not have a server I can test with at the moment. If I get no positive feedback on this fix I may decide to build one first. Positive feedback about this fix would be appreciated as I am not sure where I can find a box to build a temporary test Exchange Server out of. Following Q159211 "Diagnoses and Treatment of Black Hole Routers" I did find a breakdown at an MTU of about 1200 for the n-sigma user's machine over dial-up and at 1450 for the other user's machine so I am reasonably certain MTU is a factor. I reviewed Q259783 "PPPoE with ICS Requires MTU Setting Below 1492 on the ICS Client" however, neither user is running ICS, nor is either one running PPPoE. Q120642 "TCP/IP & NBT Configuration Parameters for Windows" seems to indicate that I could add the MTU value for the dialup adapter to solve this problem but that has not worked for the second user and Q3031337 seems to indicate it might be ignored anyway due to the way the software VPN client behaves. Any other suggestions/pointers will be gratefully received. Ronni _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
