From: Huey on
Hi there,

I'm having problems with intermittent connections when using outlook over an
SSL VPN - note we are not using RPC over HTTP. My remote users connect in
via an SSL VPN and then open outlook like they were in the office. We are
using outlook 2007 and exchange 2003. It is a watchguard ssl100 vpn.

This works 75% of the time. Using the "connection status" option in outlook
shows that the it cannot establish a connection to either the DC or the
exchange server. However I can make a remote desktop connection across the
VPN to both servers - i.e. the VPN is allowing traffic.

I notice some people have been using rpcping - is this only useful when
using rpc over http? Other articles refer to MTU size. Can anyone help me
troubleshoot this further as I'm stumped!?!? This may well be a VPN issue
but I'm hoping someone will have some experience of this.

Cheers,
Huw


From: Rich Matheisen [MVP] on
On Thu, 24 Jun 2010 16:35:58 +0100, "Huey" <al(a)alco.co.uk> wrote:

>Hi there,
>
>I'm having problems with intermittent connections when using outlook over an
>SSL VPN - note we are not using RPC over HTTP. My remote users connect in
>via an SSL VPN and then open outlook like they were in the office. We are
>using outlook 2007 and exchange 2003. It is a watchguard ssl100 vpn.
>
>This works 75% of the time. Using the "connection status" option in outlook
>shows that the it cannot establish a connection to either the DC or the
>exchange server. However I can make a remote desktop connection across the
>VPN to both servers - i.e. the VPN is allowing traffic.
>
>I notice some people have been using rpcping - is this only useful when
>using rpc over http? Other articles refer to MTU size. Can anyone help me
>troubleshoot this further as I'm stumped!?!? This may well be a VPN issue
>but I'm hoping someone will have some experience of this.

If it's a VPN problem then reducing the MTU size may help. VPN adds
data to the packet and if that packet then exceeds the MTU size
somewhere on your way between the client and the server you're in
trouble.

"ping <server> -l 1472 -f" should work.
"ping <server> -l 1473 -f" should fail.

If what should work doesn't, reduce the 1472 until it does work. Then
adjust the client's MTU accordingly.
---
Rich Matheisen
MCSE+I, Exchange MVP