Strange issue with Checkpoint VPN users and Exchange 2003

Hello Gurus,

We have recently upgraded from MS Exchange 5.5 to MS Exchange 2003.
Since then our VPN users have been complaining about issues with
downloading their emails to outlook 2003. The strange thing is, when
we reboot the exchange server, things start working again for them for
a few days (a week maybe). After a week the issue starts again for
them. They are not able to download emails. We are using Checkpoint
Firewall v.R55.

Is there any extra setting on the firewall or the Exchange server that
we are missing? I have been monitoring the firewall and I cant see tcp
packets flowing from the Exchange server to the client when there is a
connection request. UDP packets do work. The client can ping the
Exchange server.

Any help would be appreciated.

thanks
Ankit

Re: Strange issue with Checkpoint VPN users and Exchange 2003

On 3 May 2007 16:38:22 -0700, apsolar@... wrote in
microsoft.public.exchange.admin, microsoft.public.exchange.setup,
comp.security.firewalls:

>We have recently upgraded from MS Exchange 5.5 to MS Exchange 2003.
>Since then our VPN users have been complaining about issues with
>downloading their emails to outlook 2003. The strange thing is, when
>we reboot the exchange server, things start working again for them for
>a few days (a week maybe). After a week the issue starts again for
>them. They are not able to download emails. We are using Checkpoint
>Firewall v.R55.
>
>Is there any extra setting on the firewall or the Exchange server that
>we are missing? I have been monitoring the firewall and I cant see tcp
>packets flowing from the Exchange server to the client when there is a
>connection request. UDP packets do work. The client can ping the
>Exchange server.

I found that problems with Outlook connecting to the Exchange server
over a VPN are mostly caused by DNS difficulties. Typical scenario: they
can map network drives, they can ping the Exchange server, they can
telnet to port 25 on the Exchange server, but Outlook doesn't want to
connect.

I found it easiest to correct by providing an appropriate entry in the
hosts file.

Others have suggested that, if running ISA, to disable RPC Filter.

--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"

Re: Strange issue with Checkpoint VPN users and Exchange 2003

In article <1178235502.424962.96230@o5g2000hsb.googlegroups.com>,
wrote:

>We have recently upgraded from MS Exchange 5.5 to MS Exchange 2003.
>Since then our VPN users have been complaining about issues with
>downloading their emails to outlook 2003. The strange thing is, when
>we reboot the exchange server, things start working again for them for
>a few days (a week maybe). After a week the issue starts again for
>them. They are not able to download emails. We are using Checkpoint
>Firewall v.R55.
>
>Is there any extra setting on the firewall or the Exchange server that
>we are missing? I have been monitoring the firewall and I cant see tcp
>packets flowing from the Exchange server to the client when there is a
>connection request. UDP packets do work. The client can ping the
>Exchange server.

Just a guess but try lowering the MTU and see if fragmentation
is causing the issue. I know this is a problem on Juniper firewalls
on the Exchange upgrade.

Here's a free TCP Optimizer to check/set the MTU...

http://www.speedguide.net/downloads.php

Post the solution when you find it.

alan

Re: Strange issue with Checkpoint VPN users and Exchange 2003

Hello Guys,

I checked the DNS and host file. They have the right entries.

I also lowered the MTU (1372) on one of the clients at a remote VPN
site. Now this fixed the problem on that machine. So I will look at
implementing this change for that site.

But it still doesn't work for my GPRS connection. I can ping the
Exchange server with a packet size of 128bits max. It won't be
practical to lower the MTU to 128. I still tried it but it didn't
work.

Any other suggestions. Is there a fix that I can apply to the Exchange
server?

regards
Ankit

Re: Strange issue with Checkpoint VPN users and Exchange 2003

Hello Guys,

I have found the solution for this problem.

here is the link to the solution:
http://www.gofixit.com/?m=200505

thanks for support
Ankit

Re: Strange issue with Checkpoint VPN users and Exchange 2003

On May 16, 8:03 pm, apso...@gmail.com wrote:
> Hello Guys,
>
> I have found the solution for this problem.
>
> here is the link to the solution:http://www.gofixit.com/?m=200505
>
> thanks for support
> Ankit

What a surprise, a fix by Microsuck breaks their own product it was
designed to fix... never heard of such a thing, huh?

Welcome to the wonderful world of winBlows....

RedForeman