Still sounds at least partially MTU related. I'll spare you the gory details, but there is about 50-60 bytes of overhead IIRC for VPN encapsulation, which is why you're seeing an MTU top out at 1450 (ethernet I believe is 1536).
Dial up connections are a bit trickier, depending on the hardware involved. They have smaller MTU's IIRC, and some stick as low as 576, which is the bare minimum allowed. I'd start by setting the MTU to 576 and trying it. It will be slow, but it should work. Then ratchet it up to 1200ish and test it. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Smith, Ronni [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 12, 2003 3:59 PM > To: Exchange Discussions > Subject: RE: Outlook over VPN - MTU issue? - problems with > Q301337 fix? > > > Well, that is just the thing. It is not just that one client. > He is always > the pain-in-the-patootie guy so I assumed it was just his karma when I > couldn't find anything different between our machines other > than I use DSL > and he uses dial-up. At that time that Q article told you to > call PSS and I > wasn't willing to do that for the one guy until I knew more > about what the > fix was. > > But now they have released that fix and I also have another > user (a much > more capable one) who is experiencing the same thing. He too > is on dialup. > In both cases, they can ping by name, they can explore the > domain, their > home drives get properly mapped to the server here in the > office. In fact, > they can do everything except connect to the Exchange server > and get data > from it. Connections do show up under netstat -a on the > Exchange server if > they try but it never manages to load the data. The connections say > "waiting" and are on a couple of highish ports iirc. At least on the > Exchange server end. > > All of the client machines involved are Windows 2000 Pro > machines that were > joined to the domain here in the office before being taken > home. The only > users successfully using the MUVPN client (software vpn) and > running Outlook > to connect back to the Exchange server are those who have DSL > not dial-up > connections. I know the pitp guy's virtual adapter was set up exactly > correctly because I did it myself and compared step by step > with my own > machine which worked fine over my dsl line. I will check the > other user's > machine when he brings it back in (it's his laptop). And I > guess I will add > a modem to my machine, make sure it still works over dsl and > then see if it > works over dialup. This may be instructive enough to be worth > the effort and > expense. > > Thanks to all who have passed on ideas. I will try adding a > modem to my > machine next. Unless I can get the guy with the laptop to > loan it to me. > > Ronni > > > -----Original Message----- > From: Dave Vantine [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 12, 2003 8:33 AM > To: Exchange Discussions > Subject: RE: Outlook over VPN - MTU issue? - problems with > Q301337 fix? > > > I would agree with Mike that it is probably and issue with > that one client. > I would look carefully at the name resolution. > > Can the user ping the exchange server via name resolution > across the tunnel? > > We ran into some recent problems when using the MUVPN from Watchguard, > especially on XP machines. Occasionally some of the MUVPN's > do not setup the > Virtual Adapter and it connects using SafeNet's default mode > which uses the > "Shim" (there are 3 options for this disabled, preferred, and > required) > which leaves you without any name resolution that may have > been supplied via > the virtual adapter. The only way around the problem with > those that will > only connect with the Shim was to use an ALMOST file on there machine. > Watchguard is aware of this issue and is working with SafeNet > > -Dave Vantine > > > > -----Original Message----- > From: Mike Scott [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 12, 2003 4:54 AM > To: Exchange Discussions > Subject: RE: Outlook over VPN - MTU issue? - problems with > Q301337 fix? > > > > Ronni, > > Given that your other VPN clients work OK except this one I > think I'd be > looking at the specifics of this guys VPN and network setup > and start with > the simple stuff like the Watchguard traffic monitor and logs > to see if > anything's getting blocked and with the name resolution and dialup > performance at the client end, rather than diving in with a bunch of > hotfixes. > > We have a very similar setup here, and these tools fix pretty > much all these > issues here. > > Just my approach, > Mike > > > -----Original Message----- > From: Smith, Ronni [mailto:[EMAIL PROTECTED]] > Sent: 11 February 2003 22:20 > To: Exchange Discussions > Subject: Outlook over VPN - MTU issue? - problems with Q301337 fix? > > > We are a one Exchange 5.5 server shop. A few months ago I > began the process > of moving us to a new server. New hardware, new name, > following Ed's Move > Server Method which I have already done once without issue on > NT4 to NT4. > This time we moved to Windows 2000 for the new server's OS. > New server is > therefore Exch 5.5 SP4 on Win2k SP2 + security fixes and old > server was/is > Exch 5.5 SP4 on NT4 SP 6a + security fixes. I moved mailboxes over the > course of a few days and everyone was fine, running happily > without issues, > except for one guy (the "n-sigma where n is a big number" guy > of course) > whose home machine couldn't connect fully to the new mail > server over VPN as > it had when it was on the NT4 box. It does make connections > to the Exchange > Server. I can see that with netstat -a on either side but it > does not appear > to transfer data. He uses a software vpn client to connect to > our network. > So at first I was ready to blame the MTU issue and make the > modifications > necessary to correct that. However, when I researched it, it seemed as > though I should be having the same problem with all the > clients that use > vpn. Now some of my vpn clients have an appliance (Watchguard > SOHO at user's > home connects to our Watchguard Firebox) and some have the > software client. > Those with the appliance might not see the issue but my box > at home uses the > software client (SafeNet created for Watchguard) and it works > fine as do all > the SOHOs. The only pertinent difference I can see between my > n-sigma user's > connection and mine is that he uses dial-up and I use a dsl > line. I have > also verified that this is dial-up related in that a second > user also has > the issue with dial-up access. > > I have googled. I have technetted. I have searched archives. I have > found/done the following: > > I have read Q301337 "PMTU Detection May Not Work After You > Install Windows > 2000 SP2" and while it appears to be the most pertinent, I am leery of > adding a fix that until recently was not available except > through PSS just > to fix 2 people's e-mail access from home. Certainly it is > true that our > software vpn assigns an address on the same subnet to the > client pc. But > that is true for my machine as well, so I am also not 100% > convinced that > this will solve my issue. Has anyone here installed the Q301337 hotfix > Q301337_W2k_SP3_x86_en.exe on a Windows 2000 SP2 Exchange > Server and found > that it caused problems? If not I am willing to try it. But I > find myself a > bit nervous about that "Uninstall is not available" note at > the bottom of > the download page. I do not have a server I can test with at > the moment. If > I get no positive feedback on this fix I may decide to build > one first. > Positive feedback about this fix would be appreciated as I am > not sure where > I can find a box to build a temporary test Exchange Server out of. > > Following Q159211 "Diagnoses and Treatment of Black Hole > Routers" I did find > a breakdown at an MTU of about 1200 for the n-sigma user's > machine over > dial-up and at 1450 for the other user's machine so I am > reasonably certain > MTU is a factor. > > I reviewed Q259783 "PPPoE with ICS Requires MTU Setting Below > 1492 on the > ICS Client" however, neither user is running ICS, nor is > either one running > PPPoE. > > Q120642 "TCP/IP & NBT Configuration Parameters for Windows" seems to > indicate that I could add the MTU value for the dialup > adapter to solve this > problem but that has not worked for the second user and > Q3031337 seems to > indicate it might be ignored anyway due to the way the > software VPN client > behaves. > > Any other suggestions/pointers will be gratefully received. > > Ronni _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
