Remote Site Can't Use Microsoft Apps over Network

[Andrew Russell]

Sorry for the crosspost, but I really don't know if this is AD, DNS or a
networking problem.

I have three remote sites that are in a Windows 2000 AD domain -- each site
is connected via VPN to the other using cable/dsl and a Cisco 3002 VPN
client.

Users at each of the three sites also connect to headquarters over the same
VPN for Exchange 5.5. e-mail and some terminal services stuff.

Users at Site A and Site B are working fine. When they launch Outlook, they
are prompted for their logon credentials to the HQ domain, and their e-mail
pulls up just fine.

For several months, I have had trouble at Site C. Users there suddenly were
unable to connect to Exchange. When they type in their logon credentials,
the screen hangs for several minutes, then finally times out with various
messages, such as "your exchange server is unavailable." I can ping the
e-mail server, and I can resolve the name (we've always used hosts files at
these sites.)

I can't think of anything that has changed at the remote sites. We did move
our headquarters several months ago, and all the IP addresses changed, but
since everything works at Sites A and B, I don't think the problem is at the
HQ end.

I thought maybe it was an outlook problem at first, but then I started
leaning toward a DNS problem.

Then the other day, one of our users at Site C tried to use remote desktop
to one of our servers at HQ. He was unable to connect. He can ping the
server and resolve the name, but it pulls the Remote Desktop shell with a
black screen and eventually times out with a "You may have network problems"
error.

Out of curiosity, I tried Remote Desktop from Sites A and B, and they work
just fine!

So there is something at Site C that seems to be blocking or misdirecting
Microsoft networking functionality back to HQ. I can't for the life of me
figure it out. I have checked the VPN boxes at all three sites, and they
appear to be identical configurations. All three sites are in the same
domain, so they should be sharing the same DNS information. Even if it was
a DNS problem, we are using hosts files at all sites for the HQ machine
names, so DNS shouldn't really figure into it.

I'm stumped, and I don't even know where to turn to for an answer at this
point. I am now ready to blame the ISP at this site, but I don't know what
they could be blocking.

Any suggestions?

Thanks

 

[Kevin D. Goodknecht Sr. [MVP]]

Sorry for the crosspost, but I really don't know if this is AD, DNS
or a networking problem.

I have three remote sites that are in a Windows 2000 AD domain --
each site is connected via VPN to the other using cable/dsl and a
Cisco 3002 VPN client.

Users at each of the three sites also connect to headquarters over
the same VPN for Exchange 5.5. e-mail and some terminal services
stuff.

Users at Site A and Site B are working fine. When they launch
Outlook, they are prompted for their logon credentials to the HQ
domain, and their e-mail pulls up just fine.

For several months, I have had trouble at Site C. Users there
suddenly were unable to connect to Exchange. When they type in their
logon credentials, the screen hangs for several minutes, then finally
times out with various messages, such as "your exchange server is
unavailable." I can ping the e-mail server, and I can resolve the
name (we've always used hosts files at these sites.)

I can't think of anything that has changed at the remote sites. We
did move our headquarters several months ago, and all the IP
addresses changed, but since everything works at Sites A and B, I
don't think the problem is at the HQ end.

I thought maybe it was an outlook problem at first, but then I started
leaning toward a DNS problem.

Then the other day, one of our users at Site C tried to use remote
desktop to one of our servers at HQ. He was unable to connect. He
can ping the server and resolve the name, but it pulls the Remote
Desktop shell with a black screen and eventually times out with a
"You may have network problems" error.

Out of curiosity, I tried Remote Desktop from Sites A and B, and they
work just fine!

So there is something at Site C that seems to be blocking or
misdirecting Microsoft networking functionality back to HQ. I can't
for the life of me figure it out. I have checked the VPN boxes at
all three sites, and they appear to be identical configurations. All
three sites are in the same domain, so they should be sharing the
same DNS information. Even if it was a DNS problem, we are using
hosts files at all sites for the HQ machine names, so DNS shouldn't
really figure into it.

I'm stumped, and I don't even know where to turn to for an answer at
this point. I am now ready to blame the ISP at this site, but I
don't know what they could be blocking.

Any suggestions?

Is there a Domain Controller at site C?
If so, is replication working?
If not are the clients at site C using the AD DNS server IP only in TCP/IP
properties?
Is WINS set up and working?

 

[Todd J Heron]

Andrew,

I've seen this before. You proved this isn't a name resolution problem.
The problem may be the MTU size. You can try adjusting this at the client
of the remote site and see if it helps.

TCP/IP and NBT Configuration Parameters for Windows 2000 or Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q120642

TCP/IP and NBT Configuration Parameters for Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314053

The best way to determine the optimum setting for the MTU provided known
guaranteed bandwidth is to run the command:

ping xxx.xxx.xxx.xxx -f -l yyyy

where xxx.xxx.xxx.xxx is the remote host and yyyy are different sizes
starting with 1472. Once a response is received, add 28 to the yyyy
number. This is the optimum setting for the MTU.

http://www.speedguide.net/read_articles.php?id=156