[ previous ] [ next ] [ threads ]
 From:  Jeff Buehler <jeff at buehlertech dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] outlook -> exchange problem
 Date:  Thu, 02 Feb 2006 14:39:36 -0800
Presently the workstations in question get DNS (and DHCP) from the 
m0n0wall device (as do the other workstations that are working 
properly), which passes the domain server on the network for DNS.  The 
DNS resolves properly, and immediately, for the Exchange server across 
the VPN, so this doesn't seem to be the issue.

The most likely thing that seems to make any sense is some sort of MTU 
issue, in which fragmented packets are getting dropped.  I enabled 
"Allow fragmented packets" on the ESP rule for the ipsec vpn, and I also 
added it to the LAN interface just for local Active Directory resolution 
(which was working anyway so that may be unnecessary).  A ping -f -l 
1472 to the Exchange Server across the VPN does not fragment, so the 
default of 1500 should be OK.

All versions are the most recent: Exchange 2003 latest SP, Outlook 2003 
with any updates.

The ONLY difference that I can pin down, which I am now exploring, is 
the newer Intel pro card on the workstations that are having the 
problem.  I am putting an older card (from a machine that works 
properly) in one of the problem machines to see if that makes any 
difference at all.

Bizarre problem.  I have been working on it for 6  or so hours now.  Has 
anyone tried to bill Microsoft for this kind of problem?  I hate to bill 
the client...


Chris Buechler wrote:

>On 2/2/06, Jeff Buehler <jeff at buehlertech dot com> wrote:
>>1. Network of 20 or so workstations connected like this:  workstation ->
>>switch -> m0n0wall -> internet.
>What are these machines using as their DNS server?  Lack of proper DNS
>resolution is the #1 cause of Outlook delays that I've run into at
>least.  They'll need to be using a DNS server that knows how to
>resolve your AD DNS info appropriately.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch