Have you tried setting the NIC of the new PCs to a static Ethernet speed,
like 100 Mbits/s Half/Full Duplex?
One thing you could try is to launch "ping the_server_ip -t" on all the
machines, make your problem happen, and check if you have more ICMP packets
being lost on your new machines. This could help solving the problem.
Bye the way, is your switch administrable? What model do you have?
De : Jeff Buehler [mailto:jeff at buehlertech dot com]
Envoyé : dimanche, 19. février 2006 17:30
À : Philippe Lang
Cc : James W. McKeand; m0n0wall at lists dot m0n0 dot ch
Objet : Re: RE : [m0n0wall] outlook -> exchange problem
Hi Phillipe (thanks for your input!) -
Definitely not a saturated WAN - all devices are on the same 24 port 100 Mbs
switch, but only the four most recently added systems exhibit problems, and
they sort of trade places so that any two of them at a given time have
intermittent connectivity (I know - very strange), regardless of how I
reconfigure the network or bring systems up or down. If it were the WAN, at
some point one of the other 14 systems would have shown problems as well
(this has been going on for three weeks). Also, this is only 18 systems,
mostly small email, over a 1.5Mb
T1 to a 1.5 Mb T1 and a fully 100 MBs network LANd together on a good
gigabit switch. The other side is the same but has about 25 systems or so -
I rarely see the network even get to 3 MBs during peak times on either side.
The m0n0walls are overkill (it was cheaper!) with 1.8 Ghz Durons, 128 Mb
memory on flash drives and gigabit cards (unfortunately Sk0 though, with
very occasional Watchdog timeouts - what is the problem with that driver?
I'm pretty certain this wouldn't be related to the problem because of the
"just four systems" issue.)
I have phase 1 and phase 2 both set to 28000 - I know this is low for phase
2. I had the same problem with phase 2 set to 86000 (and phase 1 at 28000),
but I changed it because I suspected it as a possible problem
- I don't really understand the VPN lifetime issue, and it seems more an art
form than an either/or setting.
A bit more info: it seems that all four, or at least some of the four (not
just one) of the problem systems (3 new Dells, 1 old but with new user and
new machine name) need to be connected for me to get the problem to occur
(it is extremely pernicious - if I look at it in the evening when people are
gone, I have to work hard to get it to happen by logging on to all of the
problem systems and opening Outlook - once it happens, I have to work hard
to fix it!) Just for interests sake, here are the things that can get the
behavior to change on a specific system for a short time (5 minutes, 1 hour,
until the next morning, etc.):
1. switch from ESP to AH (but not back - AH defiantly helps the problem a
little) 2. go into control panel -> mail and change a few settings, like
authentication method from Kerberos to NTLM or back
Right now, all four of the systems are happily working properly using RPC
over HTTPS across the WAN, which is annoying but works.
Interestingly, RPC over HTTPS over the VPN still failed the same way, so it
isn't a protocol issue (my original suspicion was that MS was trying to
limit firewalls to MS Certified ones by modifying RPC or Kerberos such that
a firewall would have to "know" about the modification to deal with them
properly - I know, conspiracy stuff, but I don't trust MS much).
Sorry for the long posts - just trying to be thorough!
Philippe Lang wrote:
> Jeff, I've just read your last report on Monowall / Exchange, and one
thing you haven't mentioned, is VPN lifetime. Is that OK on your
configuration? Do you have a router or something on your network that could
> And what about your bandwidth? A saturated WAN could also explain why your
new machines are being logged out.
> Hope this helps.