Frequent ExchSrvr restarts needed for remote users

Hello all –

I have a mob of disenchanted users about to lynch me because of a problem 
that I cannot get to the bottom of.  I recently migrated Exchange 5.5 to 2K3, 
consolidating three sites in the process.  Now we have one Exchange Server at 
headquarters that hosts all mailboxes and public folders.  The problem is 
with the users at the remote sites.   Approximately every three business 
days, I have to restart the Exch Srvr, because over the space of a few hours, 
many users at the remotes sites are unable to connect to it. (“Trying to 
connect..” in the Outlook status bar).  Only a restart of the Exch Srvr fixes 
the problem -- not a restart of the Outlook clients, nor of the PCs 
themselves.    Additionally, users local to the Exch Srvr (same lan) are not 
affected.  I would suspect a WAN bandwidth problem, but no other applications 
are affected.  

All users connect with Outlook 2K3 in cache-mode.  Since there is presumably 
a lot more traffic being generated (cache mode or not) between our WAN sites, 
I’ve also had to look at the routers and firewalls involved.  But for the 
sake of approaching this as an Exchange problem as opposed to a Cisco 
problem, can I ask if anyone knows anything about Exchange that might explain 
this behaviour?   Has anyone seen a case where the routers and firewalls have 
been especially burdened in an Exchange Server 2003 consolidated site 
configuration?  Maybe with excessive tcp connections that do not time out?  
(although this and other cisco troubleshooting measures have revealed 
nothing).  

If Exchange Server is the problem, it is as though it is accumulating 
traffic statistics pertaining to slower-link clients, and never clearing it 
out.  Even if it is a Cisco problem, maybe some Exchange admins have run into 
this before in cases of consolidated sites.

Thank you in advance for any ideas.

0
Worfman (3)
9/14/2005 2:44:03 AM
exchange.admin 57650 articles. 1 followers. Follow

10 Replies
410 Views

Similar Articles

[PageSpeed] 21

I can't see how it would be an Exchange problem since Exchange shouldn't 
have any idea that such connections cross routers.
-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Worfman" <Worfman@discussions.microsoft.com> wrote in message 
news:C84C3057-43C2-49A2-B4BF-85285D89395F@microsoft.com...
> Hello all -
>
> I have a mob of disenchanted users about to lynch me because of a problem
> that I cannot get to the bottom of.  I recently migrated Exchange 5.5 to 
> 2K3,
> consolidating three sites in the process.  Now we have one Exchange Server 
> at
> headquarters that hosts all mailboxes and public folders.  The problem is
> with the users at the remote sites.   Approximately every three business
> days, I have to restart the Exch Srvr, because over the space of a few 
> hours,
> many users at the remotes sites are unable to connect to it. ("Trying to
> connect.." in the Outlook status bar).  Only a restart of the Exch Srvr 
> fixes
> the problem -- not a restart of the Outlook clients, nor of the PCs
> themselves.    Additionally, users local to the Exch Srvr (same lan) are 
> not
> affected.  I would suspect a WAN bandwidth problem, but no other 
> applications
> are affected.
>
> All users connect with Outlook 2K3 in cache-mode.  Since there is 
> presumably
> a lot more traffic being generated (cache mode or not) between our WAN 
> sites,
> I've also had to look at the routers and firewalls involved.  But for the
> sake of approaching this as an Exchange problem as opposed to a Cisco
> problem, can I ask if anyone knows anything about Exchange that might 
> explain
> this behaviour?   Has anyone seen a case where the routers and firewalls 
> have
> been especially burdened in an Exchange Server 2003 consolidated site
> configuration?  Maybe with excessive tcp connections that do not time out?
> (although this and other cisco troubleshooting measures have revealed
> nothing).
>
> If Exchange Server is the problem, it is as though it is accumulating
> traffic statistics pertaining to slower-link clients, and never clearing 
> it
> out.  Even if it is a Cisco problem, maybe some Exchange admins have run 
> into
> this before in cases of consolidated sites.
>
> Thank you in advance for any ideas.
> 


0
curspice6401 (3486)
9/14/2005 4:30:18 AM
This is an issue with windows 2003 sp1. sp1 has improved security for rpc. 
these communication lost while its travell through vpn on the remote site. i 
had the same problem with my exchange server i have unistalled the sp1 from 
my exchange and domain ctrls. its working well. dont ever appay sp1 or any 
sps. with out fully confriming it. but you blindly applay security pathces 
and hot fixes. you please do this will fix your all problems. you mightg have 
with rdp access also. and many other rpc depended programs. thanks and 
regrads Manoj from MUscat

"Ed Crowley [MVP]" wrote:

> I can't see how it would be an Exchange problem since Exchange shouldn't 
> have any idea that such connections cross routers.
> -- 
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
> 
> "Worfman" <Worfman@discussions.microsoft.com> wrote in message 
> news:C84C3057-43C2-49A2-B4BF-85285D89395F@microsoft.com...
> > Hello all -
> >
> > I have a mob of disenchanted users about to lynch me because of a problem
> > that I cannot get to the bottom of.  I recently migrated Exchange 5.5 to 
> > 2K3,
> > consolidating three sites in the process.  Now we have one Exchange Server 
> > at
> > headquarters that hosts all mailboxes and public folders.  The problem is
> > with the users at the remote sites.   Approximately every three business
> > days, I have to restart the Exch Srvr, because over the space of a few 
> > hours,
> > many users at the remotes sites are unable to connect to it. ("Trying to
> > connect.." in the Outlook status bar).  Only a restart of the Exch Srvr 
> > fixes
> > the problem -- not a restart of the Outlook clients, nor of the PCs
> > themselves.    Additionally, users local to the Exch Srvr (same lan) are 
> > not
> > affected.  I would suspect a WAN bandwidth problem, but no other 
> > applications
> > are affected.
> >
> > All users connect with Outlook 2K3 in cache-mode.  Since there is 
> > presumably
> > a lot more traffic being generated (cache mode or not) between our WAN 
> > sites,
> > I've also had to look at the routers and firewalls involved.  But for the
> > sake of approaching this as an Exchange problem as opposed to a Cisco
> > problem, can I ask if anyone knows anything about Exchange that might 
> > explain
> > this behaviour?   Has anyone seen a case where the routers and firewalls 
> > have
> > been especially burdened in an Exchange Server 2003 consolidated site
> > configuration?  Maybe with excessive tcp connections that do not time out?
> > (although this and other cisco troubleshooting measures have revealed
> > nothing).
> >
> > If Exchange Server is the problem, it is as though it is accumulating
> > traffic statistics pertaining to slower-link clients, and never clearing 
> > it
> > out.  Even if it is a Cisco problem, maybe some Exchange admins have run 
> > into
> > this before in cases of consolidated sites.
> >
> > Thank you in advance for any ideas.
> > 
> 
> 
> 
0
9/14/2005 6:40:04 AM
On Tue, 13 Sep 2005 23:40:04 -0700, "Manoj Oommen Muscat 99206988"
<ManojOommenMuscat99206988@discussions.microsoft.com> wrote:

>This is an issue with windows 2003 sp1. sp1 has improved security for rpc. 
>these communication lost while its travell through vpn on the remote site. i 
>had the same problem with my exchange server i have unistalled the sp1 from 
>my exchange and domain ctrls. its working well. dont ever appay sp1 or any 
>sps. with out fully confriming it. but you blindly applay security pathces 
>and hot fixes. you please do this will fix your all problems. you mightg have 
>with rdp access also. and many other rpc depended programs. thanks and 
>regrads Manoj from MUscat

 If anything, it *might* be an issue with ms05-19.
http://support.microsoft.com/kb/898060/

I dont necessary recommend that someone unistall Sp1.


>
>"Ed Crowley [MVP]" wrote:
>
>> I can't see how it would be an Exchange problem since Exchange shouldn't 
>> have any idea that such connections cross routers.
>> -- 
>> Ed Crowley
>> MVP - Exchange
>> "Protecting the world from PSTs and brick backups!"
>> 
>> "Worfman" <Worfman@discussions.microsoft.com> wrote in message 
>> news:C84C3057-43C2-49A2-B4BF-85285D89395F@microsoft.com...
>> > Hello all -
>> >
>> > I have a mob of disenchanted users about to lynch me because of a problem
>> > that I cannot get to the bottom of.  I recently migrated Exchange 5.5 to 
>> > 2K3,
>> > consolidating three sites in the process.  Now we have one Exchange Server 
>> > at
>> > headquarters that hosts all mailboxes and public folders.  The problem is
>> > with the users at the remote sites.   Approximately every three business
>> > days, I have to restart the Exch Srvr, because over the space of a few 
>> > hours,
>> > many users at the remotes sites are unable to connect to it. ("Trying to
>> > connect.." in the Outlook status bar).  Only a restart of the Exch Srvr 
>> > fixes
>> > the problem -- not a restart of the Outlook clients, nor of the PCs
>> > themselves.    Additionally, users local to the Exch Srvr (same lan) are 
>> > not
>> > affected.  I would suspect a WAN bandwidth problem, but no other 
>> > applications
>> > are affected.
>> >
>> > All users connect with Outlook 2K3 in cache-mode.  Since there is 
>> > presumably
>> > a lot more traffic being generated (cache mode or not) between our WAN 
>> > sites,
>> > I've also had to look at the routers and firewalls involved.  But for the
>> > sake of approaching this as an Exchange problem as opposed to a Cisco
>> > problem, can I ask if anyone knows anything about Exchange that might 
>> > explain
>> > this behaviour?   Has anyone seen a case where the routers and firewalls 
>> > have
>> > been especially burdened in an Exchange Server 2003 consolidated site
>> > configuration?  Maybe with excessive tcp connections that do not time out?
>> > (although this and other cisco troubleshooting measures have revealed
>> > nothing).
>> >
>> > If Exchange Server is the problem, it is as though it is accumulating
>> > traffic statistics pertaining to slower-link clients, and never clearing 
>> > it
>> > out.  Even if it is a Cisco problem, maybe some Exchange admins have run 
>> > into
>> > this before in cases of consolidated sites.
>> >
>> > Thank you in advance for any ideas.
>> > 
>> 
>> 
>> 
0
adavid (8731)
9/14/2005 1:10:57 PM
"Manoj Oommen Muscat 99206988"
<ManojOommenMuscat99206988@discussions.microsoft.com> wrote:

>This is an issue with windows 2003 sp1. sp1 has improved security for rpc. 

Phooey. We run W2K3 SP1 on Exchange servers and have no problems
related to "improved rpc security".

We've had problems with VPN's (they all add bits to the packet headers
tht sometimes cause the packet to be fragmented). We've had problems
with DSL routers (especially with VPNs). We've had problems with
Kerberos (the UDP packet becomes too large). None of those were
related to the applicationof SP1. But we haven't had problems with
"rpc security" and Outlook clients with W2K3 SP1.

>these communication lost while its travell through vpn on the remote site. i 
>had the same problem with my exchange server i have unistalled the sp1 from 
>my exchange and domain ctrls. its working well. 

Then you've got a problem with the tcpip.sys module. SP1 includes the
same broken code as the original MS05-019 security fix. 

Install the hotfix described in this KB article:
http://support.microsoft.com/kb/898060/

>dont ever appay sp1 or any 
>sps. with out fully confriming it. 

That's good advice, but it's not new advice. :)


-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
0
richnews (7316)
9/14/2005 5:28:33 PM
Thank you all for your responses.  The RPC/SP1 argument is enticing, but I 
forgot to mention that OWA is also crippled at the remote facilities.   KB 
898060 is also interesting, but the symptoms don't quite match.  During the 
problem intervals, I can RDC a computer at the remote site, and from that PC, 
RDC back to headquarters, all with no delays.  Pings are also fine.  We did 
recently tweak the Lsa/Kerberos registry settings, which helped our DC 
replication problems, but didn't do much on the client ends.  Re: MTUs, I 
unfortunately cannot adjust those on the routers I have (Pix firewalls yes, 
3640's, 2610's no) -- also related to the excess VPN baggage point, I can 
mention that I also have GRE tunnels in place, which add their own headers to 
the IPSEC headers.  If something particular to Microsoft Exchange is 
especially sensitive to packet fragmentation, I'd be thrilled to see some 
confirmation of this.

This is a tough problem in that only one application -- Exchange/Outlook -- 
is affected at the remote sites.   And once it goes down, it doesn't come 
back.  If something related to RPC security is involved, and it addresses 
individual client/host connections to the server, then a PC that is kept off 
at a remote site should have no problems connecting with Outlook if it is 
fired up after all the other PCs have gone south -- something to add to the 
list of things to try the next time this happens. 


"Rich Matheisen [MVP]" wrote:

> "Manoj Oommen Muscat 99206988"
> <ManojOommenMuscat99206988@discussions.microsoft.com> wrote:
> 
> >This is an issue with windows 2003 sp1. sp1 has improved security for rpc. 
> 
> Phooey. We run W2K3 SP1 on Exchange servers and have no problems
> related to "improved rpc security".
> 
> We've had problems with VPN's (they all add bits to the packet headers
> tht sometimes cause the packet to be fragmented). We've had problems
> with DSL routers (especially with VPNs). We've had problems with
> Kerberos (the UDP packet becomes too large). None of those were
> related to the applicationof SP1. But we haven't had problems with
> "rpc security" and Outlook clients with W2K3 SP1.
> 
> >these communication lost while its travell through vpn on the remote site. i 
> >had the same problem with my exchange server i have unistalled the sp1 from 
> >my exchange and domain ctrls. its working well. 
> 
> Then you've got a problem with the tcpip.sys module. SP1 includes the
> same broken code as the original MS05-019 security fix. 
> 
> Install the hotfix described in this KB article:
> http://support.microsoft.com/kb/898060/
> 
> >dont ever appay sp1 or any 
> >sps. with out fully confriming it. 
> 
> That's good advice, but it's not new advice. :)
> 
> 
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> 
0
Worfman (3)
9/14/2005 6:29:15 PM
"Worfman" <Worfman@discussions.microsoft.com> wrote:

>Thank you all for your responses.  The RPC/SP1 argument is enticing, but I 
>forgot to mention that OWA is also crippled at the remote facilities.   KB 
>898060 is also interesting, but the symptoms don't quite match.  

I'm sure they don't. But you can apply the hotfix and see if it fixes
the problem. It sure fixed ours, and the problems aren't limited to
just Outlook and Exchange. We had serious problems with LCS, too.
They're all gone.

>During the 
>problem intervals, I can RDC a computer at the remote site, and from that PC, 
>RDC back to headquarters, all with no delays.  

Yup. So could we.

>Pings are also fine.  

Ping is of limited use. It tells you that you're able to establish a
connection. But the protocols are different to what applications use.
You can successfully ping a crashed Windows server, too -- not that it
does youmuch good. :)

>We did 
>recently tweak the Lsa/Kerberos registry settings, which helped our DC 
>replication problems, but didn't do much on the client ends.  

That doesn't tell us much. What did you change?

>Re: MTUs, I 
>unfortunately cannot adjust those on the routers I have (Pix firewalls yes, 
>3640's, 2610's no) -- 

You can still reduce the MTU size at the client and server. But I'd go
for the tcpip.sys update first.

>also related to the excess VPN baggage point, I can 
>mention that I also have GRE tunnels in place, which add their own headers to 
>the IPSEC headers.  If something particular to Microsoft Exchange is 
>especially sensitive to packet fragmentation, I'd be thrilled to see some 
>confirmation of this.

Exchange isn't, but not every router you encounter deals with
fragmented packets correctly. Unless you have a private linw between
the two wendpoints you don't know who you're dealing with.

>This is a tough problem in that only one application -- Exchange/Outlook -- 
>is affected at the remote sites.   

How many others use client/server and RPC's? RPC's are sensitive to
latency and timeouts. NBT isn't (or at least it's a lot less so).

>And once it goes down, it doesn't come 
>back.  

What happens if you disable and then re-enable the NIC? At either
side, but especially at the server.

>If something related to RPC security is involved, and it addresses 
>individual client/host connections to the server, then a PC that is kept off 
>at a remote site should have no problems connecting with Outlook if it is 
>fired up after all the other PCs have gone south -- something to add to the 
>list of things to try the next time this happens. 

I think you've fastened on to the "security" thing becasue it's
something new. I think it's a red herring. But, it's your system and
network. You're responsible for its operation.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
0
richnews (7316)
9/14/2005 8:58:21 PM
I feel the need to chime in here as I too am dealing with this specific issue 
and have the lynch mob at my door.  In the last 2-4 months we have begun a 
widespread rollout of Exchange 2003 upgrades (from 2000) and Cisco VPN router 
deployments (from Watchguard Firebox II/III units).

It seems shortly after receiving their Cisco 1841 Advanced Security router, 
a host of sporadic connectivity problems specific to Outlook (trying to 
connect...), Exchange IM (won't log in, user does not receive a complete list 
of contacts) and internal IIS sites with "Integrated Windows Authentication" 
(regular site navigation shows intermittent "hangs" where IE continues to 
wait for a response) come out of the woodwork for clients accessing these 
services over the VPN tunnel.

Our team already has escalated cases with both Microsoft and Cisco to work 
this ongoing issue.  We too were hit with MS05-19 that completely broke AD 
replication over VPN.  The short term fix was to apply a manual MTU setting 
of 1372 to all domain controllers and Exchange servers across the Enterprise. 
 We are still cleaning up this setting.

Here are a few notes on my progress:

- We are NOT running 2003 SP1 on any systems.
- We have applied the MS05-19 FIXED hotfix to some clients and servers 
(Exchange and DC's) and removed the forced 1372 MTU, but issues persist.
- I have forced Kerberos to use TCP on several clients with no noticeable 
improvements.
- Forcing Outlook to use "NTLM authentication only" seemed to help briefly, 
but problems returned.
- 99% of our remote Outlook clients are in cached-mode.  Connectivity 
problems are not as apparent in non-cached mode but we have not fully tested 
this theory.
- We are forcing an MTU of 1300 on the Cisco VPN routers.  I have adjusted 
this value repeatedly and removed it completely with no change.

I am leaning toward a Cisco cause/solution but there are a lot of variables 
to contend with.  Our open cases and repeated network captures have not 
revealed a definitive cause.  Today, our case with Microsoft involved 
captures between the Outlook client and Exchange server and revealed this:

<begin quote>
Observing right above the first bind in the trace: From the client-side we 
see:

TCP - Syn (Client->Exchange)
TCP - Ack-Syn (Exchange->Client)
TCP - Ack (Client->Exchange)
RPC - Bind UUID A4 . . .
RPC - Bind UUID A4 . . .
RPC - Bind UUID A4 . . .

This appears to be a successful TCP session but the Binds don't receive a 
response.

On the server side we see an entirely different story:

TCP - Syn (Client->Exchange)
TCP - Ack-Syn (Exchange->Client)
TCP - Reset (Client->Exchange)
NO RPC Bind at all

Something between the Client and the server is intercepting (or Modifying) 
the last Ack Packet and replacing it with a Reset.  After this occurs, the 
Routers/Firewalls probably think the packet is out of state and drop the 
subsequent bind attempts.
<end quote>

This all sounds like fragmentation to me but if Kerberos and/or RPC wants to 
use large packets that cannot be fragmented after adding IPsec headers, how 
do you get them over a VPN tunnel at all?


"Worfman" wrote:

> Hello all –
> 
> I have a mob of disenchanted users about to lynch me because of a problem 
> that I cannot get to the bottom of.  I recently migrated Exchange 5.5 to 2K3, 
> consolidating three sites in the process.  Now we have one Exchange Server at 
> headquarters that hosts all mailboxes and public folders.  The problem is 
> with the users at the remote sites.   Approximately every three business 
> days, I have to restart the Exch Srvr, because over the space of a few hours, 
> many users at the remotes sites are unable to connect to it. (“Trying to 
> connect..” in the Outlook status bar).  Only a restart of the Exch Srvr fixes 
> the problem -- not a restart of the Outlook clients, nor of the PCs 
> themselves.    Additionally, users local to the Exch Srvr (same lan) are not 
> affected.  I would suspect a WAN bandwidth problem, but no other applications 
> are affected.  
> 
> All users connect with Outlook 2K3 in cache-mode.  Since there is presumably 
> a lot more traffic being generated (cache mode or not) between our WAN sites, 
> I’ve also had to look at the routers and firewalls involved.  But for the 
> sake of approaching this as an Exchange problem as opposed to a Cisco 
> problem, can I ask if anyone knows anything about Exchange that might explain 
> this behaviour?   Has anyone seen a case where the routers and firewalls have 
> been especially burdened in an Exchange Server 2003 consolidated site 
> configuration?  Maybe with excessive tcp connections that do not time out?  
> (although this and other cisco troubleshooting measures have revealed 
> nothing).  
> 
> If Exchange Server is the problem, it is as though it is accumulating 
> traffic statistics pertaining to slower-link clients, and never clearing it 
> out.  Even if it is a Cisco problem, maybe some Exchange admins have run into 
> this before in cases of consolidated sites.
> 
> Thank you in advance for any ideas.
> 
0
JM (81)
9/14/2005 10:03:03 PM
I haven't digested the situation presented by JM, but wanted to thank Rich M 
for his valuable comments.  Regarding the Lsa/Kerberos settings, what we 
edited was the Local computer/system/current controlset/control/lsa/ 
Kerberos/parameters/maxpacketsize setting to 1300 decimal on all hosts. This 
helpd server replication, but not the current issue.   In any case, i'm going 
to apply the KB898060 hotfix tonight, and will let you know how it goes.  
Thanks again.

"Rich Matheisen [MVP]" wrote:

> "Worfman" <Worfman@discussions.microsoft.com> wrote:
> 
> >Thank you all for your responses.  The RPC/SP1 argument is enticing, but I 
> >forgot to mention that OWA is also crippled at the remote facilities.   KB 
> >898060 is also interesting, but the symptoms don't quite match.  
> 
> I'm sure they don't. But you can apply the hotfix and see if it fixes
> the problem. It sure fixed ours, and the problems aren't limited to
> just Outlook and Exchange. We had serious problems with LCS, too.
> They're all gone.
> 
> >During the 
> >problem intervals, I can RDC a computer at the remote site, and from that PC, 
> >RDC back to headquarters, all with no delays.  
> 
> Yup. So could we.
> 
> >Pings are also fine.  
> 
> Ping is of limited use. It tells you that you're able to establish a
> connection. But the protocols are different to what applications use.
> You can successfully ping a crashed Windows server, too -- not that it
> does youmuch good. :)
> 
> >We did 
> >recently tweak the Lsa/Kerberos registry settings, which helped our DC 
> >replication problems, but didn't do much on the client ends.  
> 
> That doesn't tell us much. What did you change?
> 
> >Re: MTUs, I 
> >unfortunately cannot adjust those on the routers I have (Pix firewalls yes, 
> >3640's, 2610's no) -- 
> 
> You can still reduce the MTU size at the client and server. But I'd go
> for the tcpip.sys update first.
> 
> >also related to the excess VPN baggage point, I can 
> >mention that I also have GRE tunnels in place, which add their own headers to 
> >the IPSEC headers.  If something particular to Microsoft Exchange is 
> >especially sensitive to packet fragmentation, I'd be thrilled to see some 
> >confirmation of this.
> 
> Exchange isn't, but not every router you encounter deals with
> fragmented packets correctly. Unless you have a private linw between
> the two wendpoints you don't know who you're dealing with.
> 
> >This is a tough problem in that only one application -- Exchange/Outlook -- 
> >is affected at the remote sites.   
> 
> How many others use client/server and RPC's? RPC's are sensitive to
> latency and timeouts. NBT isn't (or at least it's a lot less so).
> 
> >And once it goes down, it doesn't come 
> >back.  
> 
> What happens if you disable and then re-enable the NIC? At either
> side, but especially at the server.
> 
> >If something related to RPC security is involved, and it addresses 
> >individual client/host connections to the server, then a PC that is kept off 
> >at a remote site should have no problems connecting with Outlook if it is 
> >fired up after all the other PCs have gone south -- something to add to the 
> >list of things to try the next time this happens. 
> 
> I think you've fastened on to the "security" thing becasue it's
> something new. I think it's a red herring. But, it's your system and
> network. You're responsible for its operation.
> 
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> 
0
Worfman (3)
9/14/2005 11:37:13 PM
"Worfman" <Worfman@discussions.microsoft.com> wrote:

>I haven't digested the situation presented by JM, but wanted to thank Rich M 
>for his valuable comments.  Regarding the Lsa/Kerberos settings, what we 
>edited was the Local computer/system/current controlset/control/lsa/ 
>Kerberos/parameters/maxpacketsize setting to 1300 decimal on all hosts. 

Set it to "1" and force Kerberos to use TCP. :)

>This 
>helpd server replication, but not the current issue.   

What it will help is users trying to authenticate. If they have a
problem with that, and you switch the Outlook security to use NTLM
instead of Kerberos they should be able to authenticate.
unfortunately, there's no way to have Windows Messenger do that. :(

>In any case, i'm going 
>to apply the KB898060 hotfix tonight, and will let you know how it goes.  

The worst that can happen is you'll have to remove the hotfix. The
next worse is that it won;t fix your problem. :)

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
0
richnews (7316)
9/15/2005 3:57:51 AM
Worfman,

I'm not sure if you've had any success with your issue but I wanted to post 
an update with my findings.  Long story short, this ended up being a Cisco 
issue with CBAC (IP inspection) on our 1841 VPN routers -- see bug ID 
CSCsb39237.

I don't have the full nitty-gritty details but in a nutshell the router was 
not properly terminating closed connections.  With the nature of cached-mode 
syncing, connections are continually opened and closed to the Exchange server 
hundreds if not thousdands of times per day.  The more connections that were 
opened, the more there were that didn't get closed properly.  Eventually the 
router would start sending out TCP RST packets in an attempt to get 
connections to close but still would not flush them out of its internal 
database.  This may explain why non cached-mode clients aren't affected (as 
much), since they maintain a connection once established.

This bug is relatively new but likely affects anyone running CBAC/IP 
Inspection.  I have received a new IOS from Cisco that I will be testing 
tonight.  If you're using CBAC, you can verify this problem by doing a "show 
ip inspect statistics".  If it's the cause, you'll see an usually high "Last 
half-open sessions total" (around 5000 or more) and have a message at the 
bottom that says "Half-open session count or session creation rate exceeded". 
 You can then run some debugs on CBAC and verify it's throwing out TCP resets 
(tcp flag 0x4) all over the place.  Restarting the router temporarily 
resolves the issue until the connection count goes over 500 (or whatever you 
set the max to).

I'm applying the new IOS to one site tonight with high hopes I can put this 
issue to rest.  Let me know if you have any luck with your mob.


"JM" wrote:

> I feel the need to chime in here as I too am dealing with this specific issue 
> and have the lynch mob at my door.  In the last 2-4 months we have begun a 
> widespread rollout of Exchange 2003 upgrades (from 2000) and Cisco VPN router 
> deployments (from Watchguard Firebox II/III units).
> 
> It seems shortly after receiving their Cisco 1841 Advanced Security router, 
> a host of sporadic connectivity problems specific to Outlook (trying to 
> connect...), Exchange IM (won't log in, user does not receive a complete list 
> of contacts) and internal IIS sites with "Integrated Windows Authentication" 
> (regular site navigation shows intermittent "hangs" where IE continues to 
> wait for a response) come out of the woodwork for clients accessing these 
> services over the VPN tunnel.
> 
> Our team already has escalated cases with both Microsoft and Cisco to work 
> this ongoing issue.  We too were hit with MS05-19 that completely broke AD 
> replication over VPN.  The short term fix was to apply a manual MTU setting 
> of 1372 to all domain controllers and Exchange servers across the Enterprise. 
>  We are still cleaning up this setting.
> 
> Here are a few notes on my progress:
> 
> - We are NOT running 2003 SP1 on any systems.
> - We have applied the MS05-19 FIXED hotfix to some clients and servers 
> (Exchange and DC's) and removed the forced 1372 MTU, but issues persist.
> - I have forced Kerberos to use TCP on several clients with no noticeable 
> improvements.
> - Forcing Outlook to use "NTLM authentication only" seemed to help briefly, 
> but problems returned.
> - 99% of our remote Outlook clients are in cached-mode.  Connectivity 
> problems are not as apparent in non-cached mode but we have not fully tested 
> this theory.
> - We are forcing an MTU of 1300 on the Cisco VPN routers.  I have adjusted 
> this value repeatedly and removed it completely with no change.
> 
> I am leaning toward a Cisco cause/solution but there are a lot of variables 
> to contend with.  Our open cases and repeated network captures have not 
> revealed a definitive cause.  Today, our case with Microsoft involved 
> captures between the Outlook client and Exchange server and revealed this:
> 
> <begin quote>
> Observing right above the first bind in the trace: From the client-side we 
> see:
> 
> TCP - Syn (Client->Exchange)
> TCP - Ack-Syn (Exchange->Client)
> TCP - Ack (Client->Exchange)
> RPC - Bind UUID A4 . . .
> RPC - Bind UUID A4 . . .
> RPC - Bind UUID A4 . . .
> 
> This appears to be a successful TCP session but the Binds don't receive a 
> response.
> 
> On the server side we see an entirely different story:
> 
> TCP - Syn (Client->Exchange)
> TCP - Ack-Syn (Exchange->Client)
> TCP - Reset (Client->Exchange)
> NO RPC Bind at all
> 
> Something between the Client and the server is intercepting (or Modifying) 
> the last Ack Packet and replacing it with a Reset.  After this occurs, the 
> Routers/Firewalls probably think the packet is out of state and drop the 
> subsequent bind attempts.
> <end quote>
> 
> This all sounds like fragmentation to me but if Kerberos and/or RPC wants to 
> use large packets that cannot be fragmented after adding IPsec headers, how 
> do you get them over a VPN tunnel at all?
> 
> 
> "Worfman" wrote:
> 
> > Hello all –
> > 
> > I have a mob of disenchanted users about to lynch me because of a problem 
> > that I cannot get to the bottom of.  I recently migrated Exchange 5.5 to 2K3, 
> > consolidating three sites in the process.  Now we have one Exchange Server at 
> > headquarters that hosts all mailboxes and public folders.  The problem is 
> > with the users at the remote sites.   Approximately every three business 
> > days, I have to restart the Exch Srvr, because over the space of a few hours, 
> > many users at the remotes sites are unable to connect to it. (“Trying to 
> > connect..” in the Outlook status bar).  Only a restart of the Exch Srvr fixes 
> > the problem -- not a restart of the Outlook clients, nor of the PCs 
> > themselves.    Additionally, users local to the Exch Srvr (same lan) are not 
> > affected.  I would suspect a WAN bandwidth problem, but no other applications 
> > are affected.  
> > 
> > All users connect with Outlook 2K3 in cache-mode.  Since there is presumably 
> > a lot more traffic being generated (cache mode or not) between our WAN sites, 
> > I’ve also had to look at the routers and firewalls involved.  But for the 
> > sake of approaching this as an Exchange problem as opposed to a Cisco 
> > problem, can I ask if anyone knows anything about Exchange that might explain 
> > this behaviour?   Has anyone seen a case where the routers and firewalls have 
> > been especially burdened in an Exchange Server 2003 consolidated site 
> > configuration?  Maybe with excessive tcp connections that do not time out?  
> > (although this and other cisco troubleshooting measures have revealed 
> > nothing).  
> > 
> > If Exchange Server is the problem, it is as though it is accumulating 
> > traffic statistics pertaining to slower-link clients, and never clearing it 
> > out.  Even if it is a Cisco problem, maybe some Exchange admins have run into 
> > this before in cases of consolidated sites.
> > 
> > Thank you in advance for any ideas.
> > 
0
JM (81)
9/19/2005 8:59:01 PM
Reply:

Similar Artilces:

Need Help w/ Code
I have a routine that uses the name of the workbook to create a new workbook for the current month. It has worked perfectly through the year til now. Maybe it has something to do with the change of the year? Old workbook name = JOHN REPORT Nov 04 - WB w/macro to create new WB New workbook name should be = JOHN REPORT Dec 04 Actual name the routine creates now is = JOHN REPORT 04 - with no month. The code is: tmpName = Left(ActiveWorkbook.Name, Len(ActiveWorkbook.Name) - 10) Select Case Month(Now()) - 1 Case 1 tmpMonth = "Jan " Case 2 tmpMonth = &q...

Cannot see all messages in users mailbox
Environment: New install of SBS2003 Use POP3 Connector to retreive users email Have 2 separate Internet domains, each user uses one or the other (i.e. abc.com or xyz.com) Have set up recipient policy to set the SMTP address for users that use xyz.com, others use default policy Problem occurs using OWA or Outlook 2003, same results for both Users using abc.com receive and can see mail sent from Internet fine using Outlook. The problem is that user set up for xyz.com cannot see messages originating from Internet to user@xyz.com. Any mail sent internally from another Exchange mailbox to this...

Frequent log entries, event 9175 and 8197
Hello! I have just deployed a fresh Exchange 2003 installation on an equally fresh Windows Server 2003. I have the following problems: 1. OWA and Outlook works, but it is impossible to add new meeting items via OWA. 2. The event log is filled with event 9175. This gets logged once a minute: ------------------------- The MAPI call 'OpenMsgStore' failed with the following error: The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance. The MAPI provider failed. Microsoft Exchange Serv...

User Logon
Is it possible to determine the last time a user accessed his/her mailbox without having to write code? Greg Griffis Can just look at the Mailboxes view for a store in ESM and sort by last access time. -- --Brian Desmond Windows Server MVP desmondb@payton.cps.k12.il.us www.briandesmond.com "Greg Griffis" <GregGriffis@discussions.microsoft.com> wrote in message news:9181E98F-3195-44C1-BD6A-C767C1DF7388@microsoft.com... > Is it possible to determine the last time a user accessed his/her mailbox > without having to write code? > > Greg Griffis ...

Where are frequent flyer accounts?
I recently moved to a new machine and took my Money file with me. In account list, frequent flyer accounts use to show up at the bottom. They aren't there anymore. Is there an option to get them back? Using MS Money Plus Deluxe. ...

HELP!! Accidently saved file... need to recover first one!! :(
OK... so I had excel file open and did something I shouldn't have... then like an idiot, I hit save and closed excel... DOH I screwed up... is there any way to locate the document in the guts of my computer prior to having saved over it? Is there an archive of some sort that I can recover my good document prior to having saved over it? Please please please? Thanks Sorry, but without a backup It's likely gone. If you are at work and it was on a network drive and they back up like they should, then ask them to get you a copy. -- Regards Ken........................

NEED HELP ASAP!!! PLEASE
Hi all,... I get this msg when I try to log in to the store Administrator, or if I try to backup database,....:: DATA SOURCE NAME NOT FOUND AND NO DEFAULT DRIVER SPECIFIED.. anyone got an idea what has happened,..... been working just fine in the past,... thanks Arve ...

IIS Restarting and POP3 and IMAP4 Services....
Problem: The IIS, SMTP, POP3 and WWW services crash frequently on the Exchange with Symantec Antivirus servers and they took Exchange down. This happens with a frequency of once or twice an hour - or maybe more. Resolution: This issue is caused due to the Symantec Brightmail 5. The recommended workaround is to modify brightmail to no longer use the rulesets that are causing the issue. Please Call Symantec to resolve this issue. Here is what they will probably tell you - to modify the bmiconfig.xml file. To modify bmiconfig.xml to work around the issue: Open the services menu by goin...

Question about User Form Window Size on Chip Petersons Site
I have a User Form that I need to adjust to fit the users computer. So far I not found anyway to get the User Form Window to Adjust. I can adjust the User Form sixe, but the Main Window the Form located is in is still bigger than the Screen. I saw on Chip Petersons site exactly what I need. His code allows complete control over the User Form just as if it was a regular window. Can anyone help me with this code? http://www.cpearson.com/Excel/formcontrol.aspx There are various ways, this is probably the easiest although it may hide the task bar Private Declare Function Se...

HELP NEEDED!! Link cells between worksheets
Hi , I have a workbook contains 1+50 worksheet, I want to link each sheet number to sheet one, besides manually change the sheet # in the formula =SUM('sheet02'!$H$16:$H$21,'sheet02'!$H$26) =SUM('sheet03'!$H$16:$H$21,'sheet03'!$H$26) =SUM('sheet04'!$H$16:$H$21,'sheet04'!$H$26) =SUM('sheet05'!$H$16:$H$21,'sheet05'!$H$26) ..... to sheet 50... Can someone help me to automatic it in anyway? Thank you very much!!!! Nicole Try this... =SUM(INDIRECT("'Sheet"&TEXT(ROWS(A$1:A2),"00")&am...

Determining if user has "write/save" permissions
Hello All! I am using Excel 2000 and I have a question. I have a program (Delphi) which makes a call that executes an excel macro. The macro does nothing more than change the value of the "zooming/scaling" value from whatever it is to 100%. For some users, who don't have WRITE/SAVE access to the directory where the .xls files live, the newly modified .xls file gets saved into the "My Documents" folder instead of the network drive where the .xls originally was opened. My question is, is there a way to determine if a user has the "proper rights" for...

Formulae needed
Hi I have colmn A with 100 chassis numbers and Colmn B with 85 chassis numbers, Column B is 15 chassis numbers short of column A ( all column B hassis numbers are in column A as well ), is there a formulae I can use to extract these 15 chassis numbers from "A" Graham, In column C, use a formula like this (entered in C2) =ISERROR(MATCH(A2,B:B,FALSE)) and copy down, then sort or filter on column C and select the values in A where the value in C is TRUE. HTH, Bernie MS Excel MVP "Graham" <Graham@discussions.microsoft.com> wrote in message news:B1253D76-7628-44...

BCC all outgoing mail to a user
Hi, I am wondering if Exchange could do the following: I got USER A which announced that he is quiting. I want all the mail sent from USER A to be automatically FWD also to another USER without USER A knowing anything about it. Is there a way to do this? I am currently using Excahnge 2000 w/ Windows 2000 AD G. you could write a script sink. Stefan "George Spiro" <spam@spam.com> wrote in message news:%23YVsHuU2EHA.2316@TK2MSFTNGP15.phx.gbl... > Hi, > > I am wondering if Exchange could do the following: > > I got USER A which announced that he is quiting...

sharing contact list between 2 users on the same computer
My wife and I have seperate accounts set up in XP. We also have seperate email accounts. However, we want to access the same contact lists. How do we do it? The following article describes just such a scenario and tells you how to set it up: http://www.slipstick.com/outlook/olshare1.htm -- Jocelyn Fiorello MVP - Outlook *** Messages sent to my e-mail address will NOT be answered -- please reply only to the newsgroup to preserve the message thread. *** In news:48FAD817-7A63-416E-A704-991265B319CC@microsoft.com, the other half wrote: > My wife and I have seperate accounts set up in...

outlook keeps restarting
Hello all of a sudden my outlook 2003 version keeps crashing ,with the "sorry for the inconvenience etc etc " an error has occurred,then asking me to restart outlook. i have noticed Blank Emails in my inbox about 5KB each ,and every time i try to send/recieve it crashes . no, i have not clicked on these emails ,i have run norton anti virus and nothing detectedcan anyone please help. thankyou Regards -- Alan Hello sorry for the lack of information. ok, when i start outlook 2003 and try to recieve messages, i get : Microsoft Office outlook. Microsoft Office Outlook has encounter...

How can I remotely list Cluster groups/owners
I would like to be able to list the cluster groups/owners for a remote cluster. Can anybody help? Many Thanks, =Adrian= Look back to March 2nd in this group for the thread "Windows 2008 - Cluster Commands via Powershell". WMI is one option, there are others like using WinRM: http://www.windowsnetworking.com/articles_tutorials/How-Windows-Server-2008-WinRM-WinRS.html If you're using PowerShell version 2 on both ends, then you also have "PowerShell remoting" that you can use. Marco "Adrian" <Adrian@discussions.microsoft.com> wr...

need more columns
Have used up all columns and need about 60 more can I add then and how or do I need to look at redesigning, can't rotate work as again still not enought columns Hi yes, re-designing is the only way in Excel. 256 columns is the maximum -- Regards Frank Kabel Frankfurt, Germany "Herm" <Herm@discussions.microsoft.com> schrieb im Newsbeitrag news:38BA2BA7-3CC6-4E35-B48B-42839A15C3E9@microsoft.com... > Have used up all columns and need about 60 more can I add then and how or do > I need to look at redesigning, can't rotate work as again still not enought > colu...

Need SQL Statement to Re-open Closed Workorder w/ deposit
We have a closed work order with a Deposit amount that was not refunded (due to MS RMS "account tender" problem). I would really appreciate an SQL statement that would reopen the work order (unless MS RMS provided a way to do this action) So that we can refund the deposit. Our (work order number is 236) (customer account number 000456) DDowningMO -- RMS 1.3, MSDE 3 Lanes, 5 Back Office Clients XP sp2 Server 2003 sp1 Domain Static IP DD, UPDATE [Order] SET Closed = 0 WHERE Id = 236 Backup first!! -- = Get Secure! - www.microsoft.com/security You must be using Outlook Ex...

I need help with charts!
I am trying to create a column chart on Excel displaying Years VS. $ in Billions. The problem is that I only want one column which will display the amount in Billions. I want the columns to be labeled by year on the horizontal axis. For example: Years $ in billions 1990 200 1991 215 1992 220 1993 450 1994 520 When I select the range to be graphed, I highlight both columns but then I get to columns and on the horizontal axis its labled 1,2,3,4 etc. instead of the years....how do I make it so it graphs the amount in Billions but it labels the correct year underneath? Do...

Registering of a domain user as a user in CRM with name@DNSname
is it possible, to enter the user name not in the pre-Windows 2000 form? I get an error if I try this. Could it be a problem, if in the customer environment the use of pre-Windows 2000 names is restricted? Thanks in advance ------=_NextPart_0001_697491F2 Content-Type: text/plain Content-Transfer-Encoding: 7bit Hi There~ Do you mean as in adding a new CRM user? If so, you will need to enter the name as domain\username. Otherwise, if you are not able to do this use the deployment manager to add new users. This would let you get around having to add users as username@domain.local. Regards...

DPM 2007/2010 Deleting User Profiles
Ive been having some issues with the install of both DPM2007 & DPM2010RC. In both cases when installed on a windows server 2008 (clean) (tried 3 different servers) it deletes all data from the c:\users directory including the currently logged on user (except for locked files). Annoying as this is the main problem is that it breaks SQL reporting services, which throws an error about the symmetric key not being able to be decoded. Has anyone else experienced this? Cheers Zak Can you please give some more details like which DPM operation caused deleting the C:\user...

Vista Mail frequently blocks when deleting mail items
When deleting mail items from my various folders Mail frequently blocks. Closing and restarting mail sometimes works, but often I need to close the Winmail process (process manager) and then restart. Is there a solution to this? -- JeanDanc Make sure you have installed Vista's SP1 and SP2 updates. If the problem continues, try running the various repair functions in=20 the WMUtil program: http://www.oehelp.com/WMUtil If still no improvement, upgrade to Windows Live Mail: http://download.live.com/wlmail=20 =20 --=20 Gary VanderMolen, Microsoft MVP (Mail) Microsoft MVP pro...

Need report to show only longest of 2 periods
Greetings, I'll try to explain this as best I can; please lt me know if you need more info. My report needs to show how many Clients were served in a given month, based on which Contract they are under. Pretty simple so far. The query takes care of that, and I have the report totaling by Contract in the Group Footer {Text box with the ControlSource "=[ContractCount]"}, and the total of all in the Report Footer {Text box with the ControlSource "=Count(*)"}. My test month (May) showed 30 Clients Served under ContractA 15 Clients Served under ContractB. 45 total The ...

laptop disconnects frequently
I have a customer SBS 2003 Standard setup with 10 users. One user on a laptop is constantly being disconnected from the network for about 30 seconds to a few minutes then reconnects. I have changed cables, tried wireless, tried different locations using different cables, switched ports on the switch and even formatted and reloaded the system and still he is getting disconnected. It was good for about a day after I switched ports on the 16-port switch but that was it. Sometimes he receives a message saying that this computer is trying to use the same IP as another device on th...

Min/Max need help
Im trying to put a formula in CL4 for min hours for CJ5:CJ65 & if <=0 have zero value ALSO in CM4 FOR max HOURS for CJ5:CJ65 For the MIN: Array entered** : =MIN(IF(CJ5:CJ65>0,CJ5:CJ65)) ** array formulas need to be entered using the key combination of CTRL,SHIFT,ENTER (not just ENTER). Hold down both the CTRL key and the SHIFT key then hit ENTER. For the MAX: =MAX(CJ5:CJ65) -- Biff Microsoft Excel MVP "Mike" <Mike@discussions.microsoft.com> wrote in message news:CABEFB94-1803-4BE3-AC79-1849BD763D7F@microsoft.com... > Im trying...