Question : Exchange 2003 Connection Issues

We have a customer who has their own domain controller in their office, and a virtual machine in our data center that runs Microsoft Exchange for them. Our DC is VPN'ed to their office, by two Juniper firewalls, for a constant connection.

Recently, the customer has been having issues where their Outlook will fall to a Disconnected mode randomly, and after a few minutes will return to Connected. This repeats many times throughout the past couple days, losing connection and regaining them.

I have been looking through the event viewer on both their domain controller in their office, and the Exchange virtual machine in our data center, and have seen a repeating Errors relating to Exchange on the Exchange virtual machine in our data center.

Here are some of the repeating Exchange errors:

6:00am: MSExchangeAL - Service Control - Could not read the root entry on directory 'server.paoc.local'. Cannot access configuration information. DC=paoc,DC=local

6:36am: MSExchangeTransport - SMTP Protocol - An error occurred while loading Microsoft Exchange Intelligent Message Filter. The error code is 0x80004002.

7:04am; MSExchangeTransport - NDR - A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;[email protected] (Message-ID <01c7f090$221e33b0$3ce680c3@baldingpvxt>).
Cause: This indicates a permanent failure. Possible causes : 1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail. 2)Domain Name Server (DNS) returned an authoritative host not found for the domain. 3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector, consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.

7:38am - MSExchangeTransport - SMTP Protocol - An error occurred while loading Microsoft Exchange Intelligent Message Filter. The error code is 0x80004002.

8:45am - MSExchangeDSAccess - Topology - Process MAD.EXE (PID=1472). All Global Catalog Servers in use are not responding:
server.paoc.local

Answer : Exchange 2003 Connection Issues

First on the DC, the DNS record for the Exchange server should resolve to it's internal ip address in order for Active Directory communication to occur. This means that you have to ensure that you have an open connection between both subnets:

Exchange Server (192.168.2.5/24) ---- (192.168.2.1/24) Gateway/VPN Endpoint (66.124.49.23/30) ---- Internet ---- (66.124.49.123/30) Gateway/VPN Endpoint (192.168.20.1/24) ---- DC for poac.local (192.168.20.5/24)

In the above map there would be an Endpoint-to-Endpoint connection between both VPN routers. This will, in essence, join the two subnets. Your network traffic should then flow normally between both networks, but as the routers are only capable of routing for their subnet (192.168.2.1/24 = IP: 192.168.2.1 with a SM: 255.255.255.0) then the clients on each side will only be able to talk to the router initially. This is where your DNS and WINS servers becomes ever so important.

So putting it all together, and using the above map, you would want something like the following:

Exchange Server -
Network Connection Settings: IP: 192.168.2.5; SM: 255.255.255.0; GW: 192.168.2.1; DNS1: 192.168.20.5; DNS2: (ISP DNS Server 1); DNS3: (ISP DNS Server 2); WINS: 192.168.20.5

Exchange VPN Endpoint Router -
LAN Connection: IP: 192.168.2.1; SM: 255.255.255.0
WAN Connection: ISP Assigned IP, SM and GW; DNS1: 192.168.20.5; DNS2: (ISP DNS Server 1); DNS3: (ISP DNS Server 2); WINS: 192.168.20.5
Established VPN Connection required...

POAC.LOCAL VPN Endpoint Router -
LAN Connection: IP: 192.168.20.1; SM: 255.255.255.0
WAN Connection: ISP Assigned IP, SM and GW; DNS1: 192.168.20.5; DNS2: (ISP DNS Server 1); DNS3: (ISP DNS Server 2); WINS: 192.168.20.5
Established VPN Connection required...

POAC.LOCAL DC -
Network Connection Settings: IP: 192.168.20.5; SM: 255.255.255.0; GW: 192.168.20.1; DNS1: 192.168.20.5; DNS2: (ISP DNS Server 1); DNS3: (ISP DNS Server 2); WINS: 192.168.20.5
DNS Server Settings:
POAC.LOCAL (Forward Lookup Zone)
(same as parent folder)      WINS Lookup             [192.168.2.5]
(same as parent folder)      Name Server (NS)             NT1.POAC.LOCAL
MAIL1                  Host (A)                  192.168.2.5
NT1                  Host (A)                  192.168.20.5

192.168.2.x Subnet (Reverse Lookup Zone)
(same as parent folder)      WINS Reverse Lookup (WINS-R)      [192.168.2.5]
(same as parent folder)      Name Server (NS)                   NT1.POAC.LOCAL
192.168.2.5            Pointer (PTR)                  MAIL1.POAC.LOCAL

192.168.20.x Subnet (Reverse Lookup Zone)
(same as parent folder)      WINS Reverse Lookup (WINS-R)      [192.168.2.5]
(same as parent folder)      Name Server (NS)                   NT1.POAC.LOCAL
192.168.20.5            Pointer (PTR)                  NT1.POAC.LOCAL

HTH,

-saige-

Random Solutions

How can I resolve a conflict with dueling IP addresses for our website?

Remote PC (xp) joins domain - how do I cache domain credentials for user before logging in again?

Lotus Domino 702 - I-Notes - HTTP - Set I-Notes Username/Password Logon

Mac os does not connect to a windows 2003 domain controller server

Can't see Personal Network Drive on VPN Connection

Call Manager 4.2.3(sr1) adding a 7970 give error "url too long "

Windows Script Hosting - Loading your settings failed (Access is denied). Error during login.

Mail get stuck in the outbox of outlook express/

Asterisk: Installing a 2 fxo digium Card

AOL Hell, trying to connect via D-Link Router