slow connection to exchange server...what should I check?

[mcveigh]

on my computer mainly, although I get a it a few othertimes.

I get the message that outlook is connecting to to the exchange server with a progress bar dialog. other times when starting up outlook I am told the exchange server is unavailable. when I click "try again" it connects but slowly and with the progress bar dialog mentioned first.

after a few minutes it works fine.

this is a very small office, 9 users the exchange server does file serving as well. it is not a external mail server at all.
everythign is on a switched 100Mbs network.

I am unsure as to why these connection errors are happening.

 

[Garion]

Sounds like DNS to me.. Try to add an entry to your lcoal hosts file to see if that works, temporarily. That might help narrow it down.

- G

 

[mcveigh]

Originally posted by: Garion
Sounds like DNS to me.. Try to add an entry to your lcoal hosts file to see if that works, temporarily. That might help narrow it down.

- G

I'll try that. is there anything I can monitor? or would logs reveal anything to me? (I've already searched the logs but haven't seen anythign that catches my eye.)

thanks!

 

[vi edit]

Are the machines set up peer to peer or are they actually trying to log into a domain?

Peer to peer they can still access the exchange box, but sometimes it's really laggy. Actually putting them on the domain helps resolve that.

 

[mcveigh]

Originally posted by: vi_edit
Are the machines set up peer to peer or are they actually trying to log into a domain?

Peer to peer they can still access the exchange box, but sometimes it's really laggy. Actually putting them on the domain helps resolve that.

well I set it up so they don't log into the domain.
they are memebers of the domain but I don't have them log into it (am I saying this right?)
it took to long for logons.

actually my pc is only in the workgroup, as I use mine for testing

 

[Daniel]

Not really following you on the domain login taking too long, huge roaming profiles or something?

Also I've seen some of the problem you are talking about with exchange when the user has giant attachments in their mailbox and it takes a long time dragging them down the network.

 

[mcveigh]

Originally posted by: Daniel
Not really following you on the domain login taking too long, huge roaming profiles or something?

Also I've seen some of the problem you are talking about with exchange when the user has giant attachments in their mailbox and it takes a long time dragging them down the network.

I just hate roaming profiles, I've seen them get very large and take forever to load up. the users here never switch PC's so it's ok.

 

[Saltin]

well I set it up so they don't log into the domain.

That is your problem right there, sir. If you aren't logging into the domain, your machines/user accounts arent participating in the proper security context, hence your issues.

Let's look at this properly.

Exchange 2000 requires an Active Directory, and hence a domain environment. Clients require access to the Global catalog in order to log onto Exchange sucessfully. If you don't log into the domain, your access to the Global Catalog is very limited.
What's more is, your clients need to be able to actually find the Global Catalog. They use DNS for this. If your DNS is pooched, or you arent pointing your clients to the in house DNS that supports your Active Directory, you will see all sorts of delays and failures.

Ensure that all your clients are using the in house DNS server as thier primary. Don't configure ANY external DNS servers in the TCP/IP properties. Set your in house DNS server to forward to your ISP's DNS servers.

Finally, check the health of your DNS server. Under your primary lookup zone, there should be four folders (automatically created) _tcp, _udp, _msdcs, _sites. If those four folders arent there, then your DC has failed to automatically register its SRV records in DNS. Things like Global Catalog, LDAP, Kerberos services need to be registered there. If those four folders arent there, post back and say so.

Improper DNS would also explain the long logon times you experience when you attempt to logon to the domain (clients unable to locate Global Catalog and Kerberos Service)
Lets get it fixed.

 

[mcveigh]

Originally posted by: Saltin

well I set it up so they don't log into the domain.

That is your problem right there, sir. If you aren't logging into the domain, your machines/user accounts arent participating in the proper security context, hence your issues.

Let's look at this properly.

Exchange 2000 requires an Active Directory, and hence a domain environment. Clients require access to the Global catalog in order to log onto Exchange sucessfully. If you don't log into the domain, your access to the Global Catalog is very limited.
What's more is, your clients need to be able to actually find the Global Catalog. They use DNS for this. If your DNS is pooched, or you arent pointing your clients to the in house DNS that supports your Active Directory, you will see all sorts of delays and failures.

Ensure that all your clients are using the in house DNS server as thier primary. Don't configure ANY external DNS servers in the TCP/IP properties. Set your in house DNS server to forward to your ISP's DNS servers.

Finally, check the health of your DNS server. Under your primary lookup zone, there should be four folders (automatically created) _tcp, _udp, _msdcs, _sites. If those four folders arent there, then your DC has failed to automatically register its SRV records in DNS. Things like Global Catalog, LDAP, Kerberos services need to be registered there. If those four folders arent there, post back and say so.

Improper DNS would also explain the long logon times you experience when you attempt to logon to the domain (clients unable to locate Global Catalog and Kerberos Service)
Lets get it fixed.

thanks you for that detailed explanation. that might explain why I get some dns errors it doesn't seem to like having dynamic dns as the domain server.

quick question. how can I have people log into the domain w/o having a roaming profile?

 

[Santa]

Sounds like you need some consultant help.

If you don't really have a grasp on how you need to get someone authenticated to a Windows 2000 Active Directory Domain and you are trying to also run Exchange 2000 which is Active Directory intergrated you are in serious problems.

Who set up this mess you call a network?

I would hire someone to come in and assest what needs to be done before you proceed or you could turn your slow access times to no access times.

Biggest thing you will need is to know which server is hosting your AD and which servers are housing which rolls.

Don't worry about roaming profiles.. if you don't want them fine it won't make a difference. Roaming profiles are just for convienence, nothing to do with functionality of domain authentication.

 

[mcveigh]

Originally posted by: Santa
Sounds like you need some consultant help.

If you don't really have a grasp on how you need to get someone authenticated to a Windows 2000 Active Directory Domain and you are trying to also run Exchange 2000 which is Active Directory intergrated you are in serious problems.

Who set up this mess you call a network?

I would hire someone to come in and assest what needs to be done before you proceed or you could turn your slow access times to no access times.

Biggest thing you will need is to know which server is hosting your AD and which servers are housing which rolls.

Don't worry about roaming profiles.. if you don't want them fine it won't make a difference. Roaming profiles are just for convienence, nothing to do with functionality of domain authentication.

I've been trying to for a year :| everyone I find either doesn't know their stuff, or never follows up with me. seriously, I've found a few people to do it, talk to them they say they'll get bak to me. then they dissapear, guess my money is no good. so I'm stuck stumbiling through it.

 

[Garion]

That is your problem right there, sir. If you aren't logging into the domain, your machines/user accounts arent participating in the proper security context, hence your issues.

Not necessarily true. At work, my machine isn't in the domain (too many restrictive GPO's for my taste) and I have no problems using Exchange - I simply have to authenticate with my user/pass/domain each time I launch Exchange.

If you go a DOS prompt and ping your exchange server using the exact server name that's in the mail profile does it respond quickly? Is there a delay before it starts to ping?

- G

 

[Saltin]

Of course, Garion.

I was speaking in a general sense. If an AD is present, one might as well take advantage of Kerberos and single sign on, avoiding the need to transport NT logon credentials to the Exchange server each time you want to access it.

 

[Santa]

Try going to the exchange server and running netmon (windows low level protocal analysis tool) capture some packets and try to make heads or tails of it.

Perhaps post some to us and we may be able to help.

Sorry but slow downs that don't result in a non-connections are harder to track down since it is intermittently working so it takes more than just a symptom to nail it down.

If you do get someone in try to get someone that knows how to use a sniffer for that may be a quick way to pin point your problems and let you know where to go to fix it.

g'luck