Hi, I use a VPN to connect to an MS Exchange Server using Outlook 2007. I have been doing this from multiple computers (two laptops and two desktops) over multiple types of connections (public wifi, AT&T home, research institution intranet) for the past few months. I moved and decided to go with Comcast for internet and cable instead of AT&T. Although the internet is really fast and I have access to all other services I am used to, I am now not able to connect to the Exchange Server from my Comcast home service. I am able to connect as I have been able to from any other connection. Strangely, if disable my computer's wired lan interface and use my iPhone (which is accessing the wireless router using the comcast connection) to tether the desktop, I am able to connect to the Exchange Server. It is a work around but a real pain.
There is definitely something wrong with the Comcast connection that is blocking native connectivity to the Exchange Server over the VPN. I would hate to have to split my services.
Can you help me to understand what is happening and how to fix it?
I use MS VPN client, XP Professional and Outlook 2007 and it is configured to connect natively for the full functionality of Outlook... (shared public folder, global address book, calendaring, etc) Using the connection wizard I only need to specificy the name of the server and the user and it locates the mailbox right away. I do not want to just use POP3/SMTP but need to have the full functionality of Outlook/Exchange. This configuration works on every other type of internet connection I've tried.
Thanks for the link James. I doubt if Comcast has flagged the account as spam as connecting with the Microsoft Exchange Server has not worked from the instant activated Comcast service a week ago. Hardly enough time to be seen as a trouble maker.. Still.. stranger things have happened.
I've read the information at the link and it applies to people who want to use Outlook as a 'standalone' program for sending and receiving email only from Comcast's mail servers, not for working with MIcrosoft Exchange Server or another email server somewhere else on the internet.
Definitely keep the suggestions coming though. Do any Comcast representatives help here in their support forum?
I have customers using a Hosted Exchange server and uses Outlook 2007 and 2010 direct to the Exchange server without issue on Comcast. There are special settings in Outlook that use "Connect to my Exchange Mailbox using HTTP" and both "on slow networks" and "on fast networks" need to be selected, and you will need to know the url for the exchange proxy server. I have step by step for this setup, but you need specific instructions for your exchange hosting provider. I know it works on Comcast.
First thing you need to do, is make sure you can access your exchange email box using outlook web access. If you can access OWA, then you should be able to configure your Outlook client to access your exchange box, as long as the server does face the internet, and not inside a typical Corp LAN like most exchange mail is setup. Your exchange mail hosting provider should be able to have FAQ's on the exact settings for your service.
As far as outside POP mail using Outlook, that works fine with Comcast, once everything is configured. I pull down 15 POP email accounts from a hosting provider that is not Comcast with Outlook 2010.
If you're using a VPN to connect to your company network, Comcast shouldn't be able to see the content of any of the traffic. When you have trouble connecting to the Exchange server, can you still connect to your company's intranet web servers?
I do have access to OWA. I tried the settings described to connect to MSE over HTTP using Outlook 2007 and it doesn't work. At this point, I would think that the server may need to be configured to support Outlook over HTTP (Outlook Anywhere) and will need to check with the network admins to find out what might need to be done to enable it.
That people can use Comcast to connect to Exchange Server over HTTP does not answer the *main* question as to why I can't connect to Exchange Server in "native mode" through Comcast while I am able to do so through every other connection (and even Comcast's connection through a tethered iPhone using wifi to access the comcast connection)...
I've read some comments about previous policies of Comcast to block native exchange connections as a stop gap measure to prevent viruses from propating. It was quite a while ago but perhaps Comcast is still blocking those ports?
Anyways.. thanks for the help. I'll get Exchange access by Outlook somehow!
Our company doesn't have an intranet web server (unless OWA counts and it is accessible internally as well as externally), but I'm able to bring up shared folders and drives using the VPN even though I'm having trouble connecting to Exchange.
That is what is strange is that the VPN connects, the IP address for the network interface gets assigned and folders are visible, yet Exchange is unable to connect. Again, I have no trouble connecting via other methods of accessing the internet. Very strange...
First of all, I'm not aware of Comcast blocking anything related to Exchange (which I believe just uses extensions to the IMAP protocol). But even if they did, it can't affect connections going through a VPN. The whole point of a VPN is that it encrypts everything, so even the ISP can't tell what it's doing.
It sounds to me like Outlook is somehow bypassing the VPN. I'm not sure why it would do this at home, but not at public wifi hotspots.
If the user is using the stock Microsoft VPN, it defaults to passing ALL data through the VPN, even regular web browsing and similar. That should make everything basically invisible to Comcast unless Comcast is using a man-in-the-middle proxy when it detcts VPN's, which I strongly doubt.
I would like to clarify a bit though as you may have misunderstood, connecting to Exchange Server through the VPN works for all connection types, not just public wifi. I have wired connections through AT&T as well as wired connections from my research institute that I work at where there is no problem. Connecting through public wifi was just one example of a connection where access the Exchange Server works, as it has for months before switching to Comcast.
If Comcast *isn't* blocking anything, why does it work for EVERY other type of connection? (again, I also emphasize that it even works for the Comcast connection as long as I'm accessing the internet through my tethered iPhone that is using the Comcast connection through my home wifi). Logic dictates that even if Comcast isn't "blocking" anything, it IS handling the connection through the VPN to the Exchange Server differently than non-Comcast providers or the connection through the tethered iPhone. I would need to test connecting to the Exchange Server via another location that also uses Comcast to determine if the issue is isolated to my home connection. Another possibility is that the Exchange Server, for some reason, is not accepting incoming connections from Comcast. So, I don't say that it is Comcast categorically, just that it is very strange that EVERY other type of connection I've tried has no problem
I would like to clarify a bit though as you may have misunderstood, connecting to Exchange Server through the VPN works for all connection types, not just public wifi.
That's what I understood you to be saying, I was just using public wifi as a point of comparison.
It's simply impossible for Comcast to block specific applications going through the VPN. I could understand it if Comcast blocked the VPN completely, so you couldn't access file shares, either. But I don't see any way that Comcast could interfere only with access to the Exchange server when everything is hidden in the VPN.
There should be logging on the company VPN server showing what applications are going through it, so maybe your IT department can help get to the bottom of this.
The DNS server assigned to the network interface associated with the VPN is an internal Windows server running DNS. I am no expert but it would seem to me that Comcast shouldn't care about that...
I'm more interested in whether it is something Outlook 2007 may be doing... I have heard of different versions having different connectivity issues.. although it still comes down to the fact that the Comcast connection is doing something different than every other connection where Microsoft Exchange connectivity through the VPN works fine..
Under Cisco VPN Client, highlight your VPN profile and go to "properties"
Under the "Transport" tab, under "Enable Transparent Tunneling" note the current settings and write it down somewhere (for safekeeping in order to return back to defaults)
Now change from "IPSec over TCP" to "IPSec over UDP" (or viceversa depending on your initial setting). Leave the setting "Allow Local LAN access" alone.
Now click "Save" and try again.
Most of the time this should do the trick
Some extra things to troubleshoot if you can connect via VPN, but not access company network shares or email server:
While connected thru VPN, try and "ping" your exchange server's/file servers computername. If you do not get a reply, try and ping the exchange/file server's IP address. (get this info beforehand from your IT person)
If you can ping the exchange server by IP address, but not by name, contact your employer's IT admin. It's possible you may need a manual DNS entry in your lmhosts file to point to the location of the exchange server/company file server.
sample lmhosts file (made with notepad just with no .TXT file extension at all)
to be located under c:\windows\system32\drivers\etc.
Use "TAB" key to add spacing between servername and IP address and , do not use spacebar keys.
Hope this helps you guys, I won't be able to offer additional help after this post.
chiexchange1 10.1.1.100 (or whatever the real ip address is "inside" the company LAN)
I've turned off the firewall and will likely need to work with the IT people who handle the server and let them do some remote control of the computer so they can troubleshoot things, I've tried pinging what I think is the server via name and cannot reach it although I can ping the IP.. perhaps there is some DNS resolution issues happening... beyond my pay scale. Meanwhile if anyone else has any suggestions I can try or suggest to the IT people I very much appreciate it.
It would have been great to get some support from a Comcast representative.. I thought these forums were monitored... ahh well.
I am having the same problem with both outlook 2010 and 2007. When I do a tracert it is clear that one of the ip nodes gets hung up on the way to the server. I called comcast about this but this was beyond regular support's area of expertise so they gave me another comcast specialist number which I think I misplaced. Doh.
Most Exchange servers are behind corporate firewalls and getting to them is usually restricted to VPN connections or authentication POP/SMTP gateways. Because of this, most will not respond to ping or tracert in a reliable fashion.
After months of not knowing why Outlook 2007 would connect sporadically to the Exchange server through my VPN connection and would connect through a network connection from my tethered smartphone but not through the ComCast connection, I realized that the server names weren't resolving properly and used nslookup and ping utilities to test domain name resolution and found that although connected to the corporate intranet with the VPN and able to access server shares via IP address, the Exchange Server name was resolving to an external IP address 184.108.40.206. A google of this address revealed that it resolved to 'fastsearch.net' which is Comcast's search facility.. meaning ComCast domain name servers were not able to resolve the name properly. I updated the DNS setting on my wireless router to use Google Public DNS servers and the PROBLEM IMMEDIATELY WENT AWAY..
Thanks to everyone for their input.. and NO THANKS TO COMCAST FOR THIS STELLAR FAIL. After many calls to customer service, with no resolution I was about to give up.
Those are obsolete DNS server IPs. The current IPs are 220.127.116.11 and 18.104.22.168.
And even if they weren't "obsolete" they wouldn't be the right DNS servers to suggest to be used for everyone's connection as far as pointing to the proper CDN's (Content Distribution Networks) for one's particular area goes as they were not *anycast* servers. This may result in performance issues especially with streaming content.
These servers were for your particular region.
This year old thread seems to have run its course so it is being closed.