Remote Laptop Users cannot access Exchange using Outlook

[Robert W]

Greetings,

I have a plaguing situation that is occurring and I have run to the end of
my options, I think? First I will lay out the situation and then the
troubleshooting steps that have been taken.

Situation:

I have two users, both on High speed access lines, both using Office XP SP1,
and working from Windows 2000 SP4. Server is Windows 2000 SP4 with Exchange
2000 Post-SP3 Security Rollup. SP4 was installed during the height of the
Blaster Worm virus last week, as well as a myriad of patches including the
RPC vulnerability. About a day after the patch and SP4 were installed,
connectivity issues were appearing. These remote users are on opposite ends
of the country, as we are located in Texas. Both have run removal tools for
the worm, with only one confirmation of a user having the virus. Since that
time, the user with the confirmed infection has sent their laptop in for
further examination. Following is the breakdown of troubleshooting that we
have done thus far, both at the user's location as well as on site in our
facility.


Troubleshooting Steps:

User's location -

Deleted Outlook profile and recreated it. Were unable to login to Outlook
XP.
Flushed DNS and checked HOST file for proper pointer to our mail server.
User was able to work using OWA access.
Outlook would only operate in Offline status. (High Speed connection)
Outlook then worked, after several login attempts, using dial up access.

Our location -
Plugged into local LAN.
Attempted login to Exchange from Outlook, password was not accepted or login
credentials continued to fail.
Updated Office XP patches. Still no further then before.
Outlook eventually opens after 4-6 login attempts from entering in account
information into login box. Even though this is coming off the internal LAN
where Exchange is located.

During this time, High Speed access, Dial up, and internal LAN, Internet
access remains active and usable.

Have attempted to uninstall/reinstall Office XP, which offered no solution.


Reapplied Service pack 4 which also netted zero results.

Unless there is something I am missing, and I believe I am, since it appears
to only affect the way Outlook connects on high speed access vs. dial up.
Hopefully someone there will be able to tell me what is the difference in
the two scenarios when Outlook is connecting to Exchange 2000. I have
already statically mapped the Exchange ports, and since Exchange sits behind
our company's firewall, I have allowed these outside users access to connect
to Exchange without the use of a VPN connection. Also, with that stated,
Those affected by the Worm are unable to connect even after establishing a
VPN connection to our network using high speed access, which other remote
users with the same setup and not having the virus are still able to do
normally.

Sorry for being so wordy, but I have seen others post parts of what I am
also seeing, but I wanted to dump as many variables as I could, just in case
others are experiencing some of the same problems we are here.

My last option is to backup the laptop hard drive of all important documents
and settings, and then wipe it clean and start over.


--
Thank you for your time and attention to this matter,

Robert Wisian Jr.
(e-mail address removed)
512-589-2805

 

[Milly Staples [MVP - Outlook]]

It may be something as simple as the ISP for the broadband blocking port
135. I know a number of ISPs have started doing that to slow the spread of
the msblast worm.

What ISPs are involved? Can you contact them to see if Port 135 is being
actively blocked?


--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact.


After searching google.groups.com and finding no answer
Robert W <[email protected]> asked:

| Greetings,
|
| I have a plaguing situation that is occurring and I have run to the
| end of my options, I think? First I will lay out the situation and
| then the troubleshooting steps that have been taken.
|
| Situation:
|
| I have two users, both on High speed access lines, both using Office
| XP SP1, and working from Windows 2000 SP4. Server is Windows 2000
| SP4 with Exchange 2000 Post-SP3 Security Rollup. SP4 was installed
| during the height of the Blaster Worm virus last week, as well as a
| myriad of patches including the RPC vulnerability. About a day after
| the patch and SP4 were installed, connectivity issues were appearing.
| These remote users are on opposite ends of the country, as we are
| located in Texas. Both have run removal tools for the worm, with
| only one confirmation of a user having the virus. Since that time,
| the user with the confirmed infection has sent their laptop in for
| further examination. Following is the breakdown of troubleshooting
| that we have done thus far, both at the user's location as well as on
| site in our facility.
|
|
| Troubleshooting Steps:
|
| User's location -
|
| Deleted Outlook profile and recreated it. Were unable to login to
| Outlook XP.
| Flushed DNS and checked HOST file for proper pointer to our mail
| server. User was able to work using OWA access.
| Outlook would only operate in Offline status. (High Speed connection)
| Outlook then worked, after several login attempts, using dial up
| access.
|
| Our location -
| Plugged into local LAN.
| Attempted login to Exchange from Outlook, password was not accepted
| or login credentials continued to fail.
| Updated Office XP patches. Still no further then before.
| Outlook eventually opens after 4-6 login attempts from entering in
| account information into login box. Even though this is coming off
| the internal LAN where Exchange is located.
|
| During this time, High Speed access, Dial up, and internal LAN,
| Internet access remains active and usable.
|
| Have attempted to uninstall/reinstall Office XP, which offered no
| solution.
|
|
| Reapplied Service pack 4 which also netted zero results.
|
| Unless there is something I am missing, and I believe I am, since it
| appears to only affect the way Outlook connects on high speed access
| vs. dial up. Hopefully someone there will be able to tell me what is
| the difference in the two scenarios when Outlook is connecting to
| Exchange 2000. I have already statically mapped the Exchange ports,
| and since Exchange sits behind our company's firewall, I have allowed
| these outside users access to connect to Exchange without the use of
| a VPN connection. Also, with that stated, Those affected by the Worm
| are unable to connect even after establishing a VPN connection to our
| network using high speed access, which other remote users with the
| same setup and not having the virus are still able to do normally.
|
| Sorry for being so wordy, but I have seen others post parts of what I
| am also seeing, but I wanted to dump as many variables as I could,
| just in case others are experiencing some of the same problems we are
| here.
|
| My last option is to backup the laptop hard drive of all important
| documents and settings, and then wipe it clean and start over.
|
|
| --
| Thank you for your time and attention to this matter,
|
| Robert Wisian Jr.
| (e-mail address removed)
| 512-589-2805

 

[Eric Lizotte]

Have you checked the exchange database that his mailbox is stored in for
corruption? I had that same issue pre-blaster, and it was due to database
corruption.

Eric

I can believe that to be part of the case, and would say that that was the
reason. Exception is that, I have one of those infected and cleaned laptops
sitting in the office on the internal network with a direct network
connection to Exchange and on the same subnet. The problem still appears as
it did when out in the field.

I will continue with different strategies and see what happens. More input
from the group as to alternatives to try would also be welcomed.

Robert W.

It may be something as simple as the ISP for the broadband blocking port
135. I know a number of ISPs have started doing that to slow the spread of
the msblast worm.

What ISPs are involved? Can you contact them to see if Port 135 is being
actively blocked?


--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact.


After searching google.groups.com and finding no answer
Robert W <[email protected]> asked:

| Greetings,
|
| I have a plaguing situation that is occurring and I have run to the
| end of my options, I think? First I will lay out the situation and
| then the troubleshooting steps that have been taken.
|
| Situation:
|
| I have two users, both on High speed access lines, both using Office
| XP SP1, and working from Windows 2000 SP4. Server is Windows 2000
| SP4 with Exchange 2000 Post-SP3 Security Rollup. SP4 was installed
| during the height of the Blaster Worm virus last week, as well as a
| myriad of patches including the RPC vulnerability. About a day after
| the patch and SP4 were installed, connectivity issues were appearing.
| These remote users are on opposite ends of the country, as we are
| located in Texas. Both have run removal tools for the worm, with
| only one confirmation of a user having the virus. Since that time,
| the user with the confirmed infection has sent their laptop in for
| further examination. Following is the breakdown of troubleshooting
| that we have done thus far, both at the user's location as well as on
| site in our facility.
|
|
| Troubleshooting Steps:
|
| User's location -
|
| Deleted Outlook profile and recreated it. Were unable to login to
| Outlook XP.
| Flushed DNS and checked HOST file for proper pointer to our mail
| server. User was able to work using OWA access.
| Outlook would only operate in Offline status. (High Speed connection)
| Outlook then worked, after several login attempts, using dial up
| access.
|
| Our location -
| Plugged into local LAN.
| Attempted login to Exchange from Outlook, password was not accepted
| or login credentials continued to fail.
| Updated Office XP patches. Still no further then before.
| Outlook eventually opens after 4-6 login attempts from entering in
| account information into login box. Even though this is coming off
| the internal LAN where Exchange is located.
|
| During this time, High Speed access, Dial up, and internal LAN,
| Internet access remains active and usable.
|
| Have attempted to uninstall/reinstall Office XP, which offered no
| solution.
|
|
| Reapplied Service pack 4 which also netted zero results.
|
| Unless there is something I am missing, and I believe I am, since it
| appears to only affect the way Outlook connects on high speed access
| vs. dial up. Hopefully someone there will be able to tell me what is
| the difference in the two scenarios when Outlook is connecting to
| Exchange 2000. I have already statically mapped the Exchange ports,
| and since Exchange sits behind our company's firewall, I have allowed
| these outside users access to connect to Exchange without the use of
| a VPN connection. Also, with that stated, Those affected by the Worm
| are unable to connect even after establishing a VPN connection to our
| network using high speed access, which other remote users with the
| same setup and not having the virus are still able to do normally.
|
| Sorry for being so wordy, but I have seen others post parts of what I
| am also seeing, but I wanted to dump as many variables as I could,
| just in case others are experiencing some of the same problems we are
| here.
|
| My last option is to backup the laptop hard drive of all important
| documents and settings, and then wipe it clean and start over.
|
|
| --
| Thank you for your time and attention to this matter,
|
| Robert Wisian Jr.
| (e-mail address removed)
| 512-589-2805

 

[Robert W]

That sounds plausible. But here is my question back to that theory. I have
loaded an identical profile on a computer here at our offices, and was able
to authenticate into the users mailbox without any hitch. This leads me to
believe that the problem is inherent to the laptop itself.

Now I will say this. I had the user, who once learned was infected, to
install the 03-026 patch immediately and then run a removal tool for
blaster, which it reported it had cleaned. Afterwards, this same user went
to the Windows update site and installed SP 4 over the top. Now I have read
in other posts that this should not have any adverse affects, nor do I
believe it would. I have gone so far as to uninstall the RPC patch as well
as numerous other patches and reinstalled them and the situation remains
unchanged.

I do believe that there is a legitimacy that ISP's are blocking port 135 to
help stem the outbreak of this virus, and hopefully that if it opens back
up, the Outlook connectivity issue will resolve. My concern is that either
the Worm or its patching and removal of it, was conducted in a certain
sequence as to hose up this users Outlook.

I am open to all suggestions on how to remedy this without wiping the
system, however it looks increasingly likely that it will have to be done.
Keep those minds spinning and shoot me your thoughts.

TIA

Robert W

Have you checked the exchange database that his mailbox is stored in for
corruption? I had that same issue pre-blaster, and it was due to database
corruption.

Eric

I can believe that to be part of the case, and would say that that was the
reason. Exception is that, I have one of those infected and cleaned laptops
sitting in the office on the internal network with a direct network
connection to Exchange and on the same subnet. The problem still

appears

as
it did when out in the field.

I will continue with different strategies and see what happens. More input
from the group as to alternatives to try would also be welcomed.

Robert W.

It may be something as simple as the ISP for the broadband blocking port
135. I know a number of ISPs have started doing that to slow the

spread
of

the msblast worm.

What ISPs are involved? Can you contact them to see if Port 135 is being
actively blocked?


--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact.


After searching google.groups.com and finding no answer
Robert W <[email protected]> asked:

| Greetings,
|
| I have a plaguing situation that is occurring and I have run to the
| end of my options, I think? First I will lay out the situation and
| then the troubleshooting steps that have been taken.
|
| Situation:
|
| I have two users, both on High speed access lines, both using Office
| XP SP1, and working from Windows 2000 SP4. Server is Windows 2000
| SP4 with Exchange 2000 Post-SP3 Security Rollup. SP4 was installed
| during the height of the Blaster Worm virus last week, as well as a
| myriad of patches including the RPC vulnerability. About a day after
| the patch and SP4 were installed, connectivity issues were appearing.
| These remote users are on opposite ends of the country, as we are
| located in Texas. Both have run removal tools for the worm, with
| only one confirmation of a user having the virus. Since that time,
| the user with the confirmed infection has sent their laptop in for
| further examination. Following is the breakdown of troubleshooting
| that we have done thus far, both at the user's location as well as on
| site in our facility.
|
|
| Troubleshooting Steps:
|
| User's location -
|
| Deleted Outlook profile and recreated it. Were unable to login to
| Outlook XP.
| Flushed DNS and checked HOST file for proper pointer to our mail
| server. User was able to work using OWA access.
| Outlook would only operate in Offline status. (High Speed connection)
| Outlook then worked, after several login attempts, using dial up
| access.
|
| Our location -
| Plugged into local LAN.
| Attempted login to Exchange from Outlook, password was not accepted
| or login credentials continued to fail.
| Updated Office XP patches. Still no further then before.
| Outlook eventually opens after 4-6 login attempts from entering in
| account information into login box. Even though this is coming off
| the internal LAN where Exchange is located.
|
| During this time, High Speed access, Dial up, and internal LAN,
| Internet access remains active and usable.
|
| Have attempted to uninstall/reinstall Office XP, which offered no
| solution.
|
|
| Reapplied Service pack 4 which also netted zero results.
|
| Unless there is something I am missing, and I believe I am, since it
| appears to only affect the way Outlook connects on high speed access
| vs. dial up. Hopefully someone there will be able to tell me what is
| the difference in the two scenarios when Outlook is connecting to
| Exchange 2000. I have already statically mapped the Exchange ports,
| and since Exchange sits behind our company's firewall, I have allowed
| these outside users access to connect to Exchange without the use of
| a VPN connection. Also, with that stated, Those affected by the Worm
| are unable to connect even after establishing a VPN connection to our
| network using high speed access, which other remote users with the
| same setup and not having the virus are still able to do normally.
|
| Sorry for being so wordy, but I have seen others post parts of what I
| am also seeing, but I wanted to dump as many variables as I could,
| just in case others are experiencing some of the same problems we are
| here.
|
| My last option is to backup the laptop hard drive of all important
| documents and settings, and then wipe it clean and start over.
|
|
| --
| Thank you for your time and attention to this matter,
|
| Robert Wisian Jr.
| (e-mail address removed)
| 512-589-2805

 

[Kevin Longley]

Is it possible that there is an issue with the users local profile and also
the outlook profile? Have you tried logging on as a different user and then
try an Outlook profile for that user?

That sounds plausible. But here is my question back to that theory. I have
loaded an identical profile on a computer here at our offices, and was able
to authenticate into the users mailbox without any hitch. This leads me to
believe that the problem is inherent to the laptop itself.

Now I will say this. I had the user, who once learned was infected, to
install the 03-026 patch immediately and then run a removal tool for
blaster, which it reported it had cleaned. Afterwards, this same user went
to the Windows update site and installed SP 4 over the top. Now I have read
in other posts that this should not have any adverse affects, nor do I
believe it would. I have gone so far as to uninstall the RPC patch as well
as numerous other patches and reinstalled them and the situation remains
unchanged.

I do believe that there is a legitimacy that ISP's are blocking port 135 to
help stem the outbreak of this virus, and hopefully that if it opens back
up, the Outlook connectivity issue will resolve. My concern is that either
the Worm or its patching and removal of it, was conducted in a certain
sequence as to hose up this users Outlook.

I am open to all suggestions on how to remedy this without wiping the
system, however it looks increasingly likely that it will have to be done.
Keep those minds spinning and shoot me your thoughts.

TIA

Robert W

Have you checked the exchange database that his mailbox is stored in for
corruption? I had that same issue pre-blaster, and it was due to database
corruption.

Eric

I can believe that to be part of the case, and would say that that was the
reason. Exception is that, I have one of those infected and cleaned laptops
sitting in the office on the internal network with a direct network
connection to Exchange and on the same subnet. The problem still

appears

as
it did when out in the field.

I will continue with different strategies and see what happens. More input
from the group as to alternatives to try would also be welcomed.

Robert W.

It may be something as simple as the ISP for the broadband blocking port
135. I know a number of ISPs have started doing that to slow the spread
of
the msblast worm.

What ISPs are involved? Can you contact them to see if Port 135 is being
actively blocked?


--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact.


After searching google.groups.com and finding no answer
Robert W <[email protected]> asked:

| Greetings,
|
| I have a plaguing situation that is occurring and I have run to the
| end of my options, I think? First I will lay out the situation and
| then the troubleshooting steps that have been taken.
|
| Situation:
|
| I have two users, both on High speed access lines, both using Office
| XP SP1, and working from Windows 2000 SP4. Server is Windows 2000
| SP4 with Exchange 2000 Post-SP3 Security Rollup. SP4 was installed
| during the height of the Blaster Worm virus last week, as well as a
| myriad of patches including the RPC vulnerability. About a day after
| the patch and SP4 were installed, connectivity issues were appearing.
| These remote users are on opposite ends of the country, as we are
| located in Texas. Both have run removal tools for the worm, with
| only one confirmation of a user having the virus. Since that time,
| the user with the confirmed infection has sent their laptop in for
| further examination. Following is the breakdown of troubleshooting
| that we have done thus far, both at the user's location as well as on
| site in our facility.
|
|
| Troubleshooting Steps:
|
| User's location -
|
| Deleted Outlook profile and recreated it. Were unable to login to
| Outlook XP.
| Flushed DNS and checked HOST file for proper pointer to our mail
| server. User was able to work using OWA access.
| Outlook would only operate in Offline status. (High Speed connection)
| Outlook then worked, after several login attempts, using dial up
| access.
|
| Our location -
| Plugged into local LAN.
| Attempted login to Exchange from Outlook, password was not accepted
| or login credentials continued to fail.
| Updated Office XP patches. Still no further then before.
| Outlook eventually opens after 4-6 login attempts from entering in
| account information into login box. Even though this is coming off
| the internal LAN where Exchange is located.
|
| During this time, High Speed access, Dial up, and internal LAN,
| Internet access remains active and usable.
|
| Have attempted to uninstall/reinstall Office XP, which offered no
| solution.
|
|
| Reapplied Service pack 4 which also netted zero results.
|
| Unless there is something I am missing, and I believe I am, since it
| appears to only affect the way Outlook connects on high speed access
| vs. dial up. Hopefully someone there will be able to tell me what is
| the difference in the two scenarios when Outlook is connecting to
| Exchange 2000. I have already statically mapped the Exchange ports,
| and since Exchange sits behind our company's firewall, I have allowed
| these outside users access to connect to Exchange without the use of
| a VPN connection. Also, with that stated, Those affected by the Worm
| are unable to connect even after establishing a VPN connection to our
| network using high speed access, which other remote users with the
| same setup and not having the virus are still able to do normally.
|
| Sorry for being so wordy, but I have seen others post parts of

what

I

 

[Robert W]

Thanks Kevin,

Actually we tried both directions. Added the users profile on another users
Outlook. Once selected and started, Outlook opened like normal without any
hesitations.

And of course, logged the user on a different computer and started Outlook
with the same results.

On the users laptop, we have deleted and recreated the users profile without
success. What stumps me is the ability to login to Outlook with only one
retry to Exchange and have Outlook open, where as on the Internal LAN or
High Speed SOHO connection, Outlook refuses to come up. Thinking was that
with all the talk of ISP's perhaps blocking the port, that was causing the
timeout. However high speed connection with VPN connection provided the
same results. Only dial up with subsequent VPN connection allowed for
Outlook to access Exchange.

So I'm still at the drawing board.

Robert W.

Is it possible that there is an issue with the users local profile and also
the outlook profile? Have you tried logging on as a different user and then
try an Outlook profile for that user?

That sounds plausible. But here is my question back to that theory. I have
loaded an identical profile on a computer here at our offices, and was able
to authenticate into the users mailbox without any hitch. This leads me to
believe that the problem is inherent to the laptop itself.

Now I will say this. I had the user, who once learned was infected, to
install the 03-026 patch immediately and then run a removal tool for
blaster, which it reported it had cleaned. Afterwards, this same user went
to the Windows update site and installed SP 4 over the top. Now I have read
in other posts that this should not have any adverse affects, nor do I
believe it would. I have gone so far as to uninstall the RPC patch as well
as numerous other patches and reinstalled them and the situation remains
unchanged.

I do believe that there is a legitimacy that ISP's are blocking port 135 to
help stem the outbreak of this virus, and hopefully that if it opens back
up, the Outlook connectivity issue will resolve. My concern is that either
the Worm or its patching and removal of it, was conducted in a certain
sequence as to hose up this users Outlook.

I am open to all suggestions on how to remedy this without wiping the
system, however it looks increasingly likely that it will have to be done.
Keep those minds spinning and shoot me your thoughts.

TIA

Robert W

Have you checked the exchange database that his mailbox is stored in for
corruption? I had that same issue pre-blaster, and it was due to database
corruption.

Eric

I can believe that to be part of the case, and would say that that

was
the

reason. Exception is that, I have one of those infected and cleaned
laptops
sitting in the office on the internal network with a direct network
connection to Exchange and on the same subnet. The problem still appears
as
it did when out in the field.

I will continue with different strategies and see what happens. More
input
from the group as to alternatives to try would also be welcomed.

Robert W.

It may be something as simple as the ISP for the broadband

blocking
port

135. I know a number of ISPs have started doing that to slow the spread
of
the msblast worm.

What ISPs are involved? Can you contact them to see if Port 135 is
being
actively blocked?


--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact.


After searching google.groups.com and finding no answer
Robert W <[email protected]> asked:

| Greetings,
|
| I have a plaguing situation that is occurring and I have run to the
| end of my options, I think? First I will lay out the situation and
| then the troubleshooting steps that have been taken.
|
| Situation:
|
| I have two users, both on High speed access lines, both using Office
| XP SP1, and working from Windows 2000 SP4. Server is Windows 2000
| SP4 with Exchange 2000 Post-SP3 Security Rollup. SP4 was installed
| during the height of the Blaster Worm virus last week, as well

as

a as
on

since

it what
is

use

of to
our what we
are