Log in

Riddle me this.... - Technical Support Banter [entries|archive|friends|userinfo]
Tier 12 Support

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Riddle me this.... [Jan. 20th, 2012|12:13 pm]
Tier 12 Support


We have one machine on a site running win7 that cannot contact the outlook server.

Now. Here's where it gets interesting.

-- Machine cannot access OWA. Checked, there's no fault with the OWA.
-- Machine CAN access OWA server on non-https connection
-- Machine CAN access other HTTPS sites
-- Machine is not running firewall
-- IE has been reset and has proper security parameters
-- Machine CAN telnet server on SSL port, both via domain name and direct IP
-- Machine is connected to domain, has been set to recognise the network as a Work Network
-- Sites have been added to trusted list, security set to LOW.

Dumped the stack, reset wins, but the machine seems to have issues with accessing outlook OWA. The fact that it can telnet, but not load in IE or via outlook is making me think it's something higher up in the OSI, but I've done everything bar sacrifice a chicken to it at this point and it's....puzzling to say the least.


EDIT: Turned out to be an MTU issue.

[User Picture]From: sushispook
2012-01-20 01:18 am (UTC)
Is this via ANY browser? Or just IE? Perhaps it's got a munged copy of the SSL cert that it needs to have re-installed?

When you say you can't get to it, what's the exact error that you get? Any goodies logged in the event log at all?
(Reply) (Thread)
[User Picture]From: taleya
2012-01-20 01:44 am (UTC)
Tried via FF, same issues. The event log doesnt' have anything apart from a timeout on connection - it's straight out refusing to load the website at all, and giving me a connection error. But there is connectivity (validated by the telnet on the SSL), so I'm playing with the MTU at the moment... hmmmm...
(Reply) (Parent) (Thread)
[User Picture]From: sushispook
2012-01-20 03:43 am (UTC)
That's... daffy.

Is the workstation on the same subnet as OWA server? We've had the occasional issue with SSL related foo when we had machines behind a WAN accelerator/caching system when in combination with bad cabling/balky switch ports.

Have you tried isolating the issue to the machine or the network segment is on? Do other machines at that location throw the same issue, or it stays with the machine no matter where it gets plugged in? Maybe try booting up to a bart boot CD/usb with a browser on it and see if it still throws the same problem?
(Reply) (Parent) (Thread)
[User Picture]From: taleya
2012-01-20 04:39 am (UTC)
Remote site (interstate) so i can't sit down physically in ront of the machine, sadly (And no, i don't trust the staff up there. Yesterday I had to remote in and trigger a software eject on a DVD rom because they couldn't find the button)

It's just a straight three machine network up there, running through a common switch to a telstra router...turned out the issue was the MTU. Set it back down to 1480, all good.

Freakin' lenovos...
(Reply) (Parent) (Thread)
[User Picture]From: wyrdrune
2012-01-20 06:30 am (UTC)
OWA as in Exchange 2007/2010 or OWA as in Exchange 2003?

We recently had real issues with Exchange 2010 where one of the certificates on the Exchange server was misnamed and not being loaded - I can't remember the exact commands I used in the end but I could probably dig it out if it might help. I think one of them was this one: http://technet.microsoft.com/en-us/library/bb124509.aspx

(Reply) (Thread)
[User Picture]From: tullamoredew
2012-01-20 11:41 am (UTC)
obviously, if you can access a website with http and not with https, and it's not a port issue (telnet works) it's a certificate issue.

s_client is the tool to diagnose such problems, or you could simply check your local certificate stores, or manually download and import the relevant certificate from the Exchange server.
(Reply) (Thread)
[User Picture]From: taleya
2012-01-20 11:46 am (UTC)
I was a bit suss about it being a cert issue as the machine was pretty much new out of box, wasn't even getting to the SSL negotiation stage and no other machine in multiple sites (read: 15) was having this issue. (so it wasn't on the server side)

Turned out to be MTU. Dropped that down and all good.
(Reply) (Parent) (Thread)
[User Picture]From: tullamoredew
2012-01-20 11:49 am (UTC)
kinda weird really, https and http are both TCP based, how come one is hit by extra fragmentation and the other isn't? Unless http was also being really laggy, but you never mentioned that.

Anyhow, all is well that ends well
(Reply) (Parent) (Thread)
[User Picture]From: taleya
2012-01-20 12:02 pm (UTC)
Always hard to tell with HTTP in remote sites - not sure if you've ever worked with Labtech, but basically it uses a tight VNC. And that site has a 512k connection, so ....ugh.

Supreme ugh happens.
(Reply) (Parent) (Thread)
[User Picture]From: tullamoredew
2012-01-20 12:05 pm (UTC)
VNC is always "ugh". Things will change when someone will port Spice as a standalone solution usable for other things, other than accessing VMs
(Reply) (Parent) (Thread)