dgrow
asked on
Direct Push is working but slow
I have been setting up Direct Push for Sprint PPC-6700 before we roll them out to employees. Direct Push appears to be working but messages are not coming in instantaneously. Instead messages arrive every 8 minutes. Looking at the MobileAdmin site, the time between Sync's is about 8 minutes. I set up perfmon to measure the Ping: Last HeartBeat Interval and it shows 480 secs.
Environment:
Exchange: 2003 SP-2 in a Front-End/Back-End environment. Back-End Server is an Exchange 2003 Cluster.
Firewall: Checkpoint FW-1; HTTP blocked, HTTPS Allowed; Session Timeout for HTTPS is 3600 seconds
No ISA Server (don't need it, don't want it)
SSL Certificate is from internal Microsoft Certificate Authority.
Device: Sprint PPC-6700 with MSFP and configured for "As Items Arrive" in ActiveSync Schedule for both Peak and Off Peak Times
OWA works fine
I have the Virtual Directories in their own Site Constangy.Com (Front-End) with the following Virtual Directories
\Exchange
\ExchWeb
\Microsoft-Server-ActiveSy
\OMA
\public
\rpc
\webmail
All have Require SSL turned on. I have played around with turning the SSL off but that doesn't make a difference.
Periodically I get this message in the Appslog on the Front-End Server. ATLEXCHANGE is the Back-End Server.
Event ID: 3031
The mailbox server [ATLEXCHANGE.constangy.cor
I can connect fine to https://cbsmail.constangy.com/Microsoft-Server-ActiveSync. I get prompted for credentials and I get the "HTTP/1.1 501 Not Implemented" message.
I cannot connect to https://cbsmail.constangy.com/OMA correctly. I am prompted for credentials but then I get
Server Error in '/OMA' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustomp
</system.web>
</configuration>
Does anyone have a clue as to what is wrong and why the Direct Push rate is so slow?
Environment:
Exchange: 2003 SP-2 in a Front-End/Back-End environment. Back-End Server is an Exchange 2003 Cluster.
Firewall: Checkpoint FW-1; HTTP blocked, HTTPS Allowed; Session Timeout for HTTPS is 3600 seconds
No ISA Server (don't need it, don't want it)
SSL Certificate is from internal Microsoft Certificate Authority.
Device: Sprint PPC-6700 with MSFP and configured for "As Items Arrive" in ActiveSync Schedule for both Peak and Off Peak Times
OWA works fine
I have the Virtual Directories in their own Site Constangy.Com (Front-End) with the following Virtual Directories
\Exchange
\ExchWeb
\Microsoft-Server-ActiveSy
\OMA
\public
\rpc
\webmail
All have Require SSL turned on. I have played around with turning the SSL off but that doesn't make a difference.
Periodically I get this message in the Appslog on the Front-End Server. ATLEXCHANGE is the Back-End Server.
Event ID: 3031
The mailbox server [ATLEXCHANGE.constangy.cor
I can connect fine to https://cbsmail.constangy.com/Microsoft-Server-ActiveSync. I get prompted for credentials and I get the "HTTP/1.1 501 Not Implemented" message.
I cannot connect to https://cbsmail.constangy.com/OMA correctly. I am prompted for credentials but then I get
Server Error in '/OMA' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustomp
</system.web>
</configuration>
Does anyone have a clue as to what is wrong and why the Direct Push rate is so slow?
ASKER
Yes, device is set to "As Items Arrive" for both Peak and Off Peak times.
My understanding of the process is that the device pings the webserver and establishes in essence a tunnel. No further traffic goes down the tunnel, unless either side has a new message. If a new message arrives on the server, it knows to direct the message down the tunnel to the device. Unless of course the tunnel collapses for whatever reason.
What I THINK may be happening is that the device pings the server every 8 minutes to establish and maintain the tunnel. Something is collapsing the tunnel well before 8 minutes is up. So after 8 minutes the device re-establishes the tunnel, the server says hey I've got mail for you and downloads it. Then the process repeats itself.
I don't think the tunnel ever stays established. One of the tests I've done is to watch it sync and then immediately send a new message as soon as the sync finishes. The message doesn't get delivered until 8 minutes later.
I've read some articles that discuss the Firewall. I think I have that covered. I set the HTTPS session timeout to 3600 secs. I don't know of any other place I would need to change the timeout settings. But like I said it appears that the tunnel collapses immediately.
My understanding of the process is that the device pings the webserver and establishes in essence a tunnel. No further traffic goes down the tunnel, unless either side has a new message. If a new message arrives on the server, it knows to direct the message down the tunnel to the device. Unless of course the tunnel collapses for whatever reason.
What I THINK may be happening is that the device pings the server every 8 minutes to establish and maintain the tunnel. Something is collapsing the tunnel well before 8 minutes is up. So after 8 minutes the device re-establishes the tunnel, the server says hey I've got mail for you and downloads it. Then the process repeats itself.
I don't think the tunnel ever stays established. One of the tests I've done is to watch it sync and then immediately send a new message as soon as the sync finishes. The message doesn't get delivered until 8 minutes later.
I've read some articles that discuss the Firewall. I think I have that covered. I set the HTTPS session timeout to 3600 secs. I don't know of any other place I would need to change the timeout settings. But like I said it appears that the tunnel collapses immediately.
The only article on firewall configuration is this one: http://support.microsoft.com/?kbid=905013
That recommends that the timeout on the firewall is increased to more than eight minutes. Your 60 minutes should be fine in that case.
It has to be the firewall though. I have setup this feature on loads of servers and it has worked fine. The most the delay has been is about a minute, sometimes before the Outlook client has pinged.
Simon.
That recommends that the timeout on the firewall is increased to more than eight minutes. Your 60 minutes should be fine in that case.
It has to be the firewall though. I have setup this feature on loads of servers and it has worked fine. The most the delay has been is about a minute, sometimes before the Outlook client has pinged.
Simon.
ASKER
Any thoughts on settings for a Checkpoint Firewall-1? I have set the Session Timeout for all HTTPS traffic to 3600 seconds, I've set:
TCP Start Timeout: 900 secs
TCP Session Timeout: 3600 secs
TCP End Timeout: 900 secs
UDP Virtual Session Timeout: 900 secs
TCP Start Timeout: 900 secs
TCP Session Timeout: 3600 secs
TCP End Timeout: 900 secs
UDP Virtual Session Timeout: 900 secs
I haven't seen a checkpoint for months. I have it working through Netscreens, PIX and most of the low end routers.
Try turning up the logging on the device, see if you can confirm the firewall is tearing down the connection.
Simon.
Try turning up the logging on the device, see if you can confirm the firewall is tearing down the connection.
Simon.
dgrow - I have the exact same issue, activesync works fine, all looks good - but takes exactly 8 mins from last sync to get any new items. I am looking into this, if I find anything I will let you know and of course if you do then please post your results.
BTW - this has nothing to do with firewalls - my sessions are fine. It also has nothing to do with any registry settings on the Exchange server (heartbeat) - as i have changed these and nothign has made a difference - I even re-installed exchange sp2, with no success. I have a feeling it is a problem on the device itself (I am using an i-mate sp5).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The authentication issues are easily dealt with: http://www.amset.info/exchange/mobile-omafba.asp
Simon.