?
Solved

Direct Push is working but slow

Posted on 2006-06-06
9
Medium Priority
?
2,311 Views
Last Modified: 2007-12-19
I have been setting up Direct Push for Sprint PPC-6700 before we roll them out to employees.  Direct Push appears to be working but messages are not coming in instantaneously.  Instead messages arrive every 8 minutes.  Looking at the MobileAdmin site, the time between Sync's is about 8 minutes.  I set up perfmon to measure the Ping: Last HeartBeat Interval and it shows 480 secs.

Environment:
Exchange: 2003 SP-2 in a Front-End/Back-End environment.  Back-End Server is an Exchange 2003 Cluster.
Firewall: Checkpoint FW-1; HTTP blocked, HTTPS Allowed; Session Timeout for HTTPS is 3600 seconds
No ISA Server (don't need it, don't want it)
SSL Certificate is from internal Microsoft Certificate Authority.
Device: Sprint PPC-6700 with MSFP and configured for "As Items Arrive" in ActiveSync Schedule for both Peak and Off Peak Times

OWA works fine

I have the Virtual Directories in their own Site Constangy.Com (Front-End) with the following Virtual Directories
\Exchange
\ExchWeb
\Microsoft-Server-ActiveSync
\OMA
\public
\rpc
\webmail

All have Require SSL turned on.  I have played around with turning the SSL off but that doesn't make a difference.

Periodically I get this message in the Appslog on the Front-End Server.  ATLEXCHANGE is the Back-End Server.  

Event ID: 3031
The mailbox server [ATLEXCHANGE.constangy.corp] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.  For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, ...


I can connect fine to https://cbsmail.constangy.com/Microsoft-Server-ActiveSync.  I get prompted for credentials and I get the "HTTP/1.1 501 Not Implemented" message.  

I cannot connect to https://cbsmail.constangy.com/OMA correctly.  I am prompted for credentials but then I get

Server Error in '/OMA' Application.

Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>
 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>
 

Does anyone have a clue as to what is wrong and why the Direct Push rate is so slow?




0
Comment
Question by:dgrow
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16846191
Is it set to "As messages arrive" in ActiveSync on the device?

The authentication issues are easily dealt with: http://www.amset.info/exchange/mobile-omafba.asp

Simon.
0
 

Author Comment

by:dgrow
ID: 16846370
Yes, device is set to "As Items Arrive" for both Peak and Off Peak times.  

My understanding of the process is that the device pings the webserver and establishes in essence a tunnel.  No further traffic goes down the tunnel, unless either side has a new message.  If a new message arrives on the server, it knows to direct the message down the tunnel to the device.  Unless of course the tunnel collapses for whatever reason.

What I THINK may be happening is that the device pings the server every 8 minutes to establish and maintain the tunnel.  Something is collapsing the tunnel well before 8 minutes is up.  So after 8 minutes the device re-establishes the tunnel, the server says hey I've got mail for you and downloads it.  Then the process repeats itself.  

I don't think the tunnel ever stays established.  One of the tests I've done is to watch it sync and then immediately send a new message as soon as the sync finishes.  The message doesn't get delivered until 8 minutes later.  

I've read some articles that discuss the Firewall.  I think I have that covered.  I set the HTTPS session timeout to 3600 secs.  I don't know of any other place I would need to change the timeout settings.  But like I said it appears that the tunnel collapses immediately.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16847068
The only article on firewall configuration is this one: http://support.microsoft.com/?kbid=905013
That recommends that the timeout on the firewall is increased to more than eight minutes. Your 60 minutes should be fine in that case.

It has to be the firewall though. I have setup this feature on loads of servers and it has worked fine. The most the delay has been is about a minute, sometimes before the Outlook client has pinged.

Simon.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dgrow
ID: 16847635
Any thoughts on settings for a Checkpoint Firewall-1?  I have set the Session Timeout for all HTTPS traffic to 3600 seconds, I've set:

TCP Start Timeout: 900 secs
TCP Session Timeout: 3600 secs
TCP End Timeout: 900 secs
UDP Virtual Session Timeout: 900 secs
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16847678
I haven't seen a checkpoint for months. I have it working through Netscreens, PIX and most of the low end routers.
Try turning up the logging on the device, see if you can confirm the firewall is tearing down the connection.

Simon.
0
 

Expert Comment

by:wnickson
ID: 16976026
dgrow - I have the exact same issue, activesync works fine, all looks good - but takes exactly 8 mins from last sync to get any new items. I am looking into this, if I find anything I will let you know and of course if you do then please post your results.
0
 

Expert Comment

by:wnickson
ID: 16976033
BTW - this has nothing to do with firewalls - my sessions are fine. It also has nothing to do with any registry settings on the Exchange server (heartbeat) - as i have changed these and nothign has made a difference - I even re-installed exchange sp2, with no success. I have a feeling it is a problem on the device itself (I am using an i-mate sp5).
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 17152091
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question