Mapi Session Limit Exceeded only Over VPN Tunnel

Posted on 2007-10-17
Last Modified: 2010-07-27
Error message on Exchange Server:

Mapi session "/o="sitename"/ou=First Administrative Group/cn=Recipients/cn=end.user" exceeded the maximum of 100 objects of type "session".

I have already increased the session limit from 32 to 100 hoping this would solve the problem.  Interestingly, nobody in the main office, where the Exchange Server resides, is *ever* listed in the session limit exceeded messages, it is only the users in the remote firewall-based VPN tunnel site that experience the problem.  Could there be something with the way the tunnel is communicating with our network that is causing the session timeouts to occur?  There's no odd software installed or different type of computer system involved in the remote site versus the main site.  So confusing!
Question by:kaos_theory
    LVL 26

    Expert Comment

    LVL 1

    Accepted Solution

    Looks like I am find the root course of problem. MAPI sessions are based on *TCP* connectivity, and are alive while corresponding TCP sessions are opened. The problem is happen in case of dead TCP session, when client side drops old one and than has open new one, but the server side did not received acknowledgement for dropping old one and will continue handle both old TCP session and newly opened. "netstat -ano" will show all handled TCP sessions.  So, the server is also handle both MAPI sessions, which may be closed by server when corresponding TCP session will closed. How long the Windows Server will handle dead TCP sessions? FOREVER! You need manually create registry value in order to turn on "keep alive" check of TCP sessions. This value for creation are "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime" and "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveInterval".
    See more
    LVL 2

    Author Comment

    Would I be making this change on the client or server end?

    Expert Comment

    Client End only

    Expert Comment

    Hey all...I know this is an old question. Alcatras...Can you tell me what values you set for the KeepAliveTime and KeepAliveInterval? Thanks.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now