Link to home
Start Free TrialLog in
Avatar of dav-i-son
dav-i-son

asked on

ISA Crashing with iPhone using ActiveSync

I am having issues where ISA appears to be hanging up where it does not accept any more requests for Active Sync (or OWA which uses the same box).  We have had this problem with both a virtualized enviroment (4GB RAM, etc..) as well as a Physical Box.  The only way to remediate it is to restart the Windows Firewall Serivce.  The physical box seems to work better but additional load causes this issue to occur (2GB).  We're running the FW in single NIC mode and we have about 3 issues per day at various times.  There are about 30 iPhones who proxy through this ISA server for ActiveSync and less than 10 concurent users using OWA.  Both servers are running ISA 2006 sp2 and Windows 2003 sp2.
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

No such thing as ISA 2006 sp2 - if your system is telling you that you have it then you have a bigger issue..... SP1 is the only service pack so far for ISA2006.
Make sure you have the ISA2006 supportability update applied. This is not an 'optional', it is a required update to maintain supportability.
How are the iphones and the Exchange sync'ing? Are they all on constant updating? What is the frequency?
What are you seeing in the ISA realtime log?
What are in the ISA gui alerts?
Avatar of dav-i-son
dav-i-son

ASKER

Thank you for your response.  You are correct, It is ISA 2006 sp1, sorry for the typo.  I did not install the supportability pack but just did and then reinstalled sp1 since it came out after the supportability pack.
Iphones and Exchange 2007 are syncing through Activesync, via the ISA server then into the Exchange CAS server.  They are all on constant updating running the push client within Async.

In the realtime log, everything looks great and then it starts saying "The service did not response to the start or  control request in a timely fashion"  Just to clarify, 10.102.200.50 is the IP address of the ISA server.

Error in the detail window is:
Failed Connection Attempt CARISA03 10/22/2009 10:56:27 AM
Log type: Web Proxy (Reverse)
Status: 1053 The service did not respond to the start or control request in a timely fashion.  
Rule: EXCH Active Sync
Source: - (166.205.6.45)
Destination: - (10.102.200.50:443)
Request: POST http://outlook.xxxxxx.com/Microsoft-Server-ActiveSync?User=rradl&DeviceId=Appl5K921061Y7H&DeviceType=iPhone&Cmd=Sync 
Filter information: Req ID: 0df910f6; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=no, updated=no, logged off=no, client type=public, user activity=yes
Protocol: https
User: anonymous
 Additional information
Client agent: Apple-iPhone/703.144
Object source: (No source information is available.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 16828 ms
MIME type: -

I do not see any gui alerts.
All looks pretty good in the log and to be honest, sounds like a straightforward timeout.

On the ISA, open start - programmes - ISA server and select the performance counters and monityor the active sync and the other default counters. Is the box simply overloaded in respect to traffic? What sort of line do you have to the Internet? If this is an adsl of some form then you well be hitting a limitation.
Thanks for the suggestion.  I did open the perf counters.  Everything looks minimal except for Average Milliseconds/request whicy spikes (1000) periodically.  I"m not sure why it does it because if I look at task manager, the CPU and memory useage is between 0-2% and memory is using about 665mb (the machine has 3GB).  We're having our firewall group check again for any traffic issues but we don't think that's the case since we have a 25MB fractional DS3 right to the internet cloud.

Thoughts?
25MB or 25Mb?  either way it should be OK I would guess although I assume the components between the Internet and the Exchange box are all reasonably specc'ed out?
It's 25Mb/s to the internet.  If anything, we're oversized on the Exchange and networking gear since we've sized it for 6000 total users and we're only at 1200 right now in our migrations.  
Can you run the BPA on both the exchange System and the ISA system - anything noticed here?
ASKER CERTIFIED SOLUTION
Avatar of dav-i-son
dav-i-son

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As you did not bother to respond to my question, I wouldn't know.