TCP Out-of-Orders and TCP Dup ACK's on Macintosh clients w/ Exchange

Posted on 2010-08-16
Last Modified: 2012-05-10

I have a strange issue that I am struggling with.  I recently used XenConvert to virtualize a Windows 2003 Server running Exchange 2003.  It is a single server which is accessed via Mac and PC clients.  Ever since I virtualized the server the Mac computers are having connectivity issues.

When I run a Wireshark capture I am seeing TCP Out-of-Order and TCP Dup ACK's.  A way to clearly see this behavior and the network connectivity stall is to open up the webmail and page through e-mails.  You will see the connection stall midpage.  It will usually resume the connection anywhere between 5 and 5 minutes later.

This is causing problems for remote Entourage users and people accessing webmail.

Now here is the strange part:  The issue only affects Mac's (and one of my Linux systems that I tested with).  If you pull up webmail with Internet Explorer on a Windows PC, there are no timeouts, no stalling--everything loads just fine.

I don't THINK it's a hardware issue on the switches or server NIC as Windows has no problems, just the Mac's.  I am able to copy large files via SMB from the Server to the Mac, so it seems to be localized to IIS.

We're running the most recent versions of firmware on the new server.  I am going to perform all Windows updates and see if a patch may resolve this issue.  Can anyone think of a possible reason as to why this would be occuring?

Thanks for any suggestions!
Question by:lighthousekeeper
  • 3
  • 3

Expert Comment

ID: 33446054
What speed is your network?  What is the MTU on the Macs. Could be that the MTU is too big on the Macs, and/or that the virtualized Exchange server is failing to handle TCP negotiations properly.

Try setting one Mac to the same MTU as the virtual Exchange server (and possibly also set the MTU on the interface of the "real" host).

Just a guess.

However, if the only thing that changed is your new virtual server, then I would concentrate my investigations around that.

Author Comment

ID: 33458882
I wanted to provide an update on this issue:  The problem actually occurs on a Mac or a PC platform.  What I have found is OWA works fine through Internet Explorer, but any other browser (firefox, Chrome, etc.) we will get intermittent timeouts which makes OWA difficult to use.

As an example, after logging into OWA when you page through your lists of messages it will stop transmitting midway through the list.  It will then finally catch up and finish displaying the page.  Sometimes it completes, sometimes it does not--just hangs.  Wiresharks says TCP Out-of-Orders and Dup ACK's are occurring.  We've replaced out switched (for another reason) and that did not make a difference.

OWA on Internet Explorer seems to be wrapped in Active X (or something) and has a much richer experience versus OWA in Firefox (where the problem occurs).  Is this a clue as to why this could be happening?

The timeout issue DOES happen internally, but it happens RARELY and doesn't seem nearly as severe as when accessing remotely.  If you VPN in remotely and test internally over the VPN, the issue still occurs.  We are replacing the firewall this evening and I will report if that makes any difference.

We're starting to go crazy at this point.  Any suggestions are greatly appreciated!


Expert Comment

ID: 33460125
Well, my suggestion would be to complain to the virtualization provider, complain to Microsoft (you bought support, right ...), and/or move all your stuff to Google and just ditch Exchange.  It's a bloated steaming pile that just wastes resources and doesn't play well with others.

I'm sure that ActiveX uses some backdoor to access Exchange versus other browsers. You could see this pretty easily in Wireshark, I bet.  

I still suspect the TCP stack on the virtual server is somehow getting twisted because of Exchange.

Not what you wanted to hear, but I have nothing more to add.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 33474400
Thanks...  I just wanted to add a little more information.

We swapped out our switches and firewall with new ones.

FTP, SMB, Remote Desktop, RPC--these protocols work fine to this server on any platform.

HTTP, HTTPS--these protocols timeout with TCP Dup ACK's, TCP Previous Segment lost, TCP Out of Order.

Downloading via HTTP or HTTPS on Windows PC's works fine.  Mac or Linux PC's we get the timeouts.  I tested the HTTP HTTPS issue directly from the root directory outside of exchange.

I'm think I'm going to contact Microsoft as I believe it is an IIS issue.  What do you think?  Any last ideas?

Expert Comment

ID: 33474481
Yeah, IIS, or possibly the network stack isn't dealing with the network speed.  

Have you tried disabling all firewall/filtering on the server? Perhaps some stateful firewall is inspecting HTTP packets and hosing them.

Maybe try a different network adapter in the server.

Good luck.

Accepted Solution

lighthousekeeper earned 0 total points
ID: 33480826
Problem resolved.  Here is fix:


Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question