TCP Out-of-Orders and TCP Dup ACK's on Macintosh clients w/ Exchange

Posted on 2010-08-16
Medium Priority
Last Modified: 2012-05-10

I have a strange issue that I am struggling with.  I recently used XenConvert to virtualize a Windows 2003 Server running Exchange 2003.  It is a single server which is accessed via Mac and PC clients.  Ever since I virtualized the server the Mac computers are having connectivity issues.

When I run a Wireshark capture I am seeing TCP Out-of-Order and TCP Dup ACK's.  A way to clearly see this behavior and the network connectivity stall is to open up the webmail and page through e-mails.  You will see the connection stall midpage.  It will usually resume the connection anywhere between 5 and 5 minutes later.

This is causing problems for remote Entourage users and people accessing webmail.

Now here is the strange part:  The issue only affects Mac's (and one of my Linux systems that I tested with).  If you pull up webmail with Internet Explorer on a Windows PC, there are no timeouts, no stalling--everything loads just fine.

I don't THINK it's a hardware issue on the switches or server NIC as Windows has no problems, just the Mac's.  I am able to copy large files via SMB from the Server to the Mac, so it seems to be localized to IIS.

We're running the most recent versions of firmware on the new server.  I am going to perform all Windows updates and see if a patch may resolve this issue.  Can anyone think of a possible reason as to why this would be occuring?

Thanks for any suggestions!
Question by:lighthousekeeper
  • 3
  • 3

Expert Comment

ID: 33446054
What speed is your network?  What is the MTU on the Macs. Could be that the MTU is too big on the Macs, and/or that the virtualized Exchange server is failing to handle TCP negotiations properly.

Try setting one Mac to the same MTU as the virtual Exchange server (and possibly also set the MTU on the interface of the "real" host).

Just a guess.

However, if the only thing that changed is your new virtual server, then I would concentrate my investigations around that.

Author Comment

ID: 33458882
I wanted to provide an update on this issue:  The problem actually occurs on a Mac or a PC platform.  What I have found is OWA works fine through Internet Explorer, but any other browser (firefox, Chrome, etc.) we will get intermittent timeouts which makes OWA difficult to use.

As an example, after logging into OWA when you page through your lists of messages it will stop transmitting midway through the list.  It will then finally catch up and finish displaying the page.  Sometimes it completes, sometimes it does not--just hangs.  Wiresharks says TCP Out-of-Orders and Dup ACK's are occurring.  We've replaced out switched (for another reason) and that did not make a difference.

OWA on Internet Explorer seems to be wrapped in Active X (or something) and has a much richer experience versus OWA in Firefox (where the problem occurs).  Is this a clue as to why this could be happening?

The timeout issue DOES happen internally, but it happens RARELY and doesn't seem nearly as severe as when accessing remotely.  If you VPN in remotely and test internally over the VPN, the issue still occurs.  We are replacing the firewall this evening and I will report if that makes any difference.

We're starting to go crazy at this point.  Any suggestions are greatly appreciated!


Expert Comment

ID: 33460125
Well, my suggestion would be to complain to the virtualization provider, complain to Microsoft (you bought support, right ...), and/or move all your stuff to Google and just ditch Exchange.  It's a bloated steaming pile that just wastes resources and doesn't play well with others.

I'm sure that ActiveX uses some backdoor to access Exchange versus other browsers. You could see this pretty easily in Wireshark, I bet.  

I still suspect the TCP stack on the virtual server is somehow getting twisted because of Exchange.

Not what you wanted to hear, but I have nothing more to add.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 33474400
Thanks...  I just wanted to add a little more information.

We swapped out our switches and firewall with new ones.

FTP, SMB, Remote Desktop, RPC--these protocols work fine to this server on any platform.

HTTP, HTTPS--these protocols timeout with TCP Dup ACK's, TCP Previous Segment lost, TCP Out of Order.

Downloading via HTTP or HTTPS on Windows PC's works fine.  Mac or Linux PC's we get the timeouts.  I tested the HTTP HTTPS issue directly from the root directory outside of exchange.

I'm think I'm going to contact Microsoft as I believe it is an IIS issue.  What do you think?  Any last ideas?

Expert Comment

ID: 33474481
Yeah, IIS, or possibly the network stack isn't dealing with the network speed.  

Have you tried disabling all firewall/filtering on the server? Perhaps some stateful firewall is inspecting HTTP packets and hosing them.

Maybe try a different network adapter in the server.

Good luck.

Accepted Solution

lighthousekeeper earned 0 total points
ID: 33480826
Problem resolved.  Here is fix:  



Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you in the migration process of your Exchange to Exchange Online? Be aware of customized solutions developed on the transport role on your old Exchange server. They might not be convertible to Exchange Online!
What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
To export Lotus Notes to Outlook PST or Exchange and Domino Server files to Exchange Server or PST files with ease, go for Kernel for Lotus Notes to Outlook conversion tool. Through the video, you can watch the conversion process. A common user with…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question