Solved

TCP Out-of-Orders and TCP Dup ACK's on Macintosh clients w/ Exchange

Posted on 2010-08-16
6
1,605 Views
Last Modified: 2012-05-10
Hi,

I have a strange issue that I am struggling with.  I recently used XenConvert to virtualize a Windows 2003 Server running Exchange 2003.  It is a single server which is accessed via Mac and PC clients.  Ever since I virtualized the server the Mac computers are having connectivity issues.

When I run a Wireshark capture I am seeing TCP Out-of-Order and TCP Dup ACK's.  A way to clearly see this behavior and the network connectivity stall is to open up the webmail and page through e-mails.  You will see the connection stall midpage.  It will usually resume the connection anywhere between 5 and 5 minutes later.

This is causing problems for remote Entourage users and people accessing webmail.

Now here is the strange part:  The issue only affects Mac's (and one of my Linux systems that I tested with).  If you pull up webmail with Internet Explorer on a Windows PC, there are no timeouts, no stalling--everything loads just fine.

I don't THINK it's a hardware issue on the switches or server NIC as Windows has no problems, just the Mac's.  I am able to copy large files via SMB from the Server to the Mac, so it seems to be localized to IIS.

We're running the most recent versions of firmware on the new server.  I am going to perform all Windows updates and see if a patch may resolve this issue.  Can anyone think of a possible reason as to why this would be occuring?

Thanks for any suggestions!
0
Comment
Question by:lighthousekeeper
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:et01267
ID: 33446054
What speed is your network?  What is the MTU on the Macs. Could be that the MTU is too big on the Macs, and/or that the virtualized Exchange server is failing to handle TCP negotiations properly.

Try setting one Mac to the same MTU as the virtual Exchange server (and possibly also set the MTU on the interface of the "real" host).

Just a guess.

However, if the only thing that changed is your new virtual server, then I would concentrate my investigations around that.
0
 

Author Comment

by:lighthousekeeper
ID: 33458882
I wanted to provide an update on this issue:  The problem actually occurs on a Mac or a PC platform.  What I have found is OWA works fine through Internet Explorer, but any other browser (firefox, Chrome, etc.) we will get intermittent timeouts which makes OWA difficult to use.

As an example, after logging into OWA when you page through your lists of messages it will stop transmitting midway through the list.  It will then finally catch up and finish displaying the page.  Sometimes it completes, sometimes it does not--just hangs.  Wiresharks says TCP Out-of-Orders and Dup ACK's are occurring.  We've replaced out switched (for another reason) and that did not make a difference.

OWA on Internet Explorer seems to be wrapped in Active X (or something) and has a much richer experience versus OWA in Firefox (where the problem occurs).  Is this a clue as to why this could be happening?

The timeout issue DOES happen internally, but it happens RARELY and doesn't seem nearly as severe as when accessing remotely.  If you VPN in remotely and test internally over the VPN, the issue still occurs.  We are replacing the firewall this evening and I will report if that makes any difference.

We're starting to go crazy at this point.  Any suggestions are greatly appreciated!

0
 
LVL 8

Expert Comment

by:et01267
ID: 33460125
Well, my suggestion would be to complain to the virtualization provider, complain to Microsoft (you bought support, right ...), and/or move all your stuff to Google and just ditch Exchange.  It's a bloated steaming pile that just wastes resources and doesn't play well with others.

I'm sure that ActiveX uses some backdoor to access Exchange versus other browsers. You could see this pretty easily in Wireshark, I bet.  

I still suspect the TCP stack on the virtual server is somehow getting twisted because of Exchange.

Not what you wanted to hear, but I have nothing more to add.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:lighthousekeeper
ID: 33474400
Thanks...  I just wanted to add a little more information.

We swapped out our switches and firewall with new ones.

FTP, SMB, Remote Desktop, RPC--these protocols work fine to this server on any platform.

HTTP, HTTPS--these protocols timeout with TCP Dup ACK's, TCP Previous Segment lost, TCP Out of Order.

Downloading via HTTP or HTTPS on Windows PC's works fine.  Mac or Linux PC's we get the timeouts.  I tested the HTTP HTTPS issue directly from the root directory outside of exchange.

I'm think I'm going to contact Microsoft as I believe it is an IIS issue.  What do you think?  Any last ideas?
0
 
LVL 8

Expert Comment

by:et01267
ID: 33474481
Yeah, IIS, or possibly the network stack isn't dealing with the network speed.  

Have you tried disabling all firewall/filtering on the server? Perhaps some stateful firewall is inspecting HTTP packets and hosing them.

Maybe try a different network adapter in the server.

Good luck.
0
 

Accepted Solution

by:
lighthousekeeper earned 0 total points
ID: 33480826
Problem resolved.  Here is fix:  

http://support.microsoft.com/kb/904946/

0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now