Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2007/2010 Issue with IMAP / TMG Redirection Rule

Posted on 2011-09-30
5
Medium Priority
?
1,211 Views
Last Modified: 2013-11-29
We are having issues with IMAP clients (various clients on various OS’s) connecting to Exchange 2007 CAS and mailbox servers when we change our TMG rule to redirect clients to our 2010 CAS in preparation for an eventual migration to Exchange 2010.  Currently there is a single external entry point for all IMAP clients over port 993 pointing to our TMG server.  Our Exchange system consists of TMG servers in an Array (two servers with a DB server) There are two Exchange 2007 CAS running an NLB and a single 2007 CCR mailbox server.  Exchange 2010 has two CAS running an NLB with a 2 node DAG.  When we switch the TMG rule to point to the Exchange 2010 CAS NLB we get a variety of intermittent client RECEIVE (fetch) connectivity issues ranging from poor performance and IMAP synchronization to on some clients, inability to connect.  Please note all mailboxes are on Exchange 2007 we are just changing the TMG rule for IMAP clients to point to the 2010 NLB.  Testing was also done redirecting to a single 2010 CAS with similar results.

•      Thunderbird reported this Alert
“An error occurred during a connection to <OurDomainName>:993. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)”
•      Reinstalling or upgrading the IMAP client seemed to have helped in some instances with this and some other performance / connectivity issues.  
•      Outlook, configured as IMAP; reported synchronization issues.
•      In other tests, we've had IMAP clients reject the mailbox password and continuously prompt for a password without locking the users AD account due to bad passwords.

I opened a case with MS support and they analyzed the IMAP logging files, along with everything else on TMG, DC’s and Exchange servers without finding any issues with these servers.  The IMAP clients are configured correctly as they can connect once the rule is reverted back to point to the 2007 NLB.

One would assume that changing a TMG rule to point from an existing functioning exchange 2007 server to an Exchange 2010 server would not generate widespread intermittent client connectivity issues, but it seems to in our exchange configuration.   Please note that we are NOT moving the mailboxes just a TMG rule.

Has anyone come across or experienced this?  Any known solution?  Any and all information is greatly appreciated
0
Comment
Question by:winsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 36894653
What are you seeing in the TMG realtime log monitor when imap access is attempted?
0
 

Author Comment

by:winsystems
ID: 36912418
The incident occured serval weeks ago and we are preparing for another test.  Any suggestion as to what to look for or what should we filter by?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 36912435
Filter by the source or destination ip address - nothing else. Capture everything in the conversation then post it up here.
0
 

Accepted Solution

by:
winsystems earned 0 total points
ID: 38273562
issue was determined to be TMG related to how it interfaces with the Exchange 2010 NLB.  Reconfiguration of TMG Server array connecting to 2010 CAS NLB corrected this issue.
0
 

Author Closing Comment

by:winsystems
ID: 38287015
reconfiguration of TMG corrected this issue
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question