0

I have two Exchange 2007 servers, one (exch1) in Transport Hub, Mailbox, and Client Access roles and the other (owa1) in the Client Access role. owa1 is exposed to the world on port 443 for external access.

owa1 is logging the following errors several times a day:

Aug 5 21:01:07 owa1 ActiveSync: 1040: The average of the most recent [526] heartbeat intervals used by clients is less than or equal to [540]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and Direct Push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed. For more information about how to configure firewall settings when you use Exchange ActiveSync, see Microsoft Knowledge Base article 905013, "Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).

There are no accompanying explanatory log messages.

Most of the documentation I've found on this refers to firewall timeouts. My firewall is an OpenBSD box using the default tcp.established timeout of 86400 seconds (24 hours), so I don't think this is a problem. There is no host-based firewall.

There are a lot of iPhones and Palm devices in the organization, including mine, and I have yet to get a complaint that seems to relate to this.

Can anybody shed any light on this?

sh-beta
  • 6,838
  • 7
  • 47
  • 66

2 Answers2

1

There is some specific information on the components involved and what is being reported by this error in this technet article. Given that you are certain your own firewalls are not enforcing the session timeouts it is pretty clear that the most likely culprit is the Cellular provider.

The primary effect that this will have is poorer battery life for users with relatively low mail volumes, for high volume users the mail downloads dominate the power consumption so power users tend not to notice these problems as much as those who only get infrequent mail. The article indicates that it will lead to missed push notifications - what will happen is that notifications that happen during the timeout period will not result in a push and mail will only arrive after the client realizes that the heartbeat has been lost and reconnects. At least some of your users should be seeing some mails being delayed. The delays should never exceed 30 minutes and correctly functioning device should then reduce the sleep interval until they find a session duration that is sustainable.

Also note that the this is an average number - many (even most) of your users may be perfectly fine and the reduced average may be caused by an issue affecting a minority of users.

Helvick
  • 20,019
  • 4
  • 38
  • 55
  • Even though I can't technically verify this, what you describe fits with what I'm seeing. Accepting this as my answer. – sh-beta Sep 18 '09 at 19:41
  • It's worth having a good chat with your cellular provider. It's very important to remember that they aggressively manage their networks at the subscriber class level - for the most part I've found that they are willing to resolve pretty much any problem for you for a fee. If you can get enough information together to play one against the other you can negotiate very good deals but always remember to take what they tell you with a grain of salt. – Helvick Sep 19 '09 at 01:31
0

Why is exch1 a CAS server? Is it in a different site than cas1?

When I've seen this it's either been a firewall or a load balancer dropping the connection. Make sure the BSD box doesn't have some logic for how it determines if a connection is "idle" or something like that.

Thanks,

Brian Desmond

Active Directory MVP

Brian Desmond
  • 880
  • 4
  • 7
  • exch1 is the CAS server used by internal hosts. owa1 serves exclusively external hosts. The tcp.established value refers to the length of time the firewall will allow a TCP session to sit, idle, in the Established state. Is Activesync expecting the TCP session to be preserved in some other state (after the first FIN, after both FINs, etc)? – sh-beta Sep 02 '09 at 20:30
  • No it leaves the connection open and sends periodic heartbeats. The multiple CAS servers seems a little over complicated for a small deployment. – Brian Desmond Sep 05 '09 at 21:44
  • Complication aside, the firewall appears to be correctly configured for ActiveSync. Any other thoughts/ideas are greatly appreciated. – sh-beta Sep 08 '09 at 22:26
  • Some cellular providers encourage the use of particular (premium) service contracts for exchange style push mail services. Interfering with Exchange's heartbeat is one of the mechanisms that I've seen used by them to force customers to adopt these contracts. It's worth asking the provider if they fully support Exchange Activesync in push mode for the class of contracts that you're using. – Helvick Sep 14 '09 at 19:20