HTTPS timeout and Cisco ASA firewall
Real...@nospam.nospam
The average of the most recent [200] heartbeat intervals used by clients is
less than or equal to [540]. Make sure that your firewall configuration is
set to work correctly with Exchange ActiveSync and direct push technology.
Specifically, make sure that your firewall is configured so that requests to
Exchange ActiveSync do not expire before they have the opportunity to be
processed. For more information about how to configure firewall settings
when using Exchange ActiveSync, see Microsoft Knowledge Base article 905013,
"Enterprise Firewall Configuration for Exchange ActiveSync Direct Push
Technology" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).
For more information, see Help and Support Center at
we are using a cisco ASA firewall to pass the ssl traffic in. Which timout
setting on the ASA firewall corresponds to HTTPS timeout? Has anyone else
battled this issue?
Robert Li [MSFT]
Thanks for posting in our newsgroup.
From your description, I know that you get the following event in Exchange
2003:
The average of the most recent [200] heartbeat intervals used by clients is
less than or equal to [540]. Make sure that your firewall configuration is
set to work correctly with Exchange ActiveSync and direct push technology.
Specifically, make sure that your firewall is configured so that requests
to Exchange ActiveSync do not expire before they have the opportunity to be
processed.
If that not right, please don't hesitate to let me know.
According to KB 905013 "Enterprise firewall configuration for Exchange
ActiveSync Direct Push Technology", to fix this, the you need to increase
the firewall time-out values for HTTP(S) requests to the Exchange Server
Microsoft-Server-ActiveSync virtual directory to provide a richer,
"always-up-to-date" experience. Since you third party firewall, please
contact the manufacture on how to increase the firewall time-out values.
Thanks for your understanding.
If you need further assistance, please don't hesitate to let me know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<From: <Real...@nospam.nospam>
<Subject: HTTPS timeout and Cisco ASA firewall
<Date: Thu, 29 Nov 2007 13:52:20 -0800
<Lines: 21
<X-Priority: 3
<X-MSMail-Priority: Normal
<X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<X-RFC2646: Format=Flowed; Original
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<Message-ID: <#YrweItM...@TK2MSFTNGP02.phx.gbl>
<Newsgroups: microsoft.public.exchange.admin
<NNTP-Posting-Host: 64-172-142-154.sjgov.org 64.172.142.154
<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.exchange.admin:53253
<X-Tomcat-NG: microsoft.public.exchange.admin
atlantianferret
Thanks,
William Moore
atlantianferret
Thanks,
William Moore
elyograg
place for errors in event logs, so we get regular email alerts for this
"problem" even though everything appears to be working perfectly. We only
have a few clients using this. We're in Utah, one of the clients is in New
York and one of them is in the UK.
The connection timeout (idle TCP connections) on our ASA is set to 2:05:00
(2 hours and five minutes), which ought to be plenty. I cannot see any
timeout settings relating to HTTPS. The chance of this being a firewall
issue on our end is very slim. Is this a problem with the client's mobile
provider, or the Exchange server? Might it be a bad setting on one of the
phones?
"atlantianferret" wrote:
> I found this
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080624e19.shtml
>
> Thanks,
>
> William Moore
>
> "atlantianferret" wrote:
>
> > Did you ever find this? I am having the same issue.
> >
> > Thanks,
> >
> > William Moore
> >
> > "Real...@nospam.nospam" wrote:
> >
> > > I'm getting the following warning on our OWA 2003 server:
> > >
> > > The average of the most recent [200] heartbeat intervals used by clients is
> > > less than or equal to [540]. Make sure that your firewall configuration is
[snip]