Adjust your firewall to avoid Exchange 2007 Direct Push failures

• If no new email messages arrive, the session will eventually time out. When a session's time limit expires, Exchange 2007 transmits an HTTP 200 response to the mobile device client, indicating that no changes have occurred. The client then issues another HTTP or HTTPS request, and the process starts again.

• If a new email message arrives in the user's inbox before the HTTP or HTTPS session times out, then Exchange Server 2007 will respond and inform the mobile device client which folder to synchronize. When the mobile device client receives this response, it issues a synchronization request. Once all of the data has been synchronized, the client reissues an HTTP or HTTPS ping request, and the process begins again.

The longer the timeout period is, the fewer the number of HTTP or HTTPS ping requests that must be sent between the mobile device and the Exchange server. Fewer ping requests result in less battery consumption and lower cellular bills.

So why not make the timeout period infinite? If a connection never times out, there is no way of knowing if it failed. Essentially, the longer the timeout period, the longer it takes a mobile device to detect a communications failure.

Exchange 2007 dynamically adjusts HTTP and HTTPS timeout periods based on the connection's reliability. When a connection is initially established between a mobile device and an Exchange server, the timeout perio...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Devices Top 5 Exchange ActiveSync tips Windows Mobile 6.5 touts Internet Explorer, OWA improvements Windows Mobile 6.5 touts ActiveSync and Outlook Mobile improvements What are your options for sending text messages from Outlook 2007? Using Mobile Device Manager 2008 server roles in Exchange 2007 Understanding Exchange Server 2007 SP1 mobile security settings Synchronized Exchange mobile device showing deleted appointment Which ActiveSync authentication method is best for your mobile device? Disable ActiveSync in bulk with Exchange Management Shell commands Configuring ActiveSync authentication in Exchange Server 2007 Microsoft Exchange Server 2007 How to install Forefront Security for Exchange Server Displaying Exchange 2007 public folders in SharePoint Don'ts for optimal Exchange 2007 mailbox server efficiency Is your Exchange 2007 hub transport server healthy? Top 5 Exchange ActiveSync tips Two useful tools for documenting an Exchange Server installation Controlling spam in Exchange 2007 at the edge transport server level Restore Exchange storage groups with DPM 2007 How a hosted Exchange service can help you Email issues after configuring hosted Exchange server on laptop Microsoft Exchange Server 2007 Research ISA Server and Firewalls for Microsoft Exchange Server Top 5 Exchange mobile tips of 2008 Microsoft Exchange Server security dos and don'ts Windows SBS and Exchange Server security configuration best practices Why Exchange ActiveSync fails with NAT firewalls Deploying ISA Server as a firewall for Exchange Server mobile devices OWA stops working from external network connection Enhance OWA logon security using Microsoft ISA Server Firewall problems with Exchange Server 2007 email attachments How and why to disable certain ESMTP verbs Creating an ethical firewall in Exchange Server 2007

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary reverse proxy server  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

d is relatively short. But over time, the timeout period is extended gradually as the connection proves to be reliable.

The firewall session timeout period controls the length of time that an HTTP or HTTPS connection is allowed to exist without any traffic after a session has been fully established. Most firewalls are configured by default with timeout periods shorter than 28 minutes.

If the timeout period is set too low, then the firewall will disconnect the session and force the mobile device to reconnect. Email remains unsynchronized until the mobile device reconnects, possibly leading to longer periods of time in which the mobile device is out of sync with the Exchange server. To avoid this problem, Microsoft recommends setting your firewall's idle connection timeout period to 30 minutes.

Direct Push has four heartbeat registry keys. The HeartbeatMax registry key controls the Direct Push maximum heartbeat duration. By default, the maximum heartbeat duration is set to 28 minutes. You can adjust the registry key to extend heartbeat durations, but your network settings may prevent Exchange from being able to use the default maximum heartbeat duration.

If you choose to configure an Exchange 2007 Client Access Server to extend the heartbeat duration, then you must adjust your firewall's timeout settings accordingly. I recommend configuring your firewall's timeout period about two minutes longer than the heartbeat duration that Exchange Server uses.

About the author: Brien M. Posey, MCSE, is a four-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS) and Exchange Server. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal Web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.