Adjust your firewall to avoid Exchange 2007 Direct Push failures

The longer the timeout period is, the fewer the number of HTTP or HTTPS ping requests that must be sent between the mobile device and the Exchange server. Fewer ping requests result in less battery consumption and lower cellular bills.

So why not make the timeout period infinite? If a connection never times out, there is no way of knowing if it failed. Essentially, the longer the timeout period, the longer it takes a mobile device to detect a communications failure.

Exchange 2007 dynamically adjusts HTTP and HTTPS timeout periods based on the connection's reliability. When a connection is initially established between a mobile device and an Exchange server, the timeout period is relatively short. But over time, the timeout period is extended gradually as the connection proves to be reliable.

The firewall session timeout period controls the length of time that an HTTP or HTTPS connection is allowed to exist without any traffic after a session has been fully established. Most firewalls are configured by default with timeout periods shorter than 28 minutes.

If the timeout period is set too low, then the firewall will disconnect the session and fo

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Devices Using Mobile Device Manager 2008 server roles in Exchange 2007 Understanding Exchange Server 2007 SP1 mobile security settings Synchronized Exchange mobile device showing deleted appointment Which ActiveSync authentication method is best for your mobile device? Disable ActiveSync in bulk with Exchange Management Shell commands Configuring ActiveSync authentication in Exchange Server 2007 Performing a remote wipe on ActiveSync devices in Exchange Server 2007 Enabling encryption with digital certificates on BlackBerry devices Issues viewing email with attachments on BlackBerry mobile device Email is appearing on BlackBerry mobile devices, but bypassing Outlook 2007 Microsoft Exchange Server 2007 Using Mobile Device Manager 2008 server roles in Exchange 2007 Relocating Outlook email messages on a hosted Exchange 2007 server New high availability features in Exchange Server 2010 An introduction to the DSAccess service in Exchange Server 2007 Control Outlook 2007 in cached mode settings with group policies Exchange Performance Monitor tracks domain controller communication Meeting Workspaces in Microsoft Office SharePoint Server 2007 Exchange Server 2007 SP2 reinstates built-in backup capabilities Three Performance Monitors counters to use in Exchange Server 2007 Understanding Exchange Server 2007 SP1 mobile security settings Microsoft Exchange Server 2007 Research ISA Server and Firewalls for Microsoft Exchange Server Top 5 Exchange mobile tips of 2008 Microsoft Exchange Server security dos and don'ts Windows SBS and Exchange Server security configuration best practices Why Exchange ActiveSync fails with NAT firewalls Deploying ISA Server as a firewall for Exchange Server mobile devices OWA stops working from external network connection Enhance OWA logon security using Microsoft ISA Server Firewall problems with Exchange Server 2007 email attachments How and why to disable certain ESMTP verbs Creating an ethical firewall in Exchange Server 2007

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary reverse proxy server  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

rce the mobile device to reconnect. Email remains unsynchronized until the mobile device reconnects, possibly leading to longer periods of time in which the mobile device is out of sync with the Exchange server. To avoid this problem, Microsoft recommends setting your firewall's idle connection timeout period to 30 minutes.

Direct Push has four heartbeat registry keys. The HeartbeatMax registry key controls the Direct Push maximum heartbeat duration. By default, the maximum heartbeat duration is set to 28 minutes. You can adjust the registry key to extend heartbeat durations, but your network settings may prevent Exchange from being able to use the default maximum heartbeat duration.

If you choose to configure an Exchange 2007 Client Access Server to extend the heartbeat duration, then you must adjust your firewall's timeout settings accordingly. I recommend configuring your firewall's timeout period about two minutes longer than the heartbeat duration that Exchange Server uses.

About the author: Brien M. Posey, MCSE, is a four-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS) and Exchange Server. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal Web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.