Adjust your firewall to avoid Exchange 2007 Direct Push failures

• If no new email messages arrive, the session will eventually time out. When a session's time limit expires, Exchange 2007 transmits an HTTP 200 response to the mobile device client, indicating that no changes have occurred. The client then issues another HTTP or HTTPS request, and the process starts again.

• If a new email message arrives in the user's inbox before the HTTP or HTTPS session times out, then Exchange Server 2007 will respond and inform the mobile device client which folder to synchronize. When the mobile device client receives this response, it issues a synchronization request. Once all of the data has been synchronized, the client reissues an HTTP or HTTPS ping request, and the process begins again.

The longer the timeout period is, the fewer the number of HTTP or HTTPS ping requests that must be sent between the mobile device and the Exchange server. Fewer ping requests result in less battery consumption and lower cellular bills.

So why not make the timeout period infinite? If a connection never times out, there is no way of knowing if it failed. Essentially, the longer the timeout period, the longer it takes a mobile device to detect a communications failure.

Exchange 2007 dynamically adjusts HTTP and HTTPS timeout periods based on the connection's reliability. When a connection is initially established between a mobile device and an Exchange server, the timeout period is relatively short. But over time, the timeout period is extended gradually as the connection proves to be reliable.

The firewall session timeout period controls the length of time that an HTTP or HTTPS connection is allowed to exist without any traffic after a session has been fully established. Most firewalls are configured by default with timeout periods shorter than 28 minutes.

If the timeout period is set too low, then the firewall will disconnect the session and force the mobile device to reconnect. Email remains unsynchronized until the mobile device reconnects, possibly leading to longer periods of time in which the mobile device is out of sync with the Exchange server. To avoid this problem, Microsoft recommends setting your firewall's idle connection timeout period to 30 minutes.

More on firewalls and Direct Push: Tip: Firewall problems with Exchange 2007 email attachments Tutorial: Configuring Microsoft Exchange Direct Push technology Step-by-Step Guide: How to secure mobile devices in Exchange Server 2007 KB Article: Understanding Direct Push You Had Me at EHLO: Direct Push is just a heartbeat away

Direct Push has four heartbeat registry keys. The HeartbeatMax registry key controls the Direct Push maximum heartbeat duration. By default, the maximum heartbeat duration is set to 28 minutes. You can adjust the registry key to extend heartbeat durations, but your network settings may prevent Exchange from being able to use the default maximum heartbeat duration.

If you choose to configure an Exchange 2007 Client Access Server to extend the heartbeat duration, then you must adjust your firewall's timeout settings accordingly. I recommend configuring your firewall's timeout period about two minutes longer than the heartbeat duration that Exchange Server uses.

About the author: Brien M. Posey, MCSE, is a four-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS) and Exchange Server. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal Web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Mobile Devices Sharing a user's Outlook calendar with a public folder calendar OWA Light vs. Exchange ActiveSync on Windows Mobile devices Prevent SSL-related synchronization errors on emulated mobile devices Connecting an Apple iPhone to Exchange Server on Windows SBS 2003 Why can't I send Exchange email from a BlackBerry 7100i mobile device? Troubleshoot Windows Mobile device emulator synchronization errors Configure Microsoft SharePoint mobile access via Exchange Server 2007 Synchronizing the Windows Mobile emulator with Exchange Server 2007 Configure a mobile device to receive POP3 email from Exchange Server Email sent to a PDA doesn't get saved in Exchange Server mailbox Microsoft Exchange Server 2007 How to protect an Exchange journaling mailbox from email spoofing Set up messaging records management (MRM) in Exchange Server 2007 Create a secure Microsoft Outlook Web Access (OWA) redirect page Why does a security alert pop up when accessing Outlook Web Access? How Microsoft's new support policy for virtualized Exchange will affect you Using Exchange Server journaling as an email-archiving solution Why too much memory can hurt Exchange Server 2007 performance Microsoft Exchange Server backup method pros and cons Virtualizing Exchange Server 2007 with Microsoft's Hyper-V Configure Microsoft SharePoint mobile access via Exchange Server 2007 Microsoft Exchange Server 2007 Research ISA Server and Firewalls for Microsoft Exchange Server Windows SBS and Exchange Server security configuration best practices Why Exchange ActiveSync fails with NAT firewalls Deploying ISA Server as a firewall for Exchange Server mobile devices OWA stops working from external network connection Enhance OWA logon security using Microsoft ISA Server Firewall problems with Exchange Server 2007 email attachments How and why to disable certain ESMTP verbs Creating an ethical firewall in Exchange Server 2007 Beware of firewalls that block Exchange Server's SMTP/POP3 communications How HTTP verbs can 'hang' Outlook Web Access RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary reverse proxy server  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.