Tip

Adjust your firewall to avoid Exchange 2007 Direct Push failures

Microsoft Direct Push allows users to synchronize their mobile devices with Exchange 2003 or Exchange 2007 mailboxes. This tip focuses on Direct Push use with Exchange Server 2007, and explains how to adjust firewall session timeout periods to avoid mobile device connection failures.
Microsoft designed Direct Push so that it can establish an HTTP or HTTPS session with Exchange Server 2007, send a ping request called a heartbeat message, and then go to sleep until it receives a response. At this point, one of two things can happen:

  • If no new email messages arrive, the session will eventually time out. When a session's time limit expires, Exchange 2007 transmits an HTTP 200 response to the mobile device client, indicating that no changes have occurred. The client then issues another HTTP or HTTPS request, and the process starts again.

  • If a new email message arrives in the user's inbox before the HTTP or HTTPS session times out, then Exchange Server 2007 will respond and inform the mobile device client which folder to synchronize. When the mobile device client receives this response, it issues a synchronization request. Once all of the data has been synchronized, the client reissues an HTTP or HTTPS ping request, and the process begins again.

The longer the timeout period is, the fewer the number of HTTP or HTTPS ping requests that must be sent between the mobile device and the Exchange server. Fewer ping requests result

    Requires Free Membership to View

in less battery consumption and lower cellular bills.

So why not make the timeout period infinite? If a connection never times out, there is no way of knowing if it failed. Essentially, the longer the timeout period, the longer it takes a mobile device to detect a communications failure.

Exchange 2007 dynamically adjusts HTTP and HTTPS timeout periods based on the connection's reliability. When a connection is initially established between a mobile device and an Exchange server, the timeout period is relatively short. But over time, the timeout period is extended gradually as the connection proves to be reliable.

The firewall session timeout period controls the length of time that an HTTP or HTTPS connection is allowed to exist without any traffic after a session has been fully established. Most firewalls are configured by default with timeout periods shorter than 28 minutes.

If the timeout period is set too low, then the firewall will disconnect the session and force the mobile device to reconnect. Email remains unsynchronized until the mobile device reconnects, possibly leading to longer periods of time in which the mobile device is out of sync with the Exchange server. To avoid this problem, Microsoft recommends setting your firewall's idle connection timeout period to 30 minutes.

More on firewalls and Direct Push:
Tip: Firewall problems with Exchange 2007 email attachments

Tutorial: Configuring Microsoft Exchange Direct Push technology

Step-by-Step Guide: How to secure mobile devices in Exchange Server 2007

KB Article: Understanding Direct Push

You Had Me at EHLO: Direct Push is just a heartbeat away

Direct Push has four heartbeat registry keys. The HeartbeatMax registry key controls the Direct Push maximum heartbeat duration. By default, the maximum heartbeat duration is set to 28 minutes. You can adjust the registry key to extend heartbeat durations, but your network settings may prevent Exchange from being able to use the default maximum heartbeat duration.

If you choose to configure an Exchange 2007 Client Access Server to extend the heartbeat duration, then you must adjust your firewall's timeout settings accordingly. I recommend configuring your firewall's timeout period about two minutes longer than the heartbeat duration that Exchange Server uses.

About the author: Brien M. Posey, MCSE, is a four-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS) and Exchange Server. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal Web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

This was first published in February 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.