Just wanted to update this, the problem only happens with IE as the client (in addition to all the other conditions). If I use mozilla, there is no delay. Mozilla, however, doesn't allow the E2k3 'PREMIUM' OWA client. Tony ----- Original Message ----- From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx> Sent: Monday, October 20, 2003 1:56 PM Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast > http://www.MSExchange.org/ > > What you might want to do is check the logs. The IIS logs, the application > event log and the system event log. See if anything shows up that indicates > where a problem might be. > > I think if you look at netmon and sort by time from last frame, you may see > some delays. Check the source of the delays and see if you can tell if the > delay is from your machine or from the Exchange side. In other words, try > to narrown down the item that is causing the delay before proceeding. It > stands to reason that the problem is on the comcast network and you may need > some help from your network folks and comcast to narrow it down further. > Before you include any of those resources, have a look at the things in your > control and see what shakes out. Be especially looking for retransmits in > the netmon trace if the logs don't indicate any kind of problem. > > > Al > > > > > -----Original Message----- > From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx] > Sent: Monday, October 20, 2003 3:05 PM > To: [ExchangeList] > Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast > > http://www.MSExchange.org/ > > I am sorry, I was confused, you are right. 443 isn't the windows auth port, > 445 is. 445 is the one that is being blocked. > > I am not so versed in the low level packet analyzation I am afraid. I did a > netmon capture from my machine at home to the exchsrv, and I can see where > the delays occur physically in the list, but am not certain how to determine > what is going on. > > Tony > > ----- Original Message ----- > From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx> > To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx> > Sent: Monday, October 20, 2003 11:56 AM > Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast > > > > http://www.MSExchange.org/ > > > > I don't think so. SSL is TCP 443 by default. If your E2K server is > > different, then it's different because somebody set it that way and they > > either redirect it or you tell your clients to use it that way. > > > > Given the information you present, I'd say that the issue is very likely > > something that comcast is doing, but it's surprising that it doesn't work > > for both implementations. > > > > Where is the delay showing in the trace and what's on the wire when it > > happens? Are you seeing a lot of IP fragments or anything like that? > > > > > > Al > > > > -----Original Message----- > > From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx] > > Sent: Monday, October 20, 2003 2:41 PM > > To: [ExchangeList] > > Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast > > > > http://www.MSExchange.org/ > > > > It's not a dns issue because simply removing SSL from the picture works > > fine. Http://exchsrv2.cs.washington.edu = instant > > https://exchsrv2.cs.washington.edu/exchange = delay. If it was a DNS > issue, > > it would be slow for both. Even after you connect, and get a DNS cache, it > > is still slow. Plus, I added an entry directly to my HOST file. 3rd, I > have > > done a netmon capture, and you can see where the delays occur, and it's > not > > the initial portion of the conversation > > > > I take ISP out of the picture by doing it at work, asking co workers with > > DSL to try. I have comcast cable at home, and so do about 20% of the other > > users on our network. All comcast users report problems, everyone else > works > > fine. > > > > I did do a network monitor capture, I just took a deeper look and it > appears > > there is some connection trying to happen to destination port 443, which I > > know COMCAST is blocking, so the problem is related to that I imagine. > > > > I have 2 exchange servers, one is win2k & echc2k the other is win2k3 & > > ech2k3. Some users on each (planning to move all users to new one, once I > > solve this problem). Connecting to the older exchsrv works fine, even with > > the SSL. Connecting to the new one has delays. > > > > Is it safe to assume I have something misconfigured, that is telling OWA > to > > authenticate via port 443, where as the older one is not? I will look into > > it. > > > > Tony > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > > Resource Site: http://www.windowsecurity.com/ Network Security Library: > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 ISA Server Resource Site: http://www.isaserver.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ >