RE: SSL & win2k3 & E2k3 & comcast
- From: "Tony Anderson" <tandersn@xxxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 23 Oct 2003 14:31:13 -0700
Just wanted to update this, the problem only happens with IE as the client
(in addition to all the other conditions). If I use mozilla, there is no
delay. Mozilla, however, doesn't allow the E2k3 'PREMIUM' OWA client.
Tony
----- Original Message -----
From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Sent: Monday, October 20, 2003 1:56 PM
Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
> http://www.MSExchange.org/
>
> What you might want to do is check the logs. The IIS logs, the
application
> event log and the system event log. See if anything shows up that
indicates
> where a problem might be.
>
> I think if you look at netmon and sort by time from last frame, you may
see
> some delays. Check the source of the delays and see if you can tell if
the
> delay is from your machine or from the Exchange side. In other words, try
> to narrown down the item that is causing the delay before proceeding. It
> stands to reason that the problem is on the comcast network and you may
need
> some help from your network folks and comcast to narrow it down further.
> Before you include any of those resources, have a look at the things in
your
> control and see what shakes out. Be especially looking for retransmits in
> the netmon trace if the logs don't indicate any kind of problem.
>
>
> Al
>
>
>
>
> -----Original Message-----
> From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx]
> Sent: Monday, October 20, 2003 3:05 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
>
> http://www.MSExchange.org/
>
> I am sorry, I was confused, you are right. 443 isn't the windows auth
port,
> 445 is. 445 is the one that is being blocked.
>
> I am not so versed in the low level packet analyzation I am afraid. I did
a
> netmon capture from my machine at home to the exchsrv, and I can see where
> the delays occur physically in the list, but am not certain how to
determine
> what is going on.
>
> Tony
>
> ----- Original Message -----
> From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
> Sent: Monday, October 20, 2003 11:56 AM
> Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
>
>
> > http://www.MSExchange.org/
> >
> > I don't think so. SSL is TCP 443 by default. If your E2K server is
> > different, then it's different because somebody set it that way and they
> > either redirect it or you tell your clients to use it that way.
> >
> > Given the information you present, I'd say that the issue is very likely
> > something that comcast is doing, but it's surprising that it doesn't
work
> > for both implementations.
> >
> > Where is the delay showing in the trace and what's on the wire when it
> > happens? Are you seeing a lot of IP fragments or anything like that?
> >
> >
> > Al
> >
> > -----Original Message-----
> > From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx]
> > Sent: Monday, October 20, 2003 2:41 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
> >
> > http://www.MSExchange.org/
> >
> > It's not a dns issue because simply removing SSL from the picture works
> > fine. Http://exchsrv2.cs.washington.edu = instant
> > https://exchsrv2.cs.washington.edu/exchange = delay. If it was a DNS
> issue,
> > it would be slow for both. Even after you connect, and get a DNS cache,
it
> > is still slow. Plus, I added an entry directly to my HOST file. 3rd, I
> have
> > done a netmon capture, and you can see where the delays occur, and it's
> not
> > the initial portion of the conversation
> >
> > I take ISP out of the picture by doing it at work, asking co workers
with
> > DSL to try. I have comcast cable at home, and so do about 20% of the
other
> > users on our network. All comcast users report problems, everyone else
> works
> > fine.
> >
> > I did do a network monitor capture, I just took a deeper look and it
> appears
> > there is some connection trying to happen to destination port 443, which
I
> > know COMCAST is blocking, so the problem is related to that I imagine.
> >
> > I have 2 exchange servers, one is win2k & echc2k the other is win2k3 &
> > ech2k3. Some users on each (planning to move all users to new one, once
I
> > solve this problem). Connecting to the older exchsrv works fine, even
with
> > the SSL. Connecting to the new one has delays.
> >
> > Is it safe to assume I have something misconfigured, that is telling OWA
> to
> > authenticate via port 443, where as the older one is not? I will look
into
> > it.
> >
> > Tony
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
> > Resource Site: http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
Other related posts:
