I am sorry, I was confused, you are right. 443 isn't the windows auth port, 445 is. 445 is the one that is being blocked. I am not so versed in the low level packet analyzation I am afraid. I did a netmon capture from my machine at home to the exchsrv, and I can see where the delays occur physically in the list, but am not certain how to determine what is going on. Tony ----- Original Message ----- From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx> Sent: Monday, October 20, 2003 11:56 AM Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast > http://www.MSExchange.org/ > > I don't think so. SSL is TCP 443 by default. If your E2K server is > different, then it's different because somebody set it that way and they > either redirect it or you tell your clients to use it that way. > > Given the information you present, I'd say that the issue is very likely > something that comcast is doing, but it's surprising that it doesn't work > for both implementations. > > Where is the delay showing in the trace and what's on the wire when it > happens? Are you seeing a lot of IP fragments or anything like that? > > > Al > > -----Original Message----- > From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx] > Sent: Monday, October 20, 2003 2:41 PM > To: [ExchangeList] > Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast > > http://www.MSExchange.org/ > > It's not a dns issue because simply removing SSL from the picture works > fine. Http://exchsrv2.cs.washington.edu = instant > https://exchsrv2.cs.washington.edu/exchange = delay. If it was a DNS issue, > it would be slow for both. Even after you connect, and get a DNS cache, it > is still slow. Plus, I added an entry directly to my HOST file. 3rd, I have > done a netmon capture, and you can see where the delays occur, and it's not > the initial portion of the conversation > > I take ISP out of the picture by doing it at work, asking co workers with > DSL to try. I have comcast cable at home, and so do about 20% of the other > users on our network. All comcast users report problems, everyone else works > fine. > > I did do a network monitor capture, I just took a deeper look and it appears > there is some connection trying to happen to destination port 443, which I > know COMCAST is blocking, so the problem is related to that I imagine. > > I have 2 exchange servers, one is win2k & echc2k the other is win2k3 & > ech2k3. Some users on each (planning to move all users to new one, once I > solve this problem). Connecting to the older exchsrv works fine, even with > the SSL. Connecting to the new one has delays. > > Is it safe to assume I have something misconfigured, that is telling OWA to > authenticate via port 443, where as the older one is not? I will look into > it. > > Tony > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ >