I don't think so. SSL is TCP 443 by default. If your E2K server is different, then it's different because somebody set it that way and they either redirect it or you tell your clients to use it that way. Given the information you present, I'd say that the issue is very likely something that comcast is doing, but it's surprising that it doesn't work for both implementations. Where is the delay showing in the trace and what's on the wire when it happens? Are you seeing a lot of IP fragments or anything like that? Al -----Original Message----- From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx] Sent: Monday, October 20, 2003 2:41 PM To: [ExchangeList] Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast http://www.MSExchange.org/ It's not a dns issue because simply removing SSL from the picture works fine. Http://exchsrv2.cs.washington.edu = instant https://exchsrv2.cs.washington.edu/exchange = delay. If it was a DNS issue, it would be slow for both. Even after you connect, and get a DNS cache, it is still slow. Plus, I added an entry directly to my HOST file. 3rd, I have done a netmon capture, and you can see where the delays occur, and it's not the initial portion of the conversation I take ISP out of the picture by doing it at work, asking co workers with DSL to try. I have comcast cable at home, and so do about 20% of the other users on our network. All comcast users report problems, everyone else works fine. I did do a network monitor capture, I just took a deeper look and it appears there is some connection trying to happen to destination port 443, which I know COMCAST is blocking, so the problem is related to that I imagine. I have 2 exchange servers, one is win2k & echc2k the other is win2k3 & ech2k3. Some users on each (planning to move all users to new one, once I solve this problem). Connecting to the older exchsrv works fine, even with the SSL. Connecting to the new one has delays. Is it safe to assume I have something misconfigured, that is telling OWA to authenticate via port 443, where as the older one is not? I will look into it. Tony ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------