RE: SSL & win2k3 & E2k3 & comcast

• From: "Gabrie van Zanten" <gabrie@xxxxxxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Mon, 20 Oct 2003 21:09:12 +0200

For what it is worth.
My ISP is blocking all trafic INCOMMING below port 1024. And connecting
to my company's SSL OWA is never a problem. Also I have exch2k3 w2k3 at
home running, with SSL redirected to 3344. No problems whatsoever.

Gabrie


-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] 
Sent: Monday, October 20, 2003 9:00 PM
To: [ExchangeList]
Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast


http://www.MSExchange.org/

Doesn't have to be but is certainly recommended.  TCP port 443 blocking
would block requests TO tcp 443 so everything SSL would break including
the E2K requests.  That's not it.  But it could be different at the
lower layers of the stack and it may be that the routers don't like
it/deal with it well.

As I recall from the description, the problem is not that it doesn't
work, but that it's 20-30 seconds slower via comcast.  If it were
blocked, it wouldn't work at all, right?  If it's another problem, such
as packet fragmentation, then it would manifest as a slowness while the
packets are reassembled etc. and would be especially noticeable with
retries.  Would be expected on some ATM networks.  That's a theory
anyway ;-) 

Al

-----Original Message-----
From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx] 
Sent: Monday, October 20, 2003 2:52 PM
To: [ExchangeList]
Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast

http://www.MSExchange.org/

It would be used if IIS is set to use windows authentication though,
would it not?

Tony
----- Original Message -----
From: "Gabrie van Zanten" <gabrie@xxxxxxxxxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Sent: Monday, October 20, 2003 11:51 AM
Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast


> http://www.MSExchange.org/
>
> Hi
>
> About the part where you talk about that comcast is blokking port 443.

> To my knowledge, when you connect to port 80 to visit a website, your 
> own port nr is NOT 80, but something above 1024. When doing OWA, 
> traffic would look like this:
>
> Home port 1099 -----------> request to OWA ------> port 80
> OWA  port 80   -----------> reply to Home -------> port 1099
>
> I don't think SSL is different in this. For each new SSL connection it

> will use a new portnr. Otherwise it would be impossible to visit more 
> then one SSL site at the same time.
>
> So COMCAST blocking 443, is not the issue I think. Maybe for incomming

> to COMCAST they block 443, but that is not used in your connection. 
> And if they were blocking 443, there was no connection at all, also 
> not after 1minute wait.
>
> Gabrie
>
>
> -----Original Message-----
> From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx]
> Sent: Monday, October 20, 2003 8:41 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
>
>
> http://www.MSExchange.org/
>
> It's not a dns issue because simply removing SSL from the picture 
> works fine. Http://exchsrv2.cs.washington.edu = instant 
> https://exchsrv2.cs.washington.edu/exchange = delay. If it was a DNS 
> issue, it would be slow for both. Even after you connect, and get a 
> DNS cache, it is still slow. Plus, I added an entry directly to my 
> HOST file. 3rd, I have done a netmon capture, and you can see where 
> the delays occur, and it's not the initial portion of the conversation
>
> I take ISP out of the picture by doing it at work, asking co workers 
> with DSL to try. I have comcast cable at home, and so do about 20% of 
> the other users on our network. All comcast users report problems, 
> everyone else works fine.
>
> I did do a network monitor capture, I just took a deeper look and it 
> appears there is some connection trying to happen to destination port 
> 443, which I know COMCAST is blocking, so the problem is related to 
> that I imagine.
>
> I have 2 exchange servers, one is win2k & echc2k the other is win2k3 &

> ech2k3. Some users on each (planning to move all users to new one, 
> once I solve this problem). Connecting to the older exchsrv works 
> fine, even with the SSL. Connecting to the new one has delays.
>
> Is it safe to assume I have something misconfigured, that is telling 
> OWA to authenticate via port 443, where as the older one is not? I 
> will look into it.
>
> Tony
>
>
> ------------------------------------------------------
> List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
ISA
> Server Resource Site: http://www.isaserver.org Windows Security
Resource
> Site: http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
>
> ------------------------------------------------------
> List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
>


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 ISA
Server Resource Site: http://www.isaserver.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 ISA
Server Resource Site: http://www.isaserver.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

Other related posts:

• » SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast
• » RE: SSL & win2k3 & E2k3 & comcast

1. Home
2. exchangelist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---