RE: SSL & win2k3 & E2k3 & comcast
- From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Mon, 20 Oct 2003 16:56:17 -0400
What you might want to do is check the logs. The IIS logs, the application
event log and the system event log. See if anything shows up that indicates
where a problem might be.
I think if you look at netmon and sort by time from last frame, you may see
some delays. Check the source of the delays and see if you can tell if the
delay is from your machine or from the Exchange side. In other words, try
to narrown down the item that is causing the delay before proceeding. It
stands to reason that the problem is on the comcast network and you may need
some help from your network folks and comcast to narrow it down further.
Before you include any of those resources, have a look at the things in your
control and see what shakes out. Be especially looking for retransmits in
the netmon trace if the logs don't indicate any kind of problem.
Al
-----Original Message-----
From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx]
Sent: Monday, October 20, 2003 3:05 PM
To: [ExchangeList]
Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
http://www.MSExchange.org/
I am sorry, I was confused, you are right. 443 isn't the windows auth port,
445 is. 445 is the one that is being blocked.
I am not so versed in the low level packet analyzation I am afraid. I did a
netmon capture from my machine at home to the exchsrv, and I can see where
the delays occur physically in the list, but am not certain how to determine
what is going on.
Tony
----- Original Message -----
From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Sent: Monday, October 20, 2003 11:56 AM
Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
> http://www.MSExchange.org/
>
> I don't think so. SSL is TCP 443 by default. If your E2K server is
> different, then it's different because somebody set it that way and they
> either redirect it or you tell your clients to use it that way.
>
> Given the information you present, I'd say that the issue is very likely
> something that comcast is doing, but it's surprising that it doesn't work
> for both implementations.
>
> Where is the delay showing in the trace and what's on the wire when it
> happens? Are you seeing a lot of IP fragments or anything like that?
>
>
> Al
>
> -----Original Message-----
> From: Tony Anderson [mailto:tandersn@xxxxxxxxxxxxxxxxx]
> Sent: Monday, October 20, 2003 2:41 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: SSL & win2k3 & E2k3 & comcast
>
> http://www.MSExchange.org/
>
> It's not a dns issue because simply removing SSL from the picture works
> fine. Http://exchsrv2.cs.washington.edu = instant
> https://exchsrv2.cs.washington.edu/exchange = delay. If it was a DNS
issue,
> it would be slow for both. Even after you connect, and get a DNS cache, it
> is still slow. Plus, I added an entry directly to my HOST file. 3rd, I
have
> done a netmon capture, and you can see where the delays occur, and it's
not
> the initial portion of the conversation
>
> I take ISP out of the picture by doing it at work, asking co workers with
> DSL to try. I have comcast cable at home, and so do about 20% of the other
> users on our network. All comcast users report problems, everyone else
works
> fine.
>
> I did do a network monitor capture, I just took a deeper look and it
appears
> there is some connection trying to happen to destination port 443, which I
> know COMCAST is blocking, so the problem is related to that I imagine.
>
> I have 2 exchange servers, one is win2k & echc2k the other is win2k3 &
> ech2k3. Some users on each (planning to move all users to new one, once I
> solve this problem). Connecting to the older exchsrv works fine, even with
> the SSL. Connecting to the new one has delays.
>
> Is it safe to assume I have something misconfigured, that is telling OWA
to
> authenticate via port 443, where as the older one is not? I will look into
> it.
>
> Tony
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
> Resource Site: http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
Other related posts:
