2

We have an Exchange 2010 environment running behind an ASA 5510 and I have a weird iPhone (& iPad) connection issue to ActiveSync. When the exchange account is initially added, it says "The Connection to the Server Failed" and after 20 seconds, it finally works. Once it connects it is fine and works as any other exchange account I have used works. I can't for the life of me figure out what is wrong. I have looked for a redirect issue in IIS7, but I can't seem to find anything. I have also checked my firewall but all traffic seems to be going to port 443. This happens with every iDevice I have tried on WiFi and 3G.

EDIT:

The iPhone/iPad makes the connection, and then there is a 20 second delay where there is no traffic between the devices. It might be a delay between activesync and the global catalog.

It does not matter if the iphone is on 3G or wifi. iPad is only WiFi

I placed Wireshark on a mirrored port to monitor all traffic going to the exchange server. There is a 20 second gap from the last packet sent from the first handshake

10.157.20.7 is the server and 10.157.10.34 is the iPad.

397 29.877418 10.157.20.7 10.157.10.34 TCP 66 https > 49572 [ACK] Seq=791 Ack=1227 Win=65536 Len=0 TSval=4492670 TSecr=731525178

and the next two packets are: (after the 20 second gap, if you look at the timestamp)

627 49.870330 10.157.20.7 10.157.10.34 TLSv1 391 Application Data

and

628 49.968606 10.157.10.34 10.157.20.7 TCP 66 49572 > https [ACK] Seq=1227 Ack=1116 Win=130736 Len=0 TSval=731545189 TSecr=4494670

I am completely stumped and I think it is something simple I am missing.Thank you!

Siriss
  • 209
  • 1
  • 3
  • 13
  • Can you maybe dig up the IIS logs on the CAS server that they're connecting to, and see if there's anything different about the requests that work versus the requests that don't? – Shane Madden May 23 '12 at 22:43
  • Thanks for the suggestion. I actually did try that but there was so much going on I could not pick individual stuff out. I am going to change the log location and try again and see what happens. – Siriss May 23 '12 at 23:41
  • So from what I can tell from the exchange IIS logs, is that it looks like the iphone is trying to connect with an ipv6 address and it is failing. I am going to look more carefully, but if that is the case, how would I change it? – Siriss May 24 '12 at 04:40
  • Does your server have a publicly routable IPv6 address? It wouldn't make much sense for a connection to even be in the logs if it doesn't. – Shane Madden May 24 '12 at 06:04
  • No it does not. It seems to be coming from the firewall. I don't quite get it. I will try and get more information – Siriss May 24 '12 at 14:27
  • So I think I have narrowed it down, I need to disable ipv6 on WinRM. How do I do that? Thank you! – Siriss May 24 '12 at 19:41
  • I tried this and it so far has not fixed it. I updated the question above with the log file. Thank you! – Siriss May 24 '12 at 21:58
  • After an all night testing session, I think it is related to a timeout somewhere. – Siriss May 25 '12 at 16:20
  • 30 seconds seems like a long time to wait.. hmm. Any way you can get a proxy in between the iPhone client and Exchange server to see exactly what's going on with the requests? – Shane Madden May 25 '12 at 16:27
  • I am working on that now. I will let you know what I find. Thank you for all the help. – Siriss May 25 '12 at 16:29
  • Updated with packet information.... I don't really know what else can be helpful. Anyone out there? – Siriss May 25 '12 at 21:02
  • You'll need to see inside the HTTPS information in order to do any debugging with it. That'll require a proxy that can proxy the HTTPS and provide information on the encapsulated traffic for you -- [Fiddler](http://www.fiddler2.com/fiddler/help/httpsdecryption.asp), for example. – Shane Madden May 25 '12 at 23:15
  • I am working on that today – Siriss May 29 '12 at 13:00
  • Before you do the following have you tried connecting to your exchange via an iPad / iPhone from outside your network? : On Your ASA 5510 - have you got ESMTP inspection checked ? I haven't faced the exact issue but have seen some environments suffer due to that - and they told us to uncheck it. If you can, try un-checking ESMTP inspection and see if that helps ? - – Mutahir Nov 04 '12 at 22:59
  • Are you running any of your Exchange traffic through a load balancer? Also, do you need IPV6 in your network? More info on IPV6 as it relates to Exchange 2010 is here (http://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspx). Careful if you disable it, as it needs to be done via the registry and not by unchecking the IPV6 box in your network settings. – Danimal Nov 15 '12 at 17:09
  • Interesting, I will look into both of these solutions. The Exchange traffic is not through a load balancer. I have just unchecked, but I will look at the registry. – Siriss Feb 13 '13 at 16:13
  • I think its a cache issue you see here. Try to restart the WebAppPool MSExchangeAutodiscoverAppPool as explained here https://support.microsoft.com/en-us/kb/3097392 and check if that solved the delay for one user. If it does you can then go into this direction for further troubleshooting. – BastianW Nov 15 '16 at 12:19

0 Answers0