Microsoft KB Archive/905013

= Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology =

Article ID: 905013

Article Last Modified on 11/21/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Service Pack 2
 * Microsoft Exchange Server 2007 Enterprise Edition
 * Microsoft Exchange Server 2007 Standard Edition

-





INTRODUCTION
After you install Microsoft Exchange Server 2003 Service Pack 2 (SP2), a Warning event that is similar to the following is logged in the Application event log: Event Type: Warning

Event Source: Server ActiveSync

Event Category: None

Event ID: 3033

Date:

Time:

User:

Computer:

Description:

The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [9]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

For more information about how to configure firewall settings when using Exchange ActiveSync, see Microsoft Knowledge Base article 905013, &quot;Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology&quot; (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).

This issue may occur if the firewall has not been configured to let HTTP(S) requests live longer than the minimum heartbeat interval that is configured on the server that is running Exchange Server 2003 SP2. By default, the minimum heartbeat interval at which the Exchange server triggers this event is nine minutes.



MORE INFORMATION
To resolve this issue, modify the firewall time-out values for HTTP(S) connections to the Exchange server to be greater than the default time-out limit of eight minutes.

Note This connection is not referring to the Connection Timeout field that is in the IIS MMC snap-in. Alternatively, modify the minimum heartbeat interval. We recommend that the firewall time-out value be set to a minimum of 15 minutes for the Exchange Direct Push Technology Always-up-to-date (AUTD) feature to perform optimally.

The heartbeat interval is how much time that a mobile device calculates should pass between pings to the server from the mobile device. The session between the server and the mobile device ends if one of the following conditions is true:
 * No e-mail messages arrive in the mailbox to initiate a notification.
 * There is no response from the server before the heartbeat interval elapses.

Exchange Direct Push Technology uses this heartbeat interval so that the server and the mobile device can maintain connectivity. Therefore, a session is open for the server to use to notify the mobile device when an e-mail message arrives.

Exchange Server 2003 maintains a sliding window of the most recent heartbeat intervals that are supplied to the server by mobile clients. The default value for this sliding window is 200 heartbeat intervals. You can configure this value in the  registry key. However, it is not expected that the default value will ever need to be adjusted. See the table in this section for the values of the  registry key.

An event is logged in the Application event log when boththe following conditions are true:
 * The average of the heartbeat intervals in this sliding window is less than or equal to the alert threshold.
 * There are HbiSampleSize samples.

The default alert threshold is 540 seconds (9 minutes). However, you can configure the alert threshold in the  registry key. See the table in this section for the values of the  registry key.The event will not be logged more than one time per hour. It is not expected that the default value will ever need to be adjusted.

We recommend that you increase the firewall time-out values for HTTP(S) requests to the Exchange Server Microsoft-Server-ActiveSync virtual directory to provide a richer, &quot;always-up-to-date&quot; experience. The method that you use to increase the firewall time-out values depends on which firewall product you use. Refer to the firewall documentation for information on about how to increase the firewall time-out values.

To configure Microsoft Internet Security and Acceleration Server (ISA) 2004 idle session time-out values for Exchange Direct Push Technology

 * 1) In the console tree of ISA Server Management, click Firewall Policy.
 * 2) On the Toolbox tab, click Network Objects.
 * 3) Expand the Web Listeners node, and then view the properties of the applicable Web Listener.
 * 4) Click the Preferences tab, and then click Advanced.
 * 5) Modify the Connection Timeout from the default 120 seconds (2 minutes) to 1800 seconds (30 minutes).
 * 6) Click OK two times to accept these changes.
 * 7) Click Apply.

The following table contains the values that can be modified as they relate to the heartbeat interval. These registry values are not present in a fresh installation of Exchange Server 2003 SP2. The server reverts to hard-coded defaults if these registry values are missing. The administrator must manually create these registry values if he or she wants to set the values. These values can be set in the following registry key:

Notes
 * In this table, the value &quot;1 - MaxHearbeatInterval&quot; indicates any value between 1 and the value of MaxHearbeatInterval. Also, the value &quot;MinHeartbeatInterval -3540&quot; indicates any value between the value of MinHeartbeatInterval and 3540.
 * If any one of these values is set in the registry, and the specified value falls outside the listed values for that parameter, initialization of Exchange ActiveSync will revert to the defaults. Additionally, an event is logged in the Application event log. However, an event is not logged in the Application event log if the value is set to zero. When a value is set to zero, the behavior is as if the value were absent. In other words, the hard-coded default is used.
 * Exchange ActiveSync reads these values one time at startup. Therefore, if an administrator decides to change the values, the IIS Admin Service must be restarted for the changes to take effect.

In the release version of Exchange 2007, these registry settings have been moved to the Sync web.config file.

Release version of Exchange 2007  In Notepad, open the Sync web.config file on the Client Access Server. By default, that location is under \Program Files\Microsoft\Exchange Server\ClientAccess\Sync. Search for and modify the following values as needed:

 





Keywords: kbexchmobility KB905013

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.