05-11-2010 10:12 AM
My best guess is that Microsoft changed the way exchange communicates with clients and our controller is blocking a newly used protocol? or inspecting traffic and killing the attachments?
05-11-2010 11:02 AM
# show datapath session table
I would want to first check and see if the authenticated policy is blocking any newly used ports.
05-13-2010 10:51 AM
If they find a solution for the MAPI connection issue, I'll post it back here.
05-13-2010 03:50 PM
For my customer the issue is as follows:
Users use Outlook client using MAPI via wireless to connect to Exchange server. Outlook opens several MAPI connections per user and generally Exchange is set to about 30-32 connections per user. These connections SHOULD stay open and it should not exceed the 32 connections per user. However, in situations where you may have a firewall that doesn't have ALG enable, Outlook ends up making a large number of connections to Exchange, eventually causing the client to think a connection cannot be made. Unfortunately, there's no way to clear these connections (at least what I'm told by the Exchange administrators) and the client have to wait for about 60 mins. The timeout value I know can be changed but not recommended as per Microsoft.
I've seen this issue without wireless when Outlook client was traversing a firewall to connect to Exchange. What happened, is that the connections open random ports so the firewall doesn't honor this unless ALG is enabled or you enabled all high-level random ports.
In the case of wireless, I have a feeling Outlook is not getting a fast enough response (MS Protocols are known for this) and Outlook tries to open other MAPI connections thus using up the allowed MAPI connections and causing the user to lose connection to Exchange.
The customer in question with Aruba wireless has a firewall policy that allows ALL traffic so it should work. Do you know if Aruba has any ALG type settings?
05-14-2010 08:07 AM
though on our wireless we specifically block MS RPC protocols - so exchange is broken by design ;)
One can tunnel RPC via HTTP to get exchagne connected:
(well I hope the functionality continues in exchange 2010)
Doing this can at least provide a datapoint on if the specific MAPI connection is being affected by the controller in any adverse way...
05-14-2010 10:12 AM
The issue occurs when the client roam between APs. There are no coverage gaps. Looking at the roaming between APs, the client moves within 1 second. However, Outlook loses connection to Exchange. Outlook is configured in cached mode already.
Any ideas on settings that can be tweaked? Customer contacted Aruba support and was told that the issue is due to a coverage gap, which I can know is not true (coverage gap). Being told that it's a coverage gap issue, raised a ton of questions regarding the design, as expected. :)