I have recently been getting error messages on my Exchange server which has been implying that my Cisco ASA firewall is misconfigured.
Event Type: Warning
Event Source: Server ActiveSync
Event Category: None
Event ID: 3033
Date:
Time:
User:
Computer:
Computer_Name
Description:
The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [9]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.
For more information about how to configure firewall settings when using Exchange ActiveSync, see Microsoft Knowledge Base article 905013, "Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).
This issue may occur if the firewall has not been configured to let HTTP(S) requests live longer than the minimum heartbeat interval that is configured on the server that is running Exchange Server 2003 SP2. By default, the minimum heartbeat interval at which the Exchange server triggers this event is nine minutes.
I hunted around for instructions on how to make these changes, and eventully had to contact Cisco to find out what changes to make:
1. Create an access-list to identify the traffic to the server & traffic initiated by the server. For example, server’s Internet IP Address is 1.1.1.1, use the following:
access-list outside-https-mail-servers extended permit ip any host 1.1.1.1
access-list outside-https-mail-servers extended permit ip host 1.1.1.1 any
2. Apply the access-list to the class map:
class-map https_server
match access-list outside-https-mail-servers
3. Apply the class map to the policy map so that we can increase the timeout for that traffic:
policy-map outside-policy
class https_server
set connection timeout half-closed 0:30:00
Event Type: Warning
Event Source: Server ActiveSync
Event Category: None
Event ID: 3033
Date:
Time:
User:
Computer:
Computer_Name
Description:
The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [9]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.
For more information about how to configure firewall settings when using Exchange ActiveSync, see Microsoft Knowledge Base article 905013, "Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).
This issue may occur if the firewall has not been configured to let HTTP(S) requests live longer than the minimum heartbeat interval that is configured on the server that is running Exchange Server 2003 SP2. By default, the minimum heartbeat interval at which the Exchange server triggers this event is nine minutes.
I hunted around for instructions on how to make these changes, and eventully had to contact Cisco to find out what changes to make:
1. Create an access-list to identify the traffic to the server & traffic initiated by the server. For example, server’s Internet IP Address is 1.1.1.1, use the following:
access-list outside-https-mail-servers extended permit ip any host 1.1.1.1
access-list outside-https-mail-servers extended permit ip host 1.1.1.1 any
2. Apply the access-list to the class map:
class-map https_server
match access-list outside-https-mail-servers
3. Apply the class map to the policy map so that we can increase the timeout for that traffic:
policy-map outside-policy
class https_server
set connection timeout half-closed 0:30:00
...and that should clear your errors!
Hopefully his helped you fix your problems, if yoiu want to show your appreciation, please click on one of the adverts on the side... no need to buy anything!