Outlook/Exchange 2003 over HTTPS delay with web proxy


S

Stephen F

I'm a consultant working onsite at a client environment. I connect back to
my company's Exchange 2003 services over my client's LAN/WAN, web proxy
server, firewall, and internet connection. When there, I exclusively use an
Outlook 2003 profile that relies on HTTPS as the transport protocol between
my Outlook client and the Exchange server. My company uses an Exchange
architecture with front-end and back-end Exchange servers.

My problem is when I start Outlook in this context above, I experience long
delays after entering my login/authentication info, seeing the word
"Connected" in the bottom-right corner of Outlook, and then waiting for my
first folder to to update (see "Waiting to update this folder"). When I look
at the output of netstat in the command prompt, I find that the Outlook
client is not exclusiving using the client internet proxy server to connect,
hence I get half TCPIP socket connection(s) with a TCP SYN_SENT status.

Let me provide an example of the SYN_SENT clue. In this netstat output
below, all is normal except the last line.
- "intranet-proxy.client.com" is the intenet proxy server I must use on port
8080 to connect out to the internet. The client's firewall blocks all http
and https outbound traffic to the internet without use of the intranet's
internet proxy server.
- "mailserver2.employer.com" is a server of my employer that hosts the
Exchange services I'm connected to. It is not the same server I configure in
Outlook's configuration. That's called "webmail1.employer.com" for this
example.

C:\Documents and Settings\user>netstat
Active Connections
Proto Local Address Foreign Address State
TCP laptop:2723 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2724 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2726 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2727 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2732 intranet-proxy.client.com:8080 TIME_WAIT
TCP laptop:2733 intranet-proxy.client.com:8080 TIME_WAIT
TCP laptop:2752 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2758 mailserver2.employer.com:https SYN_SENT

From the same client site environment, I am able to connect with my IE web
browser to the following url/address and get the Exchange 2003 forms-based
authentication page: "https://mailserver2.employer.com/exchange".

I configure "intranet-proxy.client.com:8080" in IE's Internet Options \
Connections \ LAN Settings under Internet Explorer v6. I also use the
"Bypass proxy server for local addresses" feature, but the domain
"employer.com" is not in this feature's domain bypass list.

Why does netstat show Outlook's direct https connection attempt to
"mailserver2.employer.com" port 443 that is impossible to get through the
firewall? Outlook should exclusively use the configured internet proxy
server (" intranet-proxy.client.com" port 8080).

When I use this same Outlook profile from my DSL connection at home, without
use of my client's (or any other) intranet/internet proxy server in the
middle, it connects and updates almost immediately.

I have Windows XP with SP2 applied and all critical Windows and Office 2003
updates.

Please help me speed up my life. I have to start and stop Outlook 2003
quite a bit because I use another profile to connect to the client's second
(unrelated) Exchange server (different email account) over MAPI. These
delays are killing me.
 
Ad

Advertisements

S

Stephen F

any ideas? (push to top)

Stephen F said:
I'm a consultant working onsite at a client environment. I connect back to
my company's Exchange 2003 services over my client's LAN/WAN, web proxy
server, firewall, and internet connection. When there, I exclusively use an
Outlook 2003 profile that relies on HTTPS as the transport protocol between
my Outlook client and the Exchange server. My company uses an Exchange
architecture with front-end and back-end Exchange servers.

My problem is when I start Outlook in this context above, I experience long
delays after entering my login/authentication info, seeing the word
"Connected" in the bottom-right corner of Outlook, and then waiting for my
first folder to to update (see "Waiting to update this folder"). When I look
at the output of netstat in the command prompt, I find that the Outlook
client is not exclusiving using the client internet proxy server to connect,
hence I get half TCPIP socket connection(s) with a TCP SYN_SENT status.

Let me provide an example of the SYN_SENT clue. In this netstat output
below, all is normal except the last line.
- "intranet-proxy.client.com" is the intenet proxy server I must use on port
8080 to connect out to the internet. The client's firewall blocks all http
and https outbound traffic to the internet without use of the intranet's
internet proxy server.
- "mailserver2.employer.com" is a server of my employer that hosts the
Exchange services I'm connected to. It is not the same server I configure in
Outlook's configuration. That's called "webmail1.employer.com" for this
example.

C:\Documents and Settings\user>netstat
Active Connections
Proto Local Address Foreign Address State
TCP laptop:2723 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2724 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2726 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2727 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2732 intranet-proxy.client.com:8080 TIME_WAIT
TCP laptop:2733 intranet-proxy.client.com:8080 TIME_WAIT
TCP laptop:2752 intranet-proxy.client.com:8080 ESTABLISHED
TCP laptop:2758 mailserver2.employer.com:https SYN_SENT

From the same client site environment, I am able to connect with my IE web
browser to the following url/address and get the Exchange 2003 forms-based
authentication page: "https://mailserver2.employer.com/exchange".

I configure "intranet-proxy.client.com:8080" in IE's Internet Options \
Connections \ LAN Settings under Internet Explorer v6. I also use the
"Bypass proxy server for local addresses" feature, but the domain
"employer.com" is not in this feature's domain bypass list.

Why does netstat show Outlook's direct https connection attempt to
"mailserver2.employer.com" port 443 that is impossible to get through the
firewall? Outlook should exclusively use the configured internet proxy
server (" intranet-proxy.client.com" port 8080).

When I use this same Outlook profile from my DSL connection at home, without
use of my client's (or any other) intranet/internet proxy server in the
middle, it connects and updates almost immediately.

I have Windows XP with SP2 applied and all critical Windows and Office 2003
updates.

Please help me speed up my life. I have to start and stop Outlook 2003
quite a bit because I use another profile to connect to the client's second
(unrelated) Exchange server (different email account) over MAPI. These
delays are killing me.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top