If I had any hair left, I would be pulling it out right now. I can’t seem to figure out why my Outlook 2007 keeps disconnecting from Exchange 2007 running on Windows Server 2008 every 10 seconds.
I didn't have any connection problems until I injected 700MB pst file in to a users mailbox (cached mode)
So here is the scenario:
Server: Windows 2008 x64 with Exchange 2007 Enterprise (Virtual on ESXi 4.1 Server) 192.168.30.5
Client: Windows Ultimate x86 with Outlook 2007 192.168.20.107
As soon as I imported the PST file in to outlook I started getting
Event IDs 9646 on the server
Mapi session "/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=tom" exceeded the maximum of 32 objects of type "session".
Increasing the limit in the Registry to 512 didn't fix the connection problem, but took care of the event 9646 on the server.
Clearing Download shared folders (excludes mail folders) in outlook on the client pc didn't fix the problem.
Event id 26 gets logged on the client every 10 sec
Connection to Microsoft Exchange has been lost. Outlook will restore the connection when possible.
Connection to Microsoft Exchange has been restored.
Client is located at the remote location with a hardware VPN between locations (Linksys RV082 & RV042)
Symantec EndPoint Protection is installed on the client, but shutting it down does not make any difference.
This is not a network problem, as I can copy 300MB file from the client to the server and back without any problems.
Client is connected to a Linksys SRW2008 switch. I spanned its port and captured outlook traffic using another computer (promiscuise mode)
Looking at the trace, I am seeing ACKs packets to the server from the client, but no SYN ACKs back
Can anyone spot where the problem is in this trace?
P.S. Also new emails are coming in and going out while disconnects are happening. What’s causing the disconnects are outlooks attempts to sync its Mailbox with the server. Why it’s happening is still a question.
asked 26 Oct '10, 07:00
edited 26 Oct '10, 08:04
Copying files via (Explorer/CIFS?) doesn't necessarily rule out a network issue. Different apps behave differently when packet fragmentation has to occur. The question I have is what is the MTU between the to path?
For some reason, someone is not honoring the do-not-fragment bit in the packets (lot of devices do this, including Cisco routers). The MTU from 30.5 to 20.107 seems to be limited as can be seen in packet #59. Although previous smaller packets (with DF bit set) makes it across, this packet does not). Presumably, it too had the DF bit set, so we can reasonably assume that someone is munging it.
Also, in pkt #1012, you can see that the fragment goes missing causing the communication to go "wonky" Notice that ip.id= == 30384 in 1012 doesn't have a corresponding fragment. So this fragment and the next two packets went missing for some reason. The next packet has ip.id==30386 (two fragmented packets that make up the first original packet). So someone ate the fragment for ip.id==30384 and the two packets that make up id 30385.
Ensure someone isn't ACL'ing ICMP messages. Especially ICMP type 3, code 4 (fragmentation required but DF bit set) which is critical for path mtu discovery process.
Good luck Hansang
PS: in the future, give us quick ascii layout of the land. What IP represents the server/client, where the capture was taken etc. Although it can be figured out by looking at the traces, it's a hinderance and folks may not take the time to review the trace files.
answered 01 Nov '10, 16:04
edited 01 Nov '10, 16:09