Outlook timeout issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Outlook timeout issues

L1 Bithead

Description

We are experiencing a timeout problem when using outlook/exchange across the PA firewall.

When the RPC connection between Outlook and Exchange is idle, the PA apparently terminates the connection.

This causes the Outlook client to hang/stall until restarted - and thereby establishing a new RPC connection.

When the timeout occours, a Baloon-message appears from the taskbar telling that Outlook is trying to fetch data from the Exchange-server running the CAS role.

Problem exist on various combinations of client and server

We have seen this with Outlook 2007/2010 and 2013, and Exchange 2007 and 2010. 

Current workaround

Using Exchange cached mode in the Outlook client causes the client to communicate with Exchange in another way. The timeout error does not appear in this configuration.

What have we already tried?

We have read that Exchange sents a keep-alive beacon every 2 hour through the RPC connection. We have tried adjusting this to a lower value - without succes. So instead we tried raising the Session Timeout for TCP to 7200 seconds. But this didn't help either.

It worked before changing to PA

We didn't experience this problem earlier when using the Microsoft TMG "firewall". But i guess they detected the trafic and didn't let it timeout.

My question is - Is any one else experiencing the same problem? If yes - have you found a solution? I guess it is a general problem when using RPC through the PA.

1 accepted solution

Accepted Solutions

L5 Sessionator

You can try increasing the session time out and TCP timeout for msrpc and ms-exchange applications to14400 seconds, to see if it makes a difference.

msrpc.JPG

You can also try app overriding the traffic for msrpc and exchange, by creating custom apps for these traffic, and apply them under an app override policy.

The below document explains about overriding apps

https://live.paloaltonetworks.com/docs/DOC-1071

BR,

Karthik RP

View solution in original post

3 REPLIES 3

L5 Sessionator

You can try increasing the session time out and TCP timeout for msrpc and ms-exchange applications to14400 seconds, to see if it makes a difference.

msrpc.JPG

You can also try app overriding the traffic for msrpc and exchange, by creating custom apps for these traffic, and apply them under an app override policy.

The below document explains about overriding apps

https://live.paloaltonetworks.com/docs/DOC-1071

BR,

Karthik RP

Thanks Karthik - I will try it and get back if it worked. I will try changing the timeout settings first - and if i doesn't work, then the application override method.

The suggested solution almost solved the problem. The users still - but rarely - see the timeout issue. 

The solution changed the problem from being unacceptable and annoying, to an acceptable occurence. 

  • 1 accepted solution
  • 6578 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!