09-14-2011 03:13 AM
I have getting 1040 event id on the Exchange 2010 CAS server. Event details as exampled below.
Log Name: Application
Source: MSExchange ActiveSync
Event ID: 1040
Level: Warning
User: N/A
Keywords: Classic
Description:
The average of the most recent heartbeat intervals [526] for request [Sync] used by clients is less than or equal to [540].
Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.
For more information about how to configure firewall settings when using Exchange ActiveSync, see Microsoft Knowledge Base article 905013, "Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).
Microsoft recommends to increase the firewall time-out values for HTTPS requests to 1800 seconds. And I have checked this value is to be set by default in the application 'ssl' on the firewall and it is used in a policy for external access to our CAS server but above warning logs still appear.
How can I do to get rid of this error? Can Anybody help please?
09-17-2011 10:30 PM
Hi,
Have you checked the log to see what apps are actually recognized by PA when you are running the app? Probably thre will be more than one app being identified. You can then go to objects-> applications ->click on a specific app to change the timeout value of that app.
If this still cannot help you may need to open a case to see if it is because our app sig causing the problem.
09-18-2011 06:51 PM
Hi jleung,
Thank you for your reply.
Yes, 'ssl' was recognized and shown only in the log. The timeout value of the 'ssl' app is 1800s by default.
09-19-2011 07:59 AM
Hi,
would you try to use a test PC to run the app,and with a policy for that specific IP as source IP address and allow any traffic from this source IP address to your exchange server? Also disable threat prevention profile for that policy as well. If you have SSL decryption policy, create a policy for that source IP to your exchange server and do not enable any SSL decryption as a test.
If you see any app other than SSL, that maybe the point you need to drill down. If you don't see anything else special, please open a support case.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
