SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001972: Some Outlook 2007 users keeps disconnecting from server ,Actually its 2.2 Final Release Bug. - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001972Endian FirewallUncategorizedpublic2009-06-29 06:102011-01-20 09:46
mohsh86 
 
normalblockrandom
feedbackreopened 
2.2-rc3 
 
0001972: Some Outlook 2007 users keeps disconnecting from server ,Actually its 2.2 Final Release Bug.
After i installed the New Endian firewall 2.2 released in may 29th, i've faced some employees having their outlook 2007 clients keeps disconnecting from server:

 trying to connect,connected, then disconnected , trying to connect, etc, with random time between them.

i know the problem is from Endian, i've installed pfSense temporarly and problem gone!
Endian 2.2 Final Release.

tried to install on two different machines -> same problem

Some Clients have this problem, not all of them.
No tags attached.
has duplicate 0002648closed  Outlook clients which access shared mailbox (more than outlook instance connect to that) on exchange sevrer keeps disconnecting 
Issue History
2009-06-29 06:10mohsh86New Issue
2009-06-29 08:45mike-fNote Added: 0002683
2009-06-29 08:47mike-fNote Edited: 0002683
2009-06-29 08:54luca-endianNote Added: 0002684
2009-06-30 04:49mohsh86Note Added: 0002696
2009-06-30 04:50mohsh86Note Added: 0002697
2009-06-30 09:52mohsh86Note Added: 0002698
2009-06-30 09:52mohsh86Note Added: 0002699
2009-06-30 11:07mike-fNote Added: 0002700
2009-06-30 11:13mike-fNote Added: 0002701
2009-06-30 12:51mohsh86Note Added: 0002703
2009-06-30 12:52mohsh86Note Edited: 0002703
2009-06-30 13:11mike-fNote Added: 0002704
2010-01-05 12:20mohsh86Note Added: 0003647
2010-01-18 05:02mohsh86Note Added: 0003670
2010-03-05 16:02peter-endianRelationship addedhas duplicate 0002648
2010-03-05 16:02peter-endianStatusnew => feedback
2010-03-05 16:03peter-endianStatusfeedback => closed
2010-03-05 16:03peter-endianResolutionopen => duplicate
2011-01-17 10:00AnonymousNote Added: 0005481
2011-01-17 10:00AnonymousStatusclosed => feedback
2011-01-17 10:00AnonymousResolutionduplicate => reopened
2011-01-20 09:46flochieNote Added: 0005513
2013-09-19 11:12AnonymousNote Deleted: 0005481

Notes
(0002683)
mike-f   
2009-06-29 08:45   
(edited on: 2009-06-29 08:47)
please enable logging of all packets going through the firewall (allowed and dropped) and post your log that we can see what rules are "killing" your connections

also give some more input on how your mail-clients connect to the server:
POP3; IMAP (with or without SSL)

(0002684)
luca-endian   
2009-06-29 08:54   
is the pop3 proxy active?
(0002696)
mohsh86   
2009-06-30 04:49   
POP3 Proxy is not active, and i actually thought that Outlook Exchange has nothing to do with POP3 Protocol, any how,

what exactly kind of log should i enable, can your please specify me ? because there is alot of log check boxes every where..
(0002697)
mohsh86   
2009-06-30 04:50   
Please note that the outlook connects through Proxy, as the Exchange server are located in Jordan and we are in kuwait, we configure the outlook to connect through proxy:

https://owa.tagorg.com [^]

and we used basic authentication, not the NTLM one .
(0002698)
mohsh86   
2009-06-30 09:52   
here is one of the strange things i've found in the firewall log
------------------------------------------------------------------
Jun 30 12:49:12 NEW not SYN?:DROP eth0 KEY_TCP
89.28.217.25
    443 ff:ff:14:00:03:00
62.150.53.58
    39176
------------------------------------------------------------------
(0002699)
mohsh86   
2009-06-30 09:52   
knowing that 89.28.217.25 is the ip address of our Exchange server.
(0002700)
mike-f   
2009-06-30 11:07   
your exchange host on 89.28... port 443 (HTTPS) is connecting to your endian?
why is your exchange creating a new connection?


enabling logging:
go to firewall -> select the different parts on the left -> enable "Log accepted"
please disable after debugging as this might fill up your logs
(0002701)
mike-f   
2009-06-30 11:13   
eeek - just realized
you are using owa

put the ip(s) of owa.tagorg.com to your http-proxy-config
-> bypass

i expect you trust the owa:
this makes your clients connect directly to your owa host(s)
(0002703)
mohsh86   
2009-06-30 12:51   
(edited on: 2009-06-30 12:52)
i've already put it in the bypass list, before sumbitting the problem

(0002704)
mike-f   
2009-06-30 13:11   
could you plz post also your proxy.pac

interesting lines: containing 89.28.217.25
(there should be a "Direct"-line)

you can find the file here
http:// ip-of-your-endian / proxy.pac
(0003647)
mohsh86   
2010-01-05 12:20   
okay, even after in installed Endian 2.3, i faced the same problem, outlook connects, for a while, then disconnects, trying o connect etc..

i used wireshark to see the packets, i noticed that there is some other ip address of the same range the outlook is trying to connect to

original ip mentioned before is 89.28.217.25 (outlook web access, https (owa))

the other ip ( i don't know why outlook attempt to make a connection with it ) is 89.28.218.17

i added the 89.28.217.17 to the bypass transparent proxy to SUBNET/IP and the problem is gone.

just wanted to share this piece of information
(0003670)
mohsh86   
2010-01-18 05:02   
I've discovered after implementing the server that some peers still disconnecting, i've googled the log and found someone has already having this problem

web proxy log:

28730 172.17.49.253 TCP_MISS/000 4732 CONNECT owa.tagorg.com:443 - FIRST_UP_PARENT/content2 -

they said it has something to do with reverse proxy, can this problem be solved in GUI ?!

Please HELP !
(0005513)
flochie   
2011-01-20 09:46   
can anyone please help on this issue?