XP Delay Problem

XP Delay Problem

Post by jclayfort » Thu, 08 May 2003 13:18:48



Windows XP - Outlook Problem

Problem
Problem is with Machines outside the firewall running
Windows XP with Office XP. When they try connecting to our
Exchange Server 5.5, it takes Outlook 2-4 minutes to
open.  On Windows 2000/NT machines with Office XP, Outlook
loads up instantly.

Set-Up
Our Exchange Server has the following ports open to
workstations outside the firewall:

113     (AUTH)
109     (POP2)
110     (POP3)
25      (SMTP)
53      (DNS)
143     (IMAP)
135     (RPC)
5020    (MS Exchange DS Static Port)
5030    (MS Exchange IS Static Port)

Machines outside the Firewall:
Windows XP (SP1) with Outlook 2002 (SP2)        - Problem
Windows 2000 (SP1) with Outlook 2002 (SP2)      - No
Problem
Windows 2000 (SP3) with Outlook 2002 (SP2)      - No
Problem
Windows NT (SP6a) with Outlook 2002 (SP2)       - No
Problem

With one of the XP machines, we have also applied all the
latest Post-SP1 patches for Windows XP and all the latest
updates for Office 2002 and Outlook 2002.

Connections
When Windows 2000 machines start up Outlook, they connect
to the Exchange Server, using port 135. It then connects
to the DS and IS static ports.

Here's what happens (Every time) when XP machines start up
Outlook:
1)      Client Connects to Server on port 135
2)      Does nothing for 2 minutes
3)      Exactly after 2 minutes the Client pings the
Server and Server Responds back
4)      Client immediately tries connecting using ports
139 and 445 simultaneously on Server
5)      3 seconds later it does the same
6)      6 seconds later it does the same
7)      12 seconds later is connects to Server on port 135
again
8)      10-20 seconds later (varies) connects on port 135
and then DS and IS static ports and Outlook Opens.

When we do open the Firewall to allow ports 139/ 445
through, the Windows XP machines open Outlook straight
away.

Ports
Port 139 (NETBIOS over TCP) and port 445 (SMB over TCP)
are for file sharing, I have not read any documentation
for Exchange 5.5 to have these ports open. These ports are
only open to the Domain Controllers for Authentication.

Questions
.       Why is there 2 minutes of no activity when XP
connects?
.       Why then does it try using ports 139/445.
.       Instead of doing Steps 1-6 in which it does
nothing, why doesn't it immediately go to steps 7+8 which
Opens Outlook immediately.
.       Why if ports 139/445 are open, it opens straight
away because it does not use these ports during the 2
minutes of no activity.
.       I have not seen any, but is there any
documentation for Exchange 5.5 to have ports 139 and 445
open? This to me is a security issue.

Firewall Logs

Exchange XP Client Opens Up Outlook:

12:00:32        Client      Server          rcp    
        135             Accept
12:02:32        Client      Server          ICMP    
        ECHO            Accept
12:02:32        Client      Server          ICMP    
        ECHO Reply      Accept
12:02:32        Client      Server          Netbios IP
        139             Deny
12:02:32        Client      Server          445    
        445             Deny
12:02:35        Client      Server          Netbios IP
        139             Deny
12:02:35        Client      Server          445    
        445             Deny
12:02:41        Client      Server          445    
        445             Deny
12:02:41        Client      Server          Netbios IP
        139             Deny
12:02:53        Client      Server          rcp    
        135             Accept
12:03:02        Client      Server          rcp    
        135             Accept
12:03:02        Client      Server          Static DS
        5020            Accept
12:03:02        Client      Server          Static IS
        5030            Accept

Microsoft Knowledge Base Articles

148732  Have tried using Static Ports
163576  Have tried changing the RPC Binding Order
325930  Have tried removing all RPC Client Protocol
Registry Entries except for ncacn_ip_tcp.

Differences in Registry Settings for a 2000 machine (no
delay) and an XP machine
(delay):

The 2000 machine has the following registry values which
XP does not have:
HKEY_Local_Machine\Software\Microsoft\RPC\Client
Protocols\ncacn_nb_tcp
HKEY_Local_Machine\Software\Microsoft\RPC\Netbios\ncacn_nb_
tcp0

 
 
 

XP Delay Problem

Post by Pankul Verm » Thu, 12 Jun 2003 14:34:54


We have exchange 2000 and are having similar problem as described below.

in our case, when outside a firewall, when i try to open outlook,
1. attempts connect to 135 - succeeds
2. attempts connect to 445 - fails (cos my firewall blocks) and i dont see
why i should allow it
3. Outlook give a msgbox "Exchange Server Unavailable" retry ... (you retry
exactly 2 times)

and voila... outlook opens up.

I have disabled NetBT othersiwse after 1, it tried 139 and failed as well as
in 2. but i still had to retry 2 times. and it worked. The Retry is Annoying

Quote:> Windows XP - Outlook Problem

> Problem
> Problem is with Machines outside the firewall running
> Windows XP with Office XP. When they try connecting to our
> Exchange Server 5.5, it takes Outlook 2-4 minutes to
> open.  On Windows 2000/NT machines with Office XP, Outlook
> loads up instantly.

> Set-Up
> Our Exchange Server has the following ports open to
> workstations outside the firewall:

> 113 (AUTH)
> 109 (POP2)
> 110 (POP3)
> 25 (SMTP)
> 53 (DNS)
> 143 (IMAP)
> 135 (RPC)
> 5020 (MS Exchange DS Static Port)
> 5030 (MS Exchange IS Static Port)

> Machines outside the Firewall:
> Windows XP (SP1) with Outlook 2002 (SP2) - Problem
> Windows 2000 (SP1) with Outlook 2002 (SP2) - No
> Problem
> Windows 2000 (SP3) with Outlook 2002 (SP2) - No
> Problem
> Windows NT (SP6a) with Outlook 2002 (SP2) - No
> Problem

> With one of the XP machines, we have also applied all the
> latest Post-SP1 patches for Windows XP and all the latest
> updates for Office 2002 and Outlook 2002.

> Connections
> When Windows 2000 machines start up Outlook, they connect
> to the Exchange Server, using port 135. It then connects
> to the DS and IS static ports.

> Here's what happens (Every time) when XP machines start up
> Outlook:
> 1) Client Connects to Server on port 135
> 2) Does nothing for 2 minutes
> 3) Exactly after 2 minutes the Client pings the
> Server and Server Responds back
> 4) Client immediately tries connecting using ports
> 139 and 445 simultaneously on Server
> 5) 3 seconds later it does the same
> 6) 6 seconds later it does the same
> 7) 12 seconds later is connects to Server on port 135
> again
> 8) 10-20 seconds later (varies) connects on port 135
> and then DS and IS static ports and Outlook Opens.

> When we do open the Firewall to allow ports 139/ 445
> through, the Windows XP machines open Outlook straight
> away.

> Ports
> Port 139 (NETBIOS over TCP) and port 445 (SMB over TCP)
> are for file sharing, I have not read any documentation
> for Exchange 5.5 to have these ports open. These ports are
> only open to the Domain Controllers for Authentication.

> Questions
> . Why is there 2 minutes of no activity when XP
> connects?
> . Why then does it try using ports 139/445.
> . Instead of doing Steps 1-6 in which it does
> nothing, why doesn't it immediately go to steps 7+8 which
> Opens Outlook immediately.
> . Why if ports 139/445 are open, it opens straight
> away because it does not use these ports during the 2
> minutes of no activity.
> . I have not seen any, but is there any
> documentation for Exchange 5.5 to have ports 139 and 445
> open? This to me is a security issue.

> Firewall Logs

> Exchange XP Client Opens Up Outlook:

> 12:00:32 Client  Server rcp
> 135 Accept
> 12:02:32 Client  Server ICMP
> ECHO Accept
> 12:02:32 Client  Server ICMP
> ECHO Reply Accept
> 12:02:32 Client  Server Netbios IP
> 139 Deny
> 12:02:32 Client  Server 445
> 445 Deny
> 12:02:35 Client  Server Netbios IP
> 139 Deny
> 12:02:35 Client  Server 445
> 445 Deny
> 12:02:41 Client  Server 445
> 445 Deny
> 12:02:41 Client  Server Netbios IP
> 139 Deny
> 12:02:53 Client  Server rcp
> 135 Accept
> 12:03:02 Client  Server rcp
> 135 Accept
> 12:03:02 Client  Server Static DS
> 5020 Accept
> 12:03:02 Client  Server Static IS
> 5030 Accept

> Microsoft Knowledge Base Articles

> 148732 Have tried using Static Ports
> 163576 Have tried changing the RPC Binding Order
> 325930 Have tried removing all RPC Client Protocol
> Registry Entries except for ncacn_ip_tcp.

> Differences in Registry Settings for a 2000 machine (no
> delay) and an XP machine
> (delay):

> The 2000 machine has the following registry values which
> XP does not have:
> HKEY_Local_Machine\Software\Microsoft\RPC\Client
> Protocols\ncacn_nb_tcp
> HKEY_Local_Machine\Software\Microsoft\RPC\Netbios\ncacn_nb_
> tcp0


 
 
 

XP Delay Problem

Post by Lanwench [MVP - Exchange » Thu, 12 Jun 2003 22:07:59


Hi, Pankul - I strongly suggest that you block a lot of those ports
immediately and implement VPN for remote connections. You're taking a huge
security risk as is. Not much use having a firewall if you're going to turn
it into a sieve ;-) What do you really need open? Are you hosting your own
public DNS? Do you have POP3/POP2/IMAP users, etc?

> We have exchange 2000 and are having similar problem as described
> below.

> in our case, when outside a firewall, when i try to open outlook,
> 1. attempts connect to 135 - succeeds
> 2. attempts connect to 445 - fails (cos my firewall blocks) and i
> dont see why i should allow it
> 3. Outlook give a msgbox "Exchange Server Unavailable" retry ... (you
> retry exactly 2 times)

> and voila... outlook opens up.

> I have disabled NetBT othersiwse after 1, it tried 139 and failed as
> well as in 2. but i still had to retry 2 times. and it worked. The
> Retry is Annoying

>> Windows XP - Outlook Problem

>> Problem
>> Problem is with Machines outside the firewall running
>> Windows XP with Office XP. When they try connecting to our
>> Exchange Server 5.5, it takes Outlook 2-4 minutes to
>> open.  On Windows 2000/NT machines with Office XP, Outlook
>> loads up instantly.

>> Set-Up
>> Our Exchange Server has the following ports open to
>> workstations outside the firewall:

>> 113 (AUTH)
>> 109 (POP2)
>> 110 (POP3)
>> 25 (SMTP)
>> 53 (DNS)
>> 143 (IMAP)
>> 135 (RPC)
>> 5020 (MS Exchange DS Static Port)
>> 5030 (MS Exchange IS Static Port)

>> Machines outside the Firewall:
>> Windows XP (SP1) with Outlook 2002 (SP2) - Problem
>> Windows 2000 (SP1) with Outlook 2002 (SP2) - No
>> Problem
>> Windows 2000 (SP3) with Outlook 2002 (SP2) - No
>> Problem
>> Windows NT (SP6a) with Outlook 2002 (SP2) - No
>> Problem

>> With one of the XP machines, we have also applied all the
>> latest Post-SP1 patches for Windows XP and all the latest
>> updates for Office 2002 and Outlook 2002.

>> Connections
>> When Windows 2000 machines start up Outlook, they connect
>> to the Exchange Server, using port 135. It then connects
>> to the DS and IS static ports.

>> Here's what happens (Every time) when XP machines start up
>> Outlook:
>> 1) Client Connects to Server on port 135
>> 2) Does nothing for 2 minutes
>> 3) Exactly after 2 minutes the Client pings the
>> Server and Server Responds back
>> 4) Client immediately tries connecting using ports
>> 139 and 445 simultaneously on Server
>> 5) 3 seconds later it does the same
>> 6) 6 seconds later it does the same
>> 7) 12 seconds later is connects to Server on port 135
>> again
>> 8) 10-20 seconds later (varies) connects on port 135
>> and then DS and IS static ports and Outlook Opens.

>> When we do open the Firewall to allow ports 139/ 445
>> through, the Windows XP machines open Outlook straight
>> away.

>> Ports
>> Port 139 (NETBIOS over TCP) and port 445 (SMB over TCP)
>> are for file sharing, I have not read any documentation
>> for Exchange 5.5 to have these ports open. These ports are
>> only open to the Domain Controllers for Authentication.

>> Questions
>> . Why is there 2 minutes of no activity when XP
>> connects?
>> . Why then does it try using ports 139/445.
>> . Instead of doing Steps 1-6 in which it does
>> nothing, why doesn't it immediately go to steps 7+8 which
>> Opens Outlook immediately.
>> . Why if ports 139/445 are open, it opens straight
>> away because it does not use these ports during the 2
>> minutes of no activity.
>> . I have not seen any, but is there any
>> documentation for Exchange 5.5 to have ports 139 and 445
>> open? This to me is a security issue.

>> Firewall Logs

>> Exchange XP Client Opens Up Outlook:

>> 12:00:32 Client  Server rcp
>> 135 Accept
>> 12:02:32 Client  Server ICMP
>> ECHO Accept
>> 12:02:32 Client  Server ICMP
>> ECHO Reply Accept
>> 12:02:32 Client  Server Netbios IP
>> 139 Deny
>> 12:02:32 Client  Server 445
>> 445 Deny
>> 12:02:35 Client  Server Netbios IP
>> 139 Deny
>> 12:02:35 Client  Server 445
>> 445 Deny
>> 12:02:41 Client  Server 445
>> 445 Deny
>> 12:02:41 Client  Server Netbios IP
>> 139 Deny
>> 12:02:53 Client  Server rcp
>> 135 Accept
>> 12:03:02 Client  Server rcp
>> 135 Accept
>> 12:03:02 Client  Server Static DS
>> 5020 Accept
>> 12:03:02 Client  Server Static IS
>> 5030 Accept

>> Microsoft Knowledge Base Articles

>> 148732 Have tried using Static Ports
>> 163576 Have tried changing the RPC Binding Order
>> 325930 Have tried removing all RPC Client Protocol
>> Registry Entries except for ncacn_ip_tcp.

>> Differences in Registry Settings for a 2000 machine (no
>> delay) and an XP machine
>> (delay):

>> The 2000 machine has the following registry values which
>> XP does not have:
>> HKEY_Local_Machine\Software\Microsoft\RPC\Client
>> Protocols\ncacn_nb_tcp
>> HKEY_Local_Machine\Software\Microsoft\RPC\Netbios\ncacn_nb_
>> tcp0

 
 
 

XP Delay Problem

Post by Pankul Verm » Fri, 13 Jun 2003 03:49:43


thanks for you reply.

Of course i have it setup in a way, where first a user establishes a
connection to my Firewall/VPN. so after you are authenticated there. only
then i allow port 135 etc. but still not port 445.

I am not hosting my own dns. but the exchange 2k  on win2k is also the dns
server, not public though.

Do you have any suggestions as to why Outlook tries to use port 445

"Lanwench [MVP - Exchange]"

Quote:> Hi, Pankul - I strongly suggest that you block a lot of those ports
> immediately and implement VPN for remote connections. You're taking a huge
> security risk as is. Not much use having a firewall if you're going to
turn
> it into a sieve ;-) What do you really need open? Are you hosting your own
> public DNS? Do you have POP3/POP2/IMAP users, etc?