Exchange ActiveSync - Firewall Timeout

Since Exchange Server 2003 SP2 Microsoft has included Direct Push as a feature of ActiveSync. Direct Push simply keeps the device up to date as new content is ready to synchronise. ActiveSync Direct Push has been licenced or is supported on a wide range of platforms from devices to competing mail servers.

It’s pretty straight forward:

  1. The client sends a long standing HTTPS request to the server to notify the device if any items configured to synchronise change in the next 15 (heartbeat) minutes.
  2. If after 15 minutes no items change the server returns a HTTP 200 OK, the client wakes up and send a new HTTPS request.
  3. If there is an item change on the server within the heartbeat internal a response is sent to the client which triggers a synchronisation for the changed item.

If the firewall/network timeout is set lower than the 15 minute heartbeat this can result in clients sending HTTPS requests more frequently, increasing the wake up time and battery consumption.

For optimum performance you should look to have firewall timeout values set between 15-30 minutes, I often opt for the 30 minute mark. You will need to configure this on firewalls or proxies between your CAS and the internet.

I’m pretty sure any mobile operator will have a decent timeout value so shouldn’t present an issue, but in the early days of Direct Push and WM5.x + MSFP I do remember this causing problems.


Windows 8 Mail app + Exchange ActiveSync Policy = BYO PC?

It’s been my “dream” for a long time to be able to remote wipe Outlook, this is one of the remaining hurdles I had with allowing BYO PC within Noakesy Hosting.

With the Mail app in Window 8 Release Preview I’m glad to see they are making use of Exchange ActiveSync, which in turn sets out some policies which devices must comply with.

Setting up an Exchange account presents the user with warning.image

Looking in ECP I can now see a device called Windows Mail, great. The coolest part is I can wipe just the Windows Mail app, I think future versions of Exchange will need to reflect the entire device will not be wiped. Maybe a rename to “Apps and Devices”, with an indication of what is possible is needed.


I can also see my EAS policy has been applied in full under Details.