Forum Discussion

VincentBurle83's avatar
VincentBurle83
Copper Contributor
Feb 25, 2022

Lot of eventID 4999 related to ActiveSync on my Exchange Servers

Hello all,   I'm Vincent and I'm Exchange administrator in my International Research Organization. Our Exchange farm is composed of 4 Exchange Server 2016 Enterprise CU 22. I recently noticed a l...
2016
admin
Exchange Server
BroBias's avatar
BroBias
Copper Contributor
May 30, 2023
Unfortunately, no progress 😕

I'm only pretty sure in the meantime that this relates to firewall settings on the WAF side (here: Sophos XG). I've played with several settings there, the most potential was the http session timeout, but without any success.
It doesn't matter whether i follow vendor recommendations or settings based on user experiences, the result is always the same and the 4999 errors don't stop.

From my current perspective this must be an issue at least every "exch + Sophos" user/admin should face which is why i can't understand that there is no clear solution available 😞
cmillerLCE's avatar
cmillerLCE
Copper Contributor
May 30, 2023

BroBias Interesting that you also have a firewall/loadbalancer in the mix as well and think it's part of the issue.  We don't have Sophos. We have Fortinet on the perimeter and then a Kemp loadbalancer internally, I think at one point I stumbled upon someone mentioning the session timeouts may be the culprit but I never found the right values to prevent the errors either.  Sure would be nice if somoene on the Microsoft side would chime in on these annoying errors.

  • BroBias7's avatar
    BroBias7
    Copper Contributor
    May 30, 2023
    Wow! Now, i'm very thankful that there is somebody sharing this experience and impression/feeling of the very source ^^
    Yes, I'm also 99% sure that this relates to the combination of EXCH vdir <> FW/LB <> ActiveSync requests/sessions. I can even find this reflecting in the event logs, when the errors starting as soon as the users are off to the weekend or coming back from weekend again. I also played a lot with the http session timeout setting on fw/waf side but without any success, not even little changes in the amount of logged errors.
    Even following very clear recommendations for EXCH + SophosXG - no effect at all.

    The main issue is, from my perspective, that these errors don't cause significant issues, at least not on my side. From time to time some few users complain about "sync hangs" on their mobiles but that's it. Exchange seems to be fine whith recycling the app pool every hour ......
    However, i'm annoyed about it because it's just filling up my event logs and leaves a bad feeling while not really knowing what's going on.
    • VincentBurle83's avatar
      VincentBurle83
      Copper Contributor
      Jun 07, 2023

      Hi BroBias7 and cmillerLCE ,

      Sorry for the late answer but I have to admit that did not take this error in account because ActuveSync is just working fine.

      On our end, we also use a load-balancer (F5 Big-IP) so it is probably something to investigate deeper ... or not.

      On my side I decided to stop my investigation.

      Good luck guys !

      • ScottW3532's avatar
        ScottW3532
        Copper Contributor
        Jun 27, 2023
        Running Exchange 2019 three node DAG with FG Big-IP LB.
        Same issue here ... no progress on it though.

Resources