Forum Discussion

ITJon1545's avatar
ITJon1545
Copper Contributor
Jan 31, 2023

Unwanted traffic port 444 from Microsoft to OnPrem exchange

Hello,

 

We operate a Hybrid Exchange environment with an on premise Exchange 2016 server (Srv A) at a site with decent internet connectivity and another Exchange 2016 (Srv B) at a remote site with very minimal internet bandwidth (Satellite connection <8mbps). 

 

See attached image for a more pictographic representation.

We have noticed in the last few months a huge uptick in traffic from A to B on port 444.

 

Looking at the IIS logs on Srv A we see entries like

2023-01-30 23:59:39 10.10.197.47 OPTIONS /Microsoft-Server-ActiveSync/default.eas Cmd=Options&User=<REDACTED>&DeviceId=b6c980ba6b574305ad050c582ddb4765&DeviceType=Outlook&CorrelationID=<empty>;&cafeReqId=7dddb9ae-fafb-4aa4-ac26-2a1a132cec37; 443 - 52.98.155.149 Outlook-iOS-Android/1.0 - 401 2 5 15

 

Looking up the source IP for these entries comes back with Microsoft IP's.  The user-agent being Outlook-iOS-Android/1.0 led me to this article Using Basic authentication with Outlook for iOS and Android | Microsoft Learn .  The precaching of users mailboxes sounds exactly like our symptoms.

 

We do not wish to have this feature so firstly, how (or can) we disable it?

 

Secondly is it now the case that the Outlook app for IOS and Android REQUIRES the use of Exchange online for it's connections, even if the mailbox resides on-prem?  Can we no longer just have them point straight at the 'local' exchange and have none of their traffic traverse the internet?

 

Any insight/assistance appreciated.

 

Jon

2016
exchange online
Exchange Server
hybrid
  • kogian88's avatar
    kogian88
    Copper Contributor
    Jun 10, 2023
    Hi ,

    We have the same issue. Did you manage to figure out any solution ?

    Thanks
    • ITJon1545's avatar
      ITJon1545
      Copper Contributor
      Jun 10, 2023

      Hi kogian88,

       

      Glad we're not the only ones!  We opened a ticket with MS after not getting any traction here and rather coincidentally they closed it without solution just yesterday.

       

      We had a number of calls with engineers as well as providing a number of logs etc but there never seemed to be any acknowledgement of the pre-caching and I felt like it never got passed up out of level 1 support.

       

      Our solution has been to disable the ActiveSync IIS sub directory on Srv A which stops the traffic being proxied over the slow link. It also stops anyone who is using Outlook Mobile talking to Srv A directly which is a shame but not as significant as the link being saturated.  We can still use OWA via SRV A so people who need to can get to their mailboxes that way. 

       

      I plan to query the closing of the ticket as the issue remains and I do not believe they have acknowledged it.  The pressure is however off for us with the fix above.

       

      Would love to know more if you make any other progress.

       

      Thanks,

      Jon

      • kogian88's avatar
        kogian88
        Copper Contributor
        Jun 30, 2023

        HiITJon1545 ,

        Try to remove the account from the mobile device for 7-10 days and then re configured it. Let me know if that works. 

        Regards.
        Giannis

Resources