Port Exhaustion on ISA Server 2006 while Publishing Outlook Anywhere

Last week we (ISA Server Team in Texas) faced an interesting issue where remote Outlook Clients using RPC over HTTPs were not able to communicate with the internal Exchange Server. Pretty challenge case since on the ISA Server side there was nothing really obvious missing, netmon also didn’t help that much, but the old netstat tool was “The MAN” to alert us about the issue. The problem ended up to be caused by Port Exhaustion on ISA Server 2006 and netstat helped us to identify that. The approach used was the same as explained by this great post from DS Team about Port Exhaustion.

It is important to bring here the scalability problem when the ISA is not correctly sized, mainly when you are publishing Outlook Anywhere. To really know the impact that Outlook Anywhere (AKA RPC over HTTPs) can cause read the article Outlook Anywhere Scalability with Outlook 2007, Outlook 2003, and Exchange 2007. After reading this article, make sure to correct size your ISA Server 2006 using the ISA Server 2006 Capacity Planning Simulator.

For tuning purpose you also can use the TcpTimedWaitDelay registry key to faster release TCP socket connection, read the article Avoiding TCP/IP Port Exhaustion for more details. Although this article is for BizTalk, the context of the problem is the same since it is something related to the Windows OS level where the application (in this case ISA) is affected.