A breakdown of the iPhone 4.0 issue with Exchange Online

Over at the TechNet Forums some discussion has been going on about the inconsistent connectivity for iPhones since OS 4.0 was released – and why it was so important to upgrade to 4.0.1. To quote Daniel Trautman:
“iOS 4.0.0 has a very low timout variable, forget what specifically, but it is available on the Internet. What occurs is that the phone attempts to connect via EAS, but, when the timeout is hit, it starts up a new session without tearing down the previous attempt. This causes what is known as an “open-connection attack” on the servers, which, in basic terms, is that the number of connections per CAS (default of 500) can be taken up by one device. This prevents other devices from connecting as well as ties up server resources waiting for a response on the previous connections. Both the patch available, as well as the 4.0.1 upgrade resolve this issue by increasing the timeout variable (though I haven’t heard whether they’ve improved the connection management, however).
The patch does not change the DeviceUserAgent which Exchange uses to identify the device/OS version, but the upgrade (4.0.1) does. To prevent unpatched devices from connecting we are blocking devices with that OS. Since the DeviceUserAgent is only synced to the CAS (Exchange) upon initial sync, we are applying the block in IIS, which identifies the DeviceUserAgent on EVERY connect, so don’t have to worry about older devices that have upgraded (such as iPhone 3G/3GS).”