Solved

Exchange 2003  Backend server is constantly sending information to our Exchange Front End 2003 server

Posted on 2010-08-19
16
825 Views
Last Modified: 2012-05-10
To give you all a basic over view of our configuration, we have two sites setup connected through a VPN and we have no problem communicating with devices on either side of the VPN tunnel. Site A has an Exchange 2003 server configured which actually contains the mailboxes. At Site B we have an Exchange 2003 server configured as a front end server, all email traffic comes into this server and gets passed out to the corresponding exchange servers.

The problem is, the exchange server with the mail boxes at Site A is sending data to the front end server and is using all available bandwidth. We have another site, Site C configured exactly the same as Site A, but it's not having any such problems. This problem has been going on for about the past month or so, prior to that this configuration has worked without this issue for the past 2 years.

I restarted the Exchange services which temporarily fixes the problem but approx 24 hours later, it starts up again.

I have no idea what information is being sent, no one has informed me of any large emails that have not been able to send. There is a 3 Mb pipe between sites and the email size limit is set to 50 MB so it shouldn't be a large email attempting to send.

Has any else experienced a similar problem or know where to start looking to solve this problem?

Thanks for any help.
0
Comment
Question by:mcjim2k
  • 9
  • 5
16 Comments
 
LVL 17

Expert Comment

by:sgsm81
ID: 33482736
Enable logging on the exchange server

Check Event Log

Patch Exchange Server

If you stop SMTP does the problem still occur
0
 

Author Comment

by:mcjim2k
ID: 33486972
Stopping SMTP didn't help, but it got me to look at other services. I ended up stopping "World Wide Web Publishing Service" which did fix the problem yet it also kills OWA. Looking through the Application logs I see a DAVEX reference every time i see this issue.

I'm assuming this has to do with WEBDAV, is this a service i need? Is this a known issue at all?

Thanks.
0
 

Author Comment

by:mcjim2k
ID: 33544008
"World Wide Web Publishing Service" is defiantly the issue, but I'm not totally sure WEBDAV has anything to do with it as i haven't found any other correlation than a reference the event log which doesn't 100% match up.

Any help is appreciated, thank you.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33546372
did you setup any public folder replication between these 2 sites based upon a schedule ?
0
 

Author Comment

by:mcjim2k
ID: 33555960
Nope, there is no replication configured.
0
 

Author Comment

by:mcjim2k
ID: 33555988
As i mentioned, i have not configured file replication; however, i just discovered this event in my File Replication event log. Please note that both of these servers in which the communication is happening are both also Domain Controllers.

It doesn't look like this message corresponds to the time the high traffic is taking place, but i thought it was interesting that this message appeared and it's referencing the two servers that are causing the high traffic usage.

Thanks.


The File Replication Service is having trouble enabling replication from Server A to Server B for c:\windows\sysvol\domain using the DNS name Server A.mydomain.com. FRS will keep retrying. 

 Following are some of the reasons you would see this warning. 

 

 [1] FRS can not correctly resolve the DNS name Server A.mydomain.com from this computer. 

 [2] FRS is not running on Server A.mydomain.com. 

 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 

 

 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Open in new window

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33560160
FRS is used for DC-DC replication.
It's a light weight replication as against DFS.

That shouldnt be generating all the traffic.

Can you download and run this tool on both exchange servers.
http://www.microsoft.com/downloads/details.aspx?FamilyID=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en

Install it and run a health scan.

Please post back results here.

thanks
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:mcjim2k
ID: 33561191
What should i be looking for in here? I see a few critical errors, referencing the following:
- Unknown schema extension version (Active Directory Forest)
- Unrecognized Exchange signature (Domain)
- Global incoming message size too high (Organization) <-- this was manually configured higher
- Global outgoing message size too high (Organization) <-- this was manually configured higher
- 'SystemPages' set too high (Server name having problems)
- Paging file larger than Physical Memory (Server name having problems)

Thanks.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561281
Unrecognized exchange signature - ignore.
Global incoming / outgoing - not related to PF replication - but set it to something like 10/20 mb
SystemPages - follow the instructions
Paging file - follow the instructions.

---
Thinking out aloud

Too much traffic from one exchange server to another in a FE-BE setup
a) Please confirm that FE Exchange doesnt have any mailbox servers.
b) PF replication - thats between 2 BE Exchange servers and PF database replicating. FRS does not apply.

Any other replication sync etc. going on between the 2 servers ?
a) Do you have WSUS deployed on FE server, which might pull data from within the VPN
Is the server configured as a downstream server

Can you isolate the traffic between the 2 servers.
Download wireshark
www.wireshark.org/
Start capture
Filter
ip.src == 192.168.1.10 and ip.dst == 192.168.1.20

Where the IP's are those of your FE/BE Exchange servers

please post back.
0
 

Author Comment

by:mcjim2k
ID: 33562493
Where do you want to start with the data? I see quite a bit of HTTP traffic (BE to FE) as well as a lot of TCP traffic (FE to BE). The TCP traffic is showing Header Checksum errors. Most of the HTTP traffic says continuation or non-http traffic.

I'm not too familiar with WireShark so you may need to walk me through what you think is valuable information.

Thanks.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33562505
you can export it and save it on your desktop.
zip it and upload it here.

0
 

Assisted Solution

by:mcjim2k
mcjim2k earned 0 total points
ID: 33562620
Attached are 5 frames which basically sum up all of the traffic I am seeing.
taffic.zip
0
 

Accepted Solution

by:
mcjim2k earned 0 total points
ID: 33590823
After applying a few security patches this week, the problem seemed to have gone away. Didn't really do anything other than a restart and the server has been restarted several times during this issue. It may have fixed itself. I would like to leave this thread open for another day or two to see if the issue comes back.
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 100 total points
ID: 33590859
this is weird :)

I think you should let it run for 1-2 days and get the normal traffic to resume to see if the issue is resolved.
0
 

Author Comment

by:mcjim2k
ID: 33831747
That's fine.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now