?
Solved

Exchange 2003  Backend server is constantly sending information to our Exchange Front End 2003 server

Posted on 2010-08-19
16
Medium Priority
?
1,046 Views
Last Modified: 2012-05-10
To give you all a basic over view of our configuration, we have two sites setup connected through a VPN and we have no problem communicating with devices on either side of the VPN tunnel. Site A has an Exchange 2003 server configured which actually contains the mailboxes. At Site B we have an Exchange 2003 server configured as a front end server, all email traffic comes into this server and gets passed out to the corresponding exchange servers.

The problem is, the exchange server with the mail boxes at Site A is sending data to the front end server and is using all available bandwidth. We have another site, Site C configured exactly the same as Site A, but it's not having any such problems. This problem has been going on for about the past month or so, prior to that this configuration has worked without this issue for the past 2 years.

I restarted the Exchange services which temporarily fixes the problem but approx 24 hours later, it starts up again.

I have no idea what information is being sent, no one has informed me of any large emails that have not been able to send. There is a 3 Mb pipe between sites and the email size limit is set to 50 MB so it shouldn't be a large email attempting to send.

Has any else experienced a similar problem or know where to start looking to solve this problem?

Thanks for any help.
0
Comment
Question by:mcjim2k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
16 Comments
 
LVL 17

Expert Comment

by:Steve
ID: 33482736
Enable logging on the exchange server

Check Event Log

Patch Exchange Server

If you stop SMTP does the problem still occur
0
 

Author Comment

by:mcjim2k
ID: 33486972
Stopping SMTP didn't help, but it got me to look at other services. I ended up stopping "World Wide Web Publishing Service" which did fix the problem yet it also kills OWA. Looking through the Application logs I see a DAVEX reference every time i see this issue.

I'm assuming this has to do with WEBDAV, is this a service i need? Is this a known issue at all?

Thanks.
0
 

Author Comment

by:mcjim2k
ID: 33544008
"World Wide Web Publishing Service" is defiantly the issue, but I'm not totally sure WEBDAV has anything to do with it as i haven't found any other correlation than a reference the event log which doesn't 100% match up.

Any help is appreciated, thank you.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33546372
did you setup any public folder replication between these 2 sites based upon a schedule ?
0
 

Author Comment

by:mcjim2k
ID: 33555960
Nope, there is no replication configured.
0
 

Author Comment

by:mcjim2k
ID: 33555988
As i mentioned, i have not configured file replication; however, i just discovered this event in my File Replication event log. Please note that both of these servers in which the communication is happening are both also Domain Controllers.

It doesn't look like this message corresponds to the time the high traffic is taking place, but i thought it was interesting that this message appeared and it's referencing the two servers that are causing the high traffic usage.

Thanks.

The File Replication Service is having trouble enabling replication from Server A to Server B for c:\windows\sysvol\domain using the DNS name Server A.mydomain.com. FRS will keep retrying. 
 Following are some of the reasons you would see this warning. 
 
 [1] FRS can not correctly resolve the DNS name Server A.mydomain.com from this computer. 
 [2] FRS is not running on Server A.mydomain.com. 
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Open in new window

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33560160
FRS is used for DC-DC replication.
It's a light weight replication as against DFS.

That shouldnt be generating all the traffic.

Can you download and run this tool on both exchange servers.
http://www.microsoft.com/downloads/details.aspx?FamilyID=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en

Install it and run a health scan.

Please post back results here.

thanks
0
 

Author Comment

by:mcjim2k
ID: 33561191
What should i be looking for in here? I see a few critical errors, referencing the following:
- Unknown schema extension version (Active Directory Forest)
- Unrecognized Exchange signature (Domain)
- Global incoming message size too high (Organization) <-- this was manually configured higher
- Global outgoing message size too high (Organization) <-- this was manually configured higher
- 'SystemPages' set too high (Server name having problems)
- Paging file larger than Physical Memory (Server name having problems)

Thanks.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561281
Unrecognized exchange signature - ignore.
Global incoming / outgoing - not related to PF replication - but set it to something like 10/20 mb
SystemPages - follow the instructions
Paging file - follow the instructions.

---
Thinking out aloud

Too much traffic from one exchange server to another in a FE-BE setup
a) Please confirm that FE Exchange doesnt have any mailbox servers.
b) PF replication - thats between 2 BE Exchange servers and PF database replicating. FRS does not apply.

Any other replication sync etc. going on between the 2 servers ?
a) Do you have WSUS deployed on FE server, which might pull data from within the VPN
Is the server configured as a downstream server

Can you isolate the traffic between the 2 servers.
Download wireshark
www.wireshark.org/
Start capture
Filter
ip.src == 192.168.1.10 and ip.dst == 192.168.1.20

Where the IP's are those of your FE/BE Exchange servers

please post back.
0
 

Author Comment

by:mcjim2k
ID: 33562493
Where do you want to start with the data? I see quite a bit of HTTP traffic (BE to FE) as well as a lot of TCP traffic (FE to BE). The TCP traffic is showing Header Checksum errors. Most of the HTTP traffic says continuation or non-http traffic.

I'm not too familiar with WireShark so you may need to walk me through what you think is valuable information.

Thanks.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33562505
you can export it and save it on your desktop.
zip it and upload it here.

0
 

Assisted Solution

by:mcjim2k
mcjim2k earned 0 total points
ID: 33562620
Attached are 5 frames which basically sum up all of the traffic I am seeing.
taffic.zip
0
 

Accepted Solution

by:
mcjim2k earned 0 total points
ID: 33590823
After applying a few security patches this week, the problem seemed to have gone away. Didn't really do anything other than a restart and the server has been restarted several times during this issue. It may have fixed itself. I would like to leave this thread open for another day or two to see if the issue comes back.
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 400 total points
ID: 33590859
this is weird :)

I think you should let it run for 1-2 days and get the normal traffic to resume to see if the issue is resolved.
0
 

Author Comment

by:mcjim2k
ID: 33831747
That's fine.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses
Course of the Month13 days, 8 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question