Exchange 2003 Backend server is constantly sending information to our Exchange Front End 2003 server
To give you all a basic over view of our configuration, we have two sites setup connected through a VPN and we have no problem communicating with devices on either side of the VPN tunnel. Site A has an Exchange 2003 server configured which actually contains the mailboxes. At Site B we have an Exchange 2003 server configured as a front end server, all email traffic comes into this server and gets passed out to the corresponding exchange servers.
The problem is, the exchange server with the mail boxes at Site A is sending data to the front end server and is using all available bandwidth. We have another site, Site C configured exactly the same as Site A, but it's not having any such problems. This problem has been going on for about the past month or so, prior to that this configuration has worked without this issue for the past 2 years.
I restarted the Exchange services which temporarily fixes the problem but approx 24 hours later, it starts up again.
I have no idea what information is being sent, no one has informed me of any large emails that have not been able to send. There is a 3 Mb pipe between sites and the email size limit is set to 50 MB so it shouldn't be a large email attempting to send.
Has any else experienced a similar problem or know where to start looking to solve this problem?
Thanks for any help.
The problem is, the exchange server with the mail boxes at Site A is sending data to the front end server and is using all available bandwidth. We have another site, Site C configured exactly the same as Site A, but it's not having any such problems. This problem has been going on for about the past month or so, prior to that this configuration has worked without this issue for the past 2 years.
I restarted the Exchange services which temporarily fixes the problem but approx 24 hours later, it starts up again.
I have no idea what information is being sent, no one has informed me of any large emails that have not been able to send. There is a 3 Mb pipe between sites and the email size limit is set to 50 MB so it shouldn't be a large email attempting to send.
Has any else experienced a similar problem or know where to start looking to solve this problem?
Thanks for any help.
ASKER
Stopping SMTP didn't help, but it got me to look at other services. I ended up stopping "World Wide Web Publishing Service" which did fix the problem yet it also kills OWA. Looking through the Application logs I see a DAVEX reference every time i see this issue.
I'm assuming this has to do with WEBDAV, is this a service i need? Is this a known issue at all?
Thanks.
I'm assuming this has to do with WEBDAV, is this a service i need? Is this a known issue at all?
Thanks.
ASKER
"World Wide Web Publishing Service" is defiantly the issue, but I'm not totally sure WEBDAV has anything to do with it as i haven't found any other correlation than a reference the event log which doesn't 100% match up.
Any help is appreciated, thank you.
Any help is appreciated, thank you.
did you setup any public folder replication between these 2 sites based upon a schedule ?
ASKER
Nope, there is no replication configured.
ASKER
As i mentioned, i have not configured file replication; however, i just discovered this event in my File Replication event log. Please note that both of these servers in which the communication is happening are both also Domain Controllers.
It doesn't look like this message corresponds to the time the high traffic is taking place, but i thought it was interesting that this message appeared and it's referencing the two servers that are causing the high traffic usage.
Thanks.
It doesn't look like this message corresponds to the time the high traffic is taking place, but i thought it was interesting that this message appeared and it's referencing the two servers that are causing the high traffic usage.
Thanks.
The File Replication Service is having trouble enabling replication from Server A to Server B for c:\windows\sysvol\domain using the DNS name Server A.mydomain.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name Server A.mydomain.com from this computer.
[2] FRS is not running on Server A.mydomain.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
FRS is used for DC-DC replication.
It's a light weight replication as against DFS.
That shouldnt be generating all the traffic.
Can you download and run this tool on both exchange servers.
http://www.microsoft.com/downloads/details.aspx?FamilyID=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en
Install it and run a health scan.
Please post back results here.
thanks
It's a light weight replication as against DFS.
That shouldnt be generating all the traffic.
Can you download and run this tool on both exchange servers.
http://www.microsoft.com/downloads/details.aspx?FamilyID=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en
Install it and run a health scan.
Please post back results here.
thanks
ASKER
What should i be looking for in here? I see a few critical errors, referencing the following:
- Unknown schema extension version (Active Directory Forest)
- Unrecognized Exchange signature (Domain)
- Global incoming message size too high (Organization) <-- this was manually configured higher
- Global outgoing message size too high (Organization) <-- this was manually configured higher
- 'SystemPages' set too high (Server name having problems)
- Paging file larger than Physical Memory (Server name having problems)
Thanks.
- Unknown schema extension version (Active Directory Forest)
- Unrecognized Exchange signature (Domain)
- Global incoming message size too high (Organization) <-- this was manually configured higher
- Global outgoing message size too high (Organization) <-- this was manually configured higher
- 'SystemPages' set too high (Server name having problems)
- Paging file larger than Physical Memory (Server name having problems)
Thanks.
Unrecognized exchange signature - ignore.
Global incoming / outgoing - not related to PF replication - but set it to something like 10/20 mb
SystemPages - follow the instructions
Paging file - follow the instructions.
---
Thinking out aloud
Too much traffic from one exchange server to another in a FE-BE setup
a) Please confirm that FE Exchange doesnt have any mailbox servers.
b) PF replication - thats between 2 BE Exchange servers and PF database replicating. FRS does not apply.
Any other replication sync etc. going on between the 2 servers ?
a) Do you have WSUS deployed on FE server, which might pull data from within the VPN
Is the server configured as a downstream server
Can you isolate the traffic between the 2 servers.
Download wireshark
www.wireshark.org/
Start capture
Filter
ip.src == 192.168.1.10 and ip.dst == 192.168.1.20
Where the IP's are those of your FE/BE Exchange servers
please post back.
Global incoming / outgoing - not related to PF replication - but set it to something like 10/20 mb
SystemPages - follow the instructions
Paging file - follow the instructions.
---
Thinking out aloud
Too much traffic from one exchange server to another in a FE-BE setup
a) Please confirm that FE Exchange doesnt have any mailbox servers.
b) PF replication - thats between 2 BE Exchange servers and PF database replicating. FRS does not apply.
Any other replication sync etc. going on between the 2 servers ?
a) Do you have WSUS deployed on FE server, which might pull data from within the VPN
Is the server configured as a downstream server
Can you isolate the traffic between the 2 servers.
Download wireshark
www.wireshark.org/
Start capture
Filter
ip.src == 192.168.1.10 and ip.dst == 192.168.1.20
Where the IP's are those of your FE/BE Exchange servers
please post back.
ASKER
Where do you want to start with the data? I see quite a bit of HTTP traffic (BE to FE) as well as a lot of TCP traffic (FE to BE). The TCP traffic is showing Header Checksum errors. Most of the HTTP traffic says continuation or non-http traffic.
I'm not too familiar with WireShark so you may need to walk me through what you think is valuable information.
Thanks.
I'm not too familiar with WireShark so you may need to walk me through what you think is valuable information.
Thanks.
you can export it and save it on your desktop.
zip it and upload it here.
zip it and upload it here.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That's fine.
Check Event Log
Patch Exchange Server
If you stop SMTP does the problem still occur