Killing client connection to Exchange server

Hi

The other night, the transaction logs on one of our Exch 2007 servers was growing rapidly. We managed to find the cause was a client that must have had a virus or something but was causing a lot of work for Exchange, which in turn generated logs for this work. We managed to close the connection by disabling the client's port on the local Cisco switch.

We're looking at ways we could have done this better. Is there another way we can disable a client's connection to Exchange?
I was thinking one of the following

1. Disable MAPI on the offending mailbox
2. Use TCPView to close the connection (IP > right click > Close Connection)

Does anyone know any other method?
chuckp2010Asked:
Who is Participating?
 
AmitConnect With a Mentor IT ArchitectCommented:
TCPView is one tool can be used. Secondly, unplug the client machine from the network. Scan it and then join it back
0
 
pchuiCommented:
First, you can monitor the clients using the Microsoft Exchange Server User Monitor:
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=9A49C22E-E0C7-4B7C-ACEF-729D48AF7BC9&displaylang=en

What type of activity is the client generating? Are lots of messages being generated? Exchange 2007 provides a degree of connection and message throttling:
http://technet.microsoft.com/en-us/library/bb232205(EXCHG.80).aspx

Also consider protecting your Windows server against DoS-type attacks:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;324270


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.