Link to home
Create AccountLog in
Avatar of FERREIRA88
FERREIRA88

asked on

TMG denying connection for smtp traffic

Dear Experts,

Some users were complaining that email with attachments were not being received from external senders. So I checked the limits and they were all set to 20Mb. I asked the senders for some more info and some of them were getting bounce backs stating 4.2.1 connection dropped. Also some were getting delay notifications and the message would eventually be delivered a few hours (or days) later.

I then decided to send a few tests. At 10pm, when things were a little less busy, I sent 3 separate emails to an internal recipient - each with a different sized attachment - 2Mb, 5Mb and 8Mb.  The mails arrived in good time. when i send the same mail during working hours the emails gets delayed.

I have looked at the TMG logs and noticed a lot of denied connections for smtp traffic as below:

Denied Connection RX-TMG01-S 2011/11/09 12:15:53 PM
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.  
Rule: None - see Result Code
Source: External (213.199.154.134:39731)
Destination: Local Host (196.15.196.58:25)
Protocol: SMTP
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 213.199.154.134

Also listed against this  log entry is " 0xc0040017 FWX_C_TCP_NOT_SYN_PACKET_DROPPED "

Notice that the rule which denies the connection is blank! Even when an email is delivered successfully, this message appears in the log.

All our email are sent via bigfish.com the online exchange protection service and the delivered to our exchange. following errors shows on bigfish side when the email needs to be deliverd to the exchange.

    Sender:
    user@gmail.com
    Recipient:
    user@domain.com
    Message ID:
    CADZjsbm--xochg2SRyORycuLXoHgHq6P8pRMCzcp2uXBAZcLUA@mail.gmail.com
    Message size:
    7,967.48 KB
    Date and time received:
    2011/11/09 10:42:51 AM
    Date and time filtered:
    2011/11/09 10:42:51 AM
    First delivery attempt:
    2011/11/09 11:12:58 AM
    Final delivery attempt:
    2011/11/09 11:43:05 AM
    From IP address:
    209.85.161.45 <unknown>
    To IP address:
    196.15.***.** <196.15.***.**>
    Filtering results:
    Passed Filtering (Hit Policy Allow rule ID 1038890)
    Delivery result:
    In Deferral: lost connection with 196.15.***.**[196.15.***.**] while sending message body (2 attempts)



Any ideas what is going on here?

All help appreciated. Thanks.



 
ASKER CERTIFIED SOLUTION
Avatar of Suliman Abu Kharroub
Suliman Abu Kharroub
Flag of Jordan image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of FERREIRA88
FERREIRA88

ASKER

my exchange server is using 97% memory of 16GB. Disk space looks to be enough
97% is very high, As said in the article exchange server will not accept external emails if the memory usage is higher than 94%...

on task manager, which process is eating the memory ?


also, check the partition which hosted the pagefile,,, is it ok on the free space ? more than 10% free disk space.
Disks has more than 10GB free.

List of processes follow....

Image      PID      Hard Faults/sec      Commit (KB)      Working Set (KB)      Shareable (KB)      Private (KB)
store.exe      5672      0      7 858 112      7 754 348      27 944      7 726 404
w3wp.exe      5820      0      585 000      614 936      80 512      534 424
w3wp.exe      9804      0      505 356      537 228      85 264      451 964
EdgeTransport.exe      6672      0      470 568      408 280      107 168      301 112
svchost.exe (regsvc)      2140      0      445 356      444 944      8 928      436 016
Microsoft.Exchange.Monitoring.exe      7900      0      394 884      429 496      110 600      318 896
FSCTransportScanner.exe      8556      0      345 448      231 036      15 296      215 740
FSCRealtimeScanner.exe      7624      0      343 112      225 852      14 724      211 128
FSCTransportScanner.exe      8732      0      335 616      219 488      14 400      205 088
FSCRealtimeScanner.exe      7672      0      332 812      212 500      12 964      199 536
FSCTransportScanner.exe      8440      0      332 544      213 784      13 620      200 164
w3wp.exe      4228      0      313 592      308 792      75 320      233 472
Microsoft.Exchange.RpcClientAccess.Service.exe      3460      0      301 628      281 432      61 952      219 480
w3wp.exe      1832      0      290 108      306 888      75 524      231 364
Microsoft.Exchange.Pop3.exe      3152      0      285 172      269 472      50 336      219 136
w3wp.exe      5208      0      269 964      282 988      74 768      208 220
Microsoft.Exchange.ServiceHost.exe      3620      0      259 960      217 204      47 124      170 080
ExTRA.exe      2948      0      241 480      230 976      77 840      153 136
Microsoft.Exchange.AddressBook.Service.exe      2240      0      239 860      203 116      38 700      164 416
Microsoft.Exchange.Imap4.exe      2820      0      237 416      210 900      39 296      171 604
Microsoft.Exchange.Imap4Service.exe      2672      0      236 968      203 528      29 956      173 572
MSExchangeTransportLogSearch.exe      3780      0      236 920      198 668      38 084      160 584
w3wp.exe      5372      0      236 136      237 436      57 136      180 300
Microsoft.Exchange.Pop3Service.exe      1684      0      220 100      186 296      29 976      156 320
MSExchangeMailboxReplication.exe      2964      0      219 728      191 760      44 552      147 208
msexchangerepl.exe      3276      0      218 396      159 256      55 440      103 816
Microsoft.Exchange.ProtectedServiceHost.exe      3136      0      214 240      180 784      28 640      152 144
MSExchangeThrottling.exe      3704      0      211 536      175 908      27 820      148 088
mmc.exe      17400      0      186 064      33 312      14 972      18 340
mmc.exe      5252      0      182 996      21 784      9 088      12 696
msftefd.exe      5700      0      123 148      87 740      45 644      42 096
inetinfo.exe      1972      0      118 896      118 216      8 236      109 980
MsMpEng.exe      848      0      117 608      75 376      16 932      58 444
powershell.exe      10808      0      113 516      34 840      11 368      23 472
mmc.exe      10540      0      110 912      58 364      20 256      38 108
MSExchangeMailboxAssistants.exe      2788      0      108 388      115 672      60 168      55 504
Microsoft.Exchange.Search.ExSearch.exe      3536      0      108 388      83 260      39 936      43 324
HealthService.exe      1904      0      103 840      37 288      4 412      32 876
Microsoft.Exchange.EdgeSyncSvc.exe      2524      0      103 012      66 364      32 116      34 248
MSExchangeMailSubmission.exe      3032      0      80 088      78 388      48 680      29 708
mmc.exe      16548      0      77 356      60 908      30 856      30 052
MsExchangeFDS.exe      2612      0      75 848      68 540      35 516      33 024
mmc.exe      10452      0      74 584      26 848      14 112      12 736
svchost.exe (netsvcs)      976      0      72 152      78 244      24 624      53 620
MonitoringHost.exe      3244      0      69 036      45 544      4 864      40 680
MSExchangeTransport.exe      6568      0      64 912      53 320      29 912      23 408
WmiPrvSE.exe      6284      0      57 020      60 116      9 572      50 544
svchost.exe (LocalServiceNetworkRestricted)      924      0      56 316      51 892      20 224      31 668
Microsoft.Forefront.Server.EhsGatewayService.exe      1756      0      55 408      57 024      32 348      24 676
SentItemsUpdater.Service.exe      1588      0      54 300      53 928      26 148      27 780
SMSvcHost.exe      2068      0      43 232      38 632      21 056      17 576
Microsoft.Exchange.AntispamUpdateSvc.exe      2476      0      41 856      30 328      17 484      12 844
svchost.exe (LocalService)      356      0      35 920      40 980      6 672      34 308
explorer.exe      8920      0      33 552      51 240      27 260      23 980
FSEMailPickup.exe      5608      0      29 628      24 876      13 520      11 356
FSCEventing.exe      6624      0      29 524      34 596      17 460      17 136
lsass.exe      584      0      23 568      31 832      9 660      22 172
mad.exe      5040      0      23 044      29 800      11 148      18 652
WmiPrvSE.exe      7936      0      22 372      24 260      6 984      17 276
w3wp.exe      4492      0      21 628      27 164      9 856      17 308
FSCConfigurationServer.exe      5684      0      21 216      26 964      12 836      14 128
CcmExec.exe      4140      0      20 796      35 988      19 500      16 488
svchost.exe (NetworkService)      364      0      19 168      21 168      10 360      10 808
perfmon.exe      13472      0      17 068      26 452      12 196      14 256
explorer.exe      13496      0      16 516      33 616      21 228      12 388
FSCController.exe      4396      0      13 908      19 960      8 796      11 164
svchost.exe (RPCSS)      768      0      13 852      18 176      5 400      12 776
MonitoringHost.exe      4852      0      13 476      10 648      4 936      5 712
MSExchangeADTopologyService.exe      2024      0      13 348      18 148      7 628      10 520
FSCScheduledScanner.exe      7740      0      13 248      18 816      8 256      10 560
FSCTransportScanner.exe      9480      0      13 056      18 684      8 264      10 420
FSCRealtimeScanner.exe      7848      0      13 004      18 644      8 268      10 376
FSCRealtimeScanner.exe      7796      0      12 780      18 612      8 272      10 340
cscript.exe      15748      0      11 716      16 912      6 784      10 128
cscript.exe      7828      0      11 696      16 948      6 812      10 136
svchost.exe (LocalServiceNoNetwork)      1044      0      10 752      13 564      6 832      6 732
spoolsv.exe      1264      0      10 212      16 564      9 176      7 388
exfba.exe      1552      0      9 612      11 808      5 336      6 472
WmiPrvSE.exe      9504      1      9 320      10 300      6 284      4 016
svchost.exe (LocalSystemNetworkRestricted)      444      0      9 172      17 032      8 676      8 356
svchost.exe (iissvcs)      2208      0      9 168      13 012      5 344      7 668
services.exe      576      0      8 792      14 456      6 744      7 712
LogonUI.exe      8640      0      8 744      15 664      8 296      7 368
clussvc.exe      4708      0      8 192      15 404      9 420      5 984
rhs.exe      6116      0      7 924      14 036      7 120      6 916
TrustedInstaller.exe      11992      0      7 624      8 772      5 320      3 452
svchost.exe (DcomLaunch)      692      0      7 172      12 888      6 828      6 060
WmiPrvSE.exe      10248      0      6 896      10 712      5 368      5 344
vmicsvc.exe      1356      0      6 152      10 164      4 916      5 248
WmiPrvSE.exe      5792      0      6 116      8 416      4 804      3 612
msseces.exe      5656      0      5 724      12 796      8 520      4 276
msseces.exe      17108      0      5 708      12 736      8 472      4 264
rhs.exe      5988      0      5 104      9 800      6 152      3 648
DWRCS.EXE      1724      0      4 928      9 160      5 600      3 560
FSEContentScanner64.exe      7880      0      4 896      9 608      6 116      3 492
msftesql.exe      1704      0      4 868      33 160      29 224      3 936
svchost.exe (apphost)      1464      0      4 732      9 132      4 832      4 300
svchost.exe (termsvcs)      6432      0      4 220      9 620      6 136      3 484
csrss.exe      428      0      4 192      6 196      2 968      3 228
cscript.exe      12480      0      3 984      7 968      4 692      3 276
cscript.exe      12248      0      3 972      7 864      4 636      3 228
taskmgr.exe      16240      0      3 892      12 604      9 112      3 492
lsm.exe      592      0      3 892      6 964      4 092      2 872
msdtc.exe      4092      0      3 724      7 724      4 572      3 152
sppsvc.exe      6528      0      3 608      9 532      6 704      2 828
fscvsswriter.exe      4788      0      3 388      7 496      5 160      2 336
FSCMonitor.exe      1884      0      3 200      5 864      4 108      1 756
taskhost.exe      8512      0      3 016      6 060      4 176      1 884
rdpclip.exe      16660      0      2 980      7 648      4 964      2 684
csrss.exe      15752      0      2 908      6 384      4 124      2 260
taskhost.exe      12744      0      2 892      5 872      4 148      1 724
svchost.exe (RPCHTTPLBS)      4576      0      2 840      5 776      3 208      2 568
vmicsvc.exe      1308      0      2 784      7 276      4 828      2 448
WmiPrvSE.exe      15096      0      2 684      5 892      3 800      2 092
taskeng.exe      5616      0      2 236      5 516      3 608      1 908
csrss.exe      16776      0      2 184      5 292      3 648      1 644
winlogon.exe      11436      0      2 164      5 172      3 336      1 836
winlogon.exe      5596      0      2 156      5 180      3 336      1 844
rdpclip.exe      9008      0      2 148      6 824      4 980      1 844
svchost.exe (NetworkServiceNetworkRestricted)      6556      0      2 112      5 476      3 784      1 692
csrss.exe      15816      0      1 848      3 856      2 488      1 368
svchost.exe (LocalServiceAndNoImpersonation)      1448      0      1 808      7 956      6 432      1 524
vmicsvc.exe      1436      0      1 788      4 560      3 016      1 544
winlogon.exe      972      0      1 760      4 236      2 800      1 436
vmicsvc.exe      1408      0      1 748      4 588      3 080      1 508
vmicsvc.exe      1384      0      1 704      4 368      2 892      1 476
wininit.exe      488      0      1 692      4 524      3 184      1 340
dwm.exe      8048      0      1 564      3 880      2 608      1 272
dwm.exe      14472      0      1 524      3 844      2 608      1 236
conhost.exe      6804      0      1 184      3 020      2 032      988
conhost.exe      7380      0      1 180      3 060      2 068      992
conhost.exe      10548      0      1 180      3 060      2 072      988
conhost.exe      1084      0      1 180      3 076      2 088      988
conhost.exe      13712      0      1 180      3 056      2 076      980
conhost.exe      6684      0      1 168      2 848      1 836      1 012
conhost.exe      2828      0      1 164      2 824      1 812      1 012
conhost.exe      3164      0      1 164      2 820      1 812      1 008
smss.exe      336      0      636      1 316      756      560
System      4      0      112      300      244      56