Solved

High internet usage caused by Outlook going externally to internal Exchange server

Posted on 2015-01-06
10
185 Views
Last Modified: 2015-01-11
We have an Exchange 2007 server and Outlook 2013 clients running on our Server 2008 / Windows 7 network.

All internet access is routed externally through a remote proxy server (for filtering, control, reporting etc).

When looking at the usage reports for traffic going through this external proxy server, I am often seeing high usage for various users, and the urls reported as being visited are 'mail.<our domain>.com' and 'autodiscover.<our domain>.com'

It's not always for the same users, and it's not happening all the time.

We do have the 'Microsoft Exchange Proxy Settings' in Outlook set on all PCs to use 'mail.<our domain>.com' but my understanding was that this would only be used if a local connection was not available - we set it up through GP so that any laptops will connect when off-site.

Any idea why Outlook is sending traffic externally (but only some of the time) to connect to the internal Exchange server?
0
Comment
Question by:Michael986
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534596
my understanding was that this would only be used if a local connection was not available - we set it up through GP so that any laptops will connect when off-site.

Configure Split DNS

You are correct but, if you have not added the autodiscover.domain.com and mail.domain.com to an internal DNS Zone for your servers they will always go out and back around for services. Split DNS needs to be configured and the appropriate host records need to be inplace pointing to the internal server IP addresses.

Will.
0
 

Author Comment

by:Michael986
ID: 40534609
We have both mail. and autodiscover. pointing to the internal IP of the Exchange server on our internal DNS server, which all PCs are using.

And the problem isn't a permanent issue - I've just noticed it happening a few times for different users over the last few weeks - most of the time there's no record of Outlook traffic going externally.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534620
Is it possible they are connected to a shared guest wifi connection or VPN connect or something like that? When this happens what i would do is right click on the Outlook client and select Autodiscover test and also check the connection status as well. See what info you can grab from there.

If that does not help, what you might want to do is install something like wireshark on the local machine and do a trace to see where the packets are going. Maybe they are being routed to a different destination or maybe their DNS settings have been changed (8.8.8.8). or something of that nature.

Aside from that you will need to be infront of the issue in order to troubleshoot it.

Will.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:Michael986
ID: 40534641
The PCs don't have wireless access (Ethernet only) and they don't have any VPNs set up - the only connection they have is to the LAN.

I'd like to be able to troubleshoot the problem as it's happening, but the only indication I'm getting is from the Proxy Server reports which are sent at the end of every day. And as it occurs only periodically, and on different PCs, it's not going to be easy to pre-empt it to perform a trace.

I'll have a look at the proxy server settings to see if that can alert me if there's access to a specific site (ie mail.<our domain>.com) - but would also be interested to hear any other theories about what may be happening.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534676
What i would also recommend is seeing if you can get a source IP from a client that is actually having this experience. Maybe it is related to a bad or misconfigured switch in your environment. This one will be difficult until you have more information at hand.

As stated before not having a Split DNS would be the first reason why this would happen. As you have said you have this properly configured the only other thing i can think of with the info provided is made a wrong DNS entry, routing issue, or some sort of DNS caching from another public network.

Also might be a long shot but also checking the local host file as well.

These are some of the thing you can check once you have the machine in front of you.

Will.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40535408
If you are using a proxy server, then do you have the correct exclusions in the proxy configuration on the clients to stop them from routing internal traffic out? I see incorrect proxy configuration a lot, which causes problems because of the high use of web services by Outlook/Exchange.

Simon.
0
 

Author Comment

by:Michael986
ID: 40536770
Simon,

There is no specific routing for mail.<domain>.com or autodiscover.<domain>.com in the proxy config - but there are DNS entries which point these to the internal IP of the Exchange server. Shouldn't that suffice?

I could add a route to the Proxy server to redirect these two subdomains to the internal IP address, but I'm unsure as to why I need to do that - ie why is Outlook trying to connect externally when DNS tells it that the subdomain is internal? (in fact, why is it trying to connect to these subdomains at all?)
0
 

Author Comment

by:Michael986
ID: 40537117
Additional info :-

I've set up an alert on the proxy to flag when any user 'visits' either of the two subdomains.

What I've found is that the majority of users are triggering this alert, but it seems to tie in with users that have configured Outlook with more than one mailbox (which most do). As we're using Outlook 2013, some have extra mailboxes added as a separate account, others have them added as 'additional mailboxes' on the default account - both methods cause the alert to be triggered.

I can't see any evidence of an alert being caused by a PC with just the default mailbox in Outlook.

EDIT : Have now noted that I DO get alerts from PCs with just the default mailbox - they just seem to be less frequent than for PCs with multiple mailboxes.

Several PCs were causing a high number of alerts - on checking, I found that they still had additional accounts / mailboxes for users that had been deleted from AD. Once these entries were removed from Outlook, the number of alerts went back to a more 'normal' level.

However, the question still stands as to why these additional mailboxes / extra accounts are causing Outlook to check externally for mail.<domain>.com and autodiscover.<domain>.com
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40537396
Local DNS entries don't matter when it comes to the proxy.
You need to put an exception in the proxy configuration on the clients so that they don't even attempt to send the traffic through the proxy. You shouldn't be changing the configuration of the proxy server, this is a client side change that should be made.

Clients will query for Autodiscover frequently. If they cannot get the information from the domain (because the proxy is getting in the way) then they will attempt to go through the other methods available to Autodiscover. You need to get the proxy configuration corrected.

Simon.
0
 

Author Closing Comment

by:Michael986
ID: 40543521
The solution was to tell the proxy server to allow mail.<domain>.com and autodiscover.<domain>.com to go 'direct' - once this PAC file was downloaded to the clients, requests to these subdomains were routed using local the DNS settings - and therefore to the local Exchange server.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Changing a few Outlook Options can help keep you organized!
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question