ruhkus
asked on
E-mail delayed during DNS server reboot
I have 2 DCs and Exchange 2013 on another server. I also use Proofpoint for antivirus/smart host purposes. I needed to reboot one of the DCs, which also is the 'primary' DNS server. It seems that rebooting this server caused a temporary delay in the delivery of e-mail (Proofpoint identifying inbound messages as deferred during this time and outbound messages from Exchange didn't reach Proofpoint.) Although I rebooted remotely, in the past DNS would work fine during the reboot. (Everything was fine shortly after the server came back up.)
I'm trying to figure what would cause this issue, as I would've expected DNS to run through the other DC during this time. The firewall forwards to the numeric IP of the mail server, so that seemed fine. I didn't see any DNS issues in the logs of the two DCs either.
Thanks.
I'm trying to figure what would cause this issue, as I would've expected DNS to run through the other DC during this time. The firewall forwards to the numeric IP of the mail server, so that seemed fine. I didn't see any DNS issues in the logs of the two DCs either.
Thanks.
ASKER
It looks like it's only SP1 at this time (which of course is a different issue I have to address). Thanks.
Yeah, I'd upgrade to at least CU14 as Microsoft support model is n -1. (Newest release minus 1), Current release is Exchange 2013 CU15, so you could install CU14 and be in a supported state. It may also resolve the delay issue as there have been a number of fixes since CU4 (SP1).
You can set 10 DNS servers in exchange server and make sure that at least one remains up at all times.
ASKER
So looking into this some more it seems that about 10 minutes after I initiated the reboot of the DC, the Exchange server resource pressure increased from Normal to High causing the various e-mail issues. This was due to Version buckets increasing to 351. Since I did this over the weekend, I'm assuming the reboot of the DC somehow caused this, however I'm not clear why this would've happened.
Per TechNet - "The number of version buckets may increase to unacceptably high levels because of an unexpectedly high volume of incoming messages, spam attacks, problems with the message queue database integrity, or hard drive performance."
Per TechNet - "The number of version buckets may increase to unacceptably high levels because of an unexpectedly high volume of incoming messages, spam attacks, problems with the message queue database integrity, or hard drive performance."
@Ruhkus
LDAP, any delays in LDAP response (Read or Search) will result in version buckets increasing. So will memory or disk pressure. Shutting down a Domain Controller while Transport still had open LDAP read / search requests could of resulted in a delay which caused the queue to build up.
With the DC that remained up what does its performance look like? With Exchange, Microsoft recommends an 8 to 1 CPU core ratio. Meaning for every 8 Exchange CPU cores, have at least 1 Domain Controller CPU core. If the ratio dropped during that time, it would start to overwhelm the remaining Domain Controller with NTLM authentication requests as well as LDAP requests resulting in LDAP read / search response delays.
LDAP, any delays in LDAP response (Read or Search) will result in version buckets increasing. So will memory or disk pressure. Shutting down a Domain Controller while Transport still had open LDAP read / search requests could of resulted in a delay which caused the queue to build up.
With the DC that remained up what does its performance look like? With Exchange, Microsoft recommends an 8 to 1 CPU core ratio. Meaning for every 8 Exchange CPU cores, have at least 1 Domain Controller CPU core. If the ratio dropped during that time, it would start to overwhelm the remaining Domain Controller with NTLM authentication requests as well as LDAP requests resulting in LDAP read / search response delays.
ASKER
Thanks for the feedback. Exchange is only running on 4 cores and the DC that remained up had 4 cores, so that shouldn't have been an issue. Does it make sense though for the LDAP requests to have increased to such a degree on a day that we were closed and only a handful of e-mails were likely being processed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://support.microsoft.com/en-us/help/3088777/exchange-2013-cu6-and-later-uses-out-of-site-domain-controllers-and-global-catalog-servers
This could be the issue you are running into. If Exchange goes out of site and you have high LDAP times it could definitely cause a mail delay issue.