Exchange 2010 affects US and DS of cable modem

budmanlud
budmanlud used Ask the Experts™
on
Intermittently our speeds drops significantly on our Comcast modem and I have isolated it to our Exchange server. Typically we have speeds of 125 Mbps for DS and 25 Mbps for US. Latency is usually around 15-20 ms. But then we will drop to 80 for DS and our US might drip below 1 Mbps with latency going up to 50-125 ms. If I disconnect the Exchange server from the network it goes right back to the typical speeds. I have our Exchange server connected to a switch for both the Static IP card and the internal network card. I have the modem plugged into the switch also. If I unplug the modem from the switch it will resume regular speeds but we don't have active sync working on our phones. We have about 40 users VPN in for mail and a legacy application that we use for property management. If I restart our Exchange server speeds tend to resume to normal levels.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017
Commented:
Instead of disconnecting, check the logs on the exchange and see how much data it is receiving and how much data it is sending back that is undeliverable.....

What else is running on the system that could explain a large data ...

Do you monitor your systems, bandwidth use?

That could shed light on your issue when the network transfer spikes.
Distinguished Expert 2018

Commented:
So the big question I'm going to ask is why you have the Exchange server connected to both the LAN and directly to the internet. That's a very dangerous thing. Would recommend your putting in a firewall, and having the Exchange server behind that if you don't already have one.

Plus obviously there is a huge amount of data being transferred by that server for some reason. You need to investigate that. Could tie to your configuration that I'm asking questions about. Also have you investigated whether your server may have been compromised, or even being used as an open relay.
Distinguished Expert 2017

Commented:
is the windows server on which exchange is running an SBS, essential and functions as a router in addition to it all?
Exchange is a resource consumer and will impact the performance of everything passing through the server on which it runs.

Echo masnrock's on using an external facing router with firewall, if you must you can forward ports from the outside to the windows server that will remain acting as the VPN end point.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

AmitIT Architect
Distinguished Expert 2017

Commented:
Any public folder replication between two sites?
Distinguished Expert 2018

Commented:
Especially if you have users VPN in for access to their mail, then the Exchange server definitely doesn't need direct exposure to the internet the way is now. And building on a part of arnold's point, if that server is also acting as the VPN server, it still doesn't require direct exposure to the internet.

Another upside to getting a firewall would be that you can have it take over the VPN duties. I would additionally recommend getting a third party spam filtering solution such as Proofpoint, Mimecast, or Cisco CES. The two steps mentioned in this paragraph will also have the benefit of minimizing the number of systems that communicate with your server from the outside.

Commented:
I would start up resource monitor on the exchange server and just let it run.  When your network slows down, go take a look at it, if you open the networking tab, you can sort the table of consumers using the column headers.  If its Exchange, you will see it.

Of course, the exchange server should not be on a server acting as an Internet gateway as mentioned above.  If outside users need access, I would opt for a firewall with built in VPN along with changing your local gateway foo the the Exchange server -- as mentioned by almost everyone.
AmitIT Architect
Distinguished Expert 2017

Commented:
Use netmon or wireshark tool to find the root cause. If you have Public folder replication, that could be an issue.
budmanludnetwork admin

Author

Commented:
I found that LSA was intermittently using huge bandwidth. Went to Windows Firewall Advanced Security and on inbound rules I changed Active Directory Domain controller-LDAP (UDP-in) changed from Allow to Allow if secure and it solved the issue. Led to this from adding a bandwidth analyzer so I gave the bandwidth answer the points.
budmanludnetwork admin

Author

Commented:
So the key was monitoring the bandwidth. I found that lsa was spiking and trying to use massive amounts of bandwidth. Found a video mentioning this for 2012 and 2019 servers. In the comments I found a really easy fix that seems to work. I went to Windows Firewall Advanced Security and sorted Inbound rules and changed Active Directory Domain Controller - LDAP (UDP-in) and changed from Allow to Allow if it is secure and all my issues have gone away.

BTW, this server is not the gateway to the internet. Another does that work. But, monitoring the bandwidth to see the cause is what I will give the points to.
Distinguished Expert 2018

Commented:
BTW, this server is not the gateway to the internet. Another does that work.
Then why the second NIC with a public IP? The concern was about the server's direct exposure to the internet, not about the machine being a gateway.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial