Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Name: Analyst
Have strange problem where after awhile the SMTP service on the Exchange 2003 (wSP2) server will cause the Internet to slow down with dropped packets and large TTLs. Server sits behind a Sonicwall router and already replaced the router. If I stop the SMTP service Internet immediately goes back to normal. Starting the SMTP service everything is fine for awhile, then symptoms re-appear.
Did cursory virus scan and didn't turn anything up. SMTP service is configured to only accept connections from third party SPAM service (Message Labs). Sonicwall indicates only connections from the MessageLab IPs, even though it seems to have a lot of connections to MessageLabs (about 53).
I had this happen once to an Exchange Server I had running at my home office and a couple reboots seemed to fix it, but this one is still having problems.
Suggestions appreciated.
Assume that I already did an Internet search.
we put in a new sonicwall as replacement for an older model. It was connected to our nortel 8500 backbone switch. We were getting broadcast storms.
Solution was to put the sonicwall on a hp lower end switch.
Broadcasts stopped. Still don't know why. I mention this because what you describe sounds like broadcast storms.
0 
Yeah, I don't see anything in the logs that would explain it. It did this with the old Sonicwall and along with the new Sonicwall.
Assume that I already did an Internet search.
0
Nothing out of the ordinary. I have found though the services packs both for the OS and Exchange are current, other updates are behind. I'm going to try those
Assume that I already did an Internet search.
0
If you're able, put another server (or just use an ordinary client with win 2003 server installed) and route all internet traffic through it temporarily, then install wireshark and log traffic to try and determine where the traffic goes, what it does and so on. For help 'decrypting' the logs (they can be both excessive and hard to interpret) see the wireshark forum. That should give you all the answers you need. It should be enough with a couple of minutes of logged traffic to determine what the problem is.
0
What version of the OS are you running on the Sonicwall? If it is enhanced i can help you to trouble shoot further. Standard OS is farily limited but it can tell you at a packet level with same basic logging features as to what traffic is passing through the sonicwall. Also create a rule/access control on the Sonicwall that only allows the Exchange server to relay on 25 outbound. No other devices on the LAN should be allowed to send SMTP on 25 from the LAN other than the Exchange server.
0
Interesting thing, I remoted into the server today and it didn't seem to be having any problem. TTLs were normal and no dropped packets. Also, none of the open sessions with the MessageLabs IP's I saw before. I called MessageLabs, but they weren't very helpful. I did install Wireshark, so if it happens again I can look more indepth into it.
Thanks all.
Assume that I already did an Internet search.
0  |
 |
 |
| Login or Register to Reply | |
| Login | Register |
| Ads by Google |
