Eschange Server inaccessible through My Network Places 1

[cY2k]

Our Exchange Server periodically throughout the day becomes inaccessible. People using Outlook 2000 can no longer contact the Exchange Server, and trying to find the Exchange Server through My Network Places also seems like the server is not there.

However, on a computer that is using Outlook 2003, the Exchange Server is accessible and email seems to function correctly, although through My Network Places, it is still not available.

Pinging the IP address of the server comes back with a normal response, so the server is there...

Anyone got any ideas?
Thanks.
-curtis

 

[kmcferrin]

Outlook 2003 by default uses a cached Exchange mode when connecting to Exchange servers. This basically creates a local cache of your Exchange mailbox on the local PC so that you can access it during periods when the server is unavailable. This works well for remote/laptop users, and situations such as this. The cached Exchange mode is probably the reason that Outlook 2003 clients aren't seeing the problem.

I would start by examining the Exchange server. Check the event logs to see what's going on during the periods of unavailability. You might try opening a remote desktop session to the server and keep it running all day to see if you lose connection, or if it's only the Outlook clients that lose connection. A ping is a simple ICMP echo request and doesn't take much to respond. A MAPI connection takes a little more effort to make and maintain.

See if you can monitor traffic for the server using a sniffer or something similar. Check CPU and memory usage. Make sure that the server isn't periodically rebooting. Check free disk space on all drives. Verify that you're not at or near the size limit for your Exchange databases. Check in the Exchange forum for more Exchange-related tips.

It's possible that your server is being flooded with traffic at various points during the day. This could be legitimate traffic or illegitimate traffic (spam, worms, etc). Check for both.

Check and see if any other client/server apps are having similar problems. If they are, this could be indicative of a general network issue and not an Exchange problem (I had something similar that turned out to be a misconfigured router).

 

[DColcl]

I have the same problem with one of my clients. I found that the Exchange server was going down from time to time. After investigating, I found that the entire server was acting as if it were being disconnected from the network, although the server itself was still running. I did, however, find a lot of junk of client workstations and when I removed all this freeware that the users had downloaded (you know, the ones that allow you to put smiley faces on emails, etc) the server seem to loose connection less frequently. Coincidence? <shrug>.

As for me, it turns out that the server's WEIRD configuration is causing most of the issues. However, to be sure of this I would like to test the network bandwidth and eliminate this possiblity.

KMC, are there any good snifers out there that are free or will I have to go out and purchase one?

Danny

 

[kmcferrin]

Ethereal is a good free sniffer.

 

[cY2k]

Ok, here's an update. You mentioned running Remote Desktop all day, to see if the connection goes down. I don't have XP, so I used TightVNC instead. I left a connection to the Exchange Server open all day, and it never went down. But get this, no one's Outlook program lost connection to the Exchange server either, all day. Could that have had anything to do with having TightVNC connected?

It can't be just a coincidence, because we haven't had a day without Outlook issues in weeks. Thoughts?

Thanks so much for all the help thus far!
-curtis

 

[kmcferrin]

The good day probably had nothing to do with VNC being installed, but was just a coincidence. BTW, you can also download a version of the Remote Desktop/Terminal Services client from Microsoft. It is available here:

http://www.microsoft.com/downloads/...21-D48D-426E-96C2-08AA2BD23A49&displaylang=en

I think that it does a better job of screen redraws than VNC, and I seem to have fewer problems with it.

Have you tried any of the other tips? It could even be possible that you have a compromised PC that is generating large amounts of traffic to the Exchage server. If that were the case and that PC wasn't turned on yesterday, then that could explain the problem-free day. Or if you are being used as an open spam relay, potentially you had a day where your server wasn't being abused.

 

[cY2k]

Thanks for the Remote Desktop link, that worked great.

I'm going to try to monitor traffic and see if anything looks suspicious.

Good idea about a compromised PC that was simply not on yesterday. We didn't have any problems today either, so I'll have to see if I can track down which users' computers were not on yesterday or today, and check those workstations.

The only other general network issue that I've noticed, and its only on one workstation, is that when microsoft office documents are saved to a network drive, sometimes it comes back with an error that the drive is full, when it is not. Some people have speculated that that could be a network issue too, but I'm really not sure yet.

 

[cY2k]

okay, update.

The server has locked up like it has been doing for a while, and I checked the Task Manager, and LSASS.exe is running at 99% CPU constantly... I read that this has to do with logging people on to the network, but that it also could be infected with a virus. Any ideas?

Also, I ran Ethereal and something that seemed strange was that in the course of a minute and a half, there were TONS of querys from our Exchange server's IP to a bunch of different IPs for the domain zilker.net, which doesn't even have a webpage, and comes up registered with XO Communications... could this be some kind of indication of Spam or Relaying or something like that?

Thanks
-curtis

 

[kmcferrin]

Could be. If the traffic is using port 25 then that would be SMTP (email) traffic, potentially spam. If you're seeing a lot of traffic to a strange domain then I would be suspicious. I would start running anti virus scans and installing security patches.