So, there are tools that make this kinda thing easier in more recent versions of Windows (the Resource Center in Server 2008 R2 can tell you network traffic per program and combining that with TCPview allows you to see which ports).
You need some type of network analysis tool that can help you identify what kind of traffic is passing between the servers. Most good switches/routers support something called Netflow for this. If your environment doesn't support netflow capable hardware, then I'd be looking at something like NTOP, which costs like $50 for Windows. If you can't spend ANYTHING, then install wireshark or netmon (before it happens the next time) and when it happens the next time get a traffic dump and analyze. You'll quickly see that spending $50 is cheap or a few hundred extra for a netflow monitor is cheap. :-P But it'll get the job done. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Dean Lahodny [mailto:dlaho...@harrisranch.com] Sent: Wednesday, July 20, 2011 1:11 PM To: MS-Exchange Admin Issues Subject: High bandwith usage between one of our exchange servers and the front-end server. Our company has three exchange servers and a front-end server. One of the exchange servers and the front-end server reside at our corporate offices and the other two exchange servers are at remote locations. All e-mail comes to our corporate office exchange server and the e-mail destined for users at the remote sites is sent on to their respective exchange server. The front-end server is used for OWA and Active Sync. Occasionally the exchange server at one of the remote sites starts sending an extreme amount of data to the front-end server that basically saturates the T1 link between the sites. This can go on for days, until the remote site exchange server is restarted. The Active sync log does not show an extraordinary amout of hits for any one person. We are running Exchange version 2003 SP2. The exchange servers were configured and set up by our server administrator and he has been unable to determine what is going on. I wish to troubleshoot this because portions of our network are being impacted. Is there a log that can be turned on, or something else that can be done, to determine what traffic is being sent from the exchange server to the front-end server? It seems like some sort of error has occured and the same data is being retransmitted over and over until we break the connection by restarting the remote exchange server. Thanks Dean --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
