The servers are both 2003. So the Resource center is not available For what it is worth, I was using the free version of Solar Winds NetFlow analyzer and that led me to determine that the majority of the traffic was from port 80 on the server that exchange is on to various ports on the front-end server. The top five of the ports are 23584, 19687, 20315, 24698, and 24158. Not knowing what types of traffic and which ports that would be used by exchange to send the information to either OWA or active sync I was hoping to find a log that might be easier to read than a trace from wireshark.
-----Original Message----- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, July 20, 2011 11:37 AM To: MS-Exchange Admin Issues Subject: RE: High bandwith usage between one of our exchange servers and the front-end server. So, there are tools that make this kinda thing easier in more recent versions of Windows (the Resource Center in Server 2008 R2 can tell you network traffic per program and combining that with TCPview allows you to see which ports). You need some type of network analysis tool that can help you identify what kind of traffic is passing between the servers. Most good switches/routers support something called Netflow for this. If your environment doesn't support netflow capable hardware, then I'd be looking at something like NTOP, which costs like $50 for Windows. If you can't spend ANYTHING, then install wireshark or netmon (before it happens the next time) and when it happens the next time get a traffic dump and analyze. You'll quickly see that spending $50 is cheap or a few hundred extra for a netflow monitor is cheap. :-P But it'll get the job done. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Dean Lahodny [mailto:dlaho...@harrisranch.com] Sent: Wednesday, July 20, 2011 1:11 PM To: MS-Exchange Admin Issues Subject: High bandwith usage between one of our exchange servers and the front-end server. Our company has three exchange servers and a front-end server. One of the exchange servers and the front-end server reside at our corporate offices and the other two exchange servers are at remote locations. All e-mail comes to our corporate office exchange server and the e-mail destined for users at the remote sites is sent on to their respective exchange server. The front-end server is used for OWA and Active Sync. Occasionally the exchange server at one of the remote sites starts sending an extreme amount of data to the front-end server that basically saturates the T1 link between the sites. This can go on for days, until the remote site exchange server is restarted. The Active sync log does not show an extraordinary amout of hits for any one person. We are running Exchange version 2003 SP2. The exchange servers were configured and set up by our server administrator and he has been unable to determine what is going on. I wish to troubleshoot this because portions of our network are being impacted. Is there a log that can be turned on, or something else that can be done, to determine what traffic is being sent from the exchange server to the front-end server? It seems like some sort of error has occured and the same data is being retransmitted over and over until we break the connection by restarting the remote exchange server. Thanks Dean --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist *This email message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, or exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email or telephone and delete or destroy all copies of the original message --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist