Announcement

Collapse
No announcement yet.

Slow RPC over http access to Exchange 2003 server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Slow RPC over http access to Exchange 2003 server

    I've got an Exchange 2003 SP2 server (called Exchange2) with separate front end server called DMZExchange.

    I've had RPC over http access working for Outlook 2003 OK, but suddenly it seems to have gotten very slow. The connect is OK, and the mailbox even displays the message list in a reasonably snappy manner. But when the user tries to open a mail message, the downloads seem to happen at a few KB/second. Opening a 1Mb message may take over a minute.

    I've just now been testing this from a notebook which is not a member of the domain but is connected to the local network. If I let Outlook use TCP/IP everything works fine; nice and quick. But if I toggle over to use http for Fast networks (thus forcing RPC over http) everything is slow.

    Access via OWA is reasonably good, which would seem to indicate that the http performance of the server is OK.

    Looking at the Application event logs on both servers showed nothing related to this.

    Any suggestions?

  • #2
    Re: Slow RPC over http access to Exchange 2003 server

    When you use RPC over HTTPS internally, does it connect to your frontend server or your backend server?
    Going by the name of your frontend server, is that located in a DMZ? Any reason for that? Do you think it has increased your network security?

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Slow RPC over http access to Exchange 2003 server

      Yes, the front-end server is located in a DMZ. I'm not sure it has really increased security in our case, but that's the way it was designed. That server has full access through the firewall to the main Exchange server and vice-versa.

      Internal use of RPC over http is through the DMZ, too, and is also slow. Internal access via TCP/IP is not through the DMZ, and is fast.

      But access to the DMZ via webmail, whether internal or external, is through the DMZ machine, and is fast. And POPing mail from the DMZ machine from outside the building is fast, too.

      Comment


      • #4
        Re: Slow RPC over http access to Exchange 2003 server

        You cannot really compare OWA/POP3 traffic to regular Outlook traffic as it is very different. I also suspect that going out to the DMZ for internal traffic and then coming back in again doesn't help. That is certainly not something that I would have done.

        If I was faced with what you have, the first thing I would be doing is bringing the frontend server inside the network and closing the ports. Just because someone else designed the solution in that way doesn't mean it was right.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Slow RPC over http access to Exchange 2003 server

          So far as I know, a DMZ is really the best protection in this design. And all the connections are 100Mbit, I really doubt the traffic going through the DMZ is all that bad. I can read data to/from the DMZ box at 8 megabytes a second, so I'm pretty sure there's nothing wrong with the network connections...

          Also, with this exact hardware layout, it used to perform well.

          One thought; could it be an issue with a local firewall on the PC? As I recall, for example, Outlook was slow on a computer with the Windows firewall running unless you added it as an exception.

          Hmm, doesn't seem to help unless I need to reboot to get the firewall changes to take. I'm trying this from home now over a standard 1.5Mb DSL line. I've got the Exchange connection status window open and it's seeing an average response of 325-400ms. That seems awfully slow unless it's getting big chunks of data when it gets some of those packets.

          Most of the messages I'm dealing with have large attachments. The painful messages are the ones that are 1-5Mb in size because of attachments. It looks as if Outlook typically snatches the attachments when you open them, not when you open the message (but that may depend on message formatting).

          Any comments?

          Comment


          • #6
            Re: Slow RPC over http access to Exchange 2003 server

            Take a look at the following article.

            http://support.microsoft.com/default.aspx/kb/331320/

            Comment


            • #7
              Re: Slow RPC over http access to Exchange 2003 server

              If you continue to feel that Exchange in the DMZ is the "best" protection then I would suggest that you take a look at my blog posting on the subject.
              http://www.sembee.co.uk/archive/2006/02/23/7.aspx

              Any network admin who cares about security of their network would not allow an Exchange server in to a DMZ for one reason alone - it needs port 135 open. You then get further complications with the firewall that basically means the firewall has so many ports open it is like swiss cheese.

              This sounds like classic firewall interference. I would have said MTU on the router but that wouldn't account for the slow performance internally.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Slow RPC over http access to Exchange 2003 server

                I agree with Sembee. The fact that your DMZ machine has full access to your internal Exchange server means that if a hacker compromises and takes over the DMZ machine then they have full access to your internal machine and through it to the rest of your network. You are better off allowing ports 25, 80, and 443 directly to your internal Exchange server and getting rid of the DMZ machine.

                Comment


                • #9
                  Re: Slow RPC over http access to Exchange 2003 server

                  Originally posted by joeqwerty View Post
                  Take a look at the following article.

                  http://support.microsoft.com/default.aspx/kb/331320/
                  Joe, that article has files from 2002; I'm pretty sure that was rolled into XP SP2 if not earlier. Indeed, I just checked and the file on my system has a version number of "5.1.2600.2180", which is newer than what is referred to in the Hotfix. However, I will congratulate you on finding something related to this in the MSKB, as I certainly was not.

                  Is it possible that this is an interference on the local machine, a firewall interference similar to what happens with Outlook and a local Exchange server where you have to add Outlook.exe to the firewall exception list or you don't get notified of new mail except by a polling process?

                  Comment


                  • #10
                    Re: Slow RPC over http access to Exchange 2003 server

                    I suppose it could be, although if the firewall was blocking it I suspect that it wouldn't work at all rather than just being slow. What might be happening is that if the firewall is turned on it might slow it down because the firewall is having to inspect every packet. Try turning it off on both ends and see what happens.

                    Comment


                    • #11
                      Re: Slow RPC over http access to Exchange 2003 server

                      Just a thought. Is it possible that the anti virus is slowing this down by scanning the mail on this "segment"? I have seen a 10 second query on a server based database slowed to 15 minutes due to the A/V scanning the network.
                      1 1 was a racehorse.
                      2 2 was 1 2.
                      1 1 1 1 race 1 day,
                      2 2 1 1 2

                      Comment


                      • #12
                        Re: Slow RPC over http access to Exchange 2003 server

                        Originally posted by biggles77 View Post
                        Just a thought. Is it possible that the anti virus is slowing this down by scanning the mail on this "segment"? I have seen a 10 second query on a server based database slowed to 15 minutes due to the A/V scanning the network.
                        There's no AV running on the Exchange server or the DMZ Exchange server. The firewall is a GTA GB-Ware appliance, so no scanning is done there. There is AV running on the workstation. All incoming mail is scanned by an external service (Postini) for viruses and spam.

                        Comment

                        Working...
                        X