Intermittant Exchange Login Failures

Home Forums Messaging Software Exchange 2000 / 2003 Intermittant Exchange Login Failures

This topic contains 6 replies, has 3 voices, and was last updated by  Paladium 11 years, 7 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts

  • Paladium
    Member
    #122860

    I work in a Security team and am assisting some Exchange admins solve a problem with Exchange. Here’s the deal…

    LAN to LAN traffic
    W2K3 Server SP1
    Exchange 2003 SP2
    WinXP client

    1) Start Outlook on the client
    2) Client machine tries to establish the connection. After that the user is informed that the server was unavailable. Then select “retry” and the client can connect after a few seconds delay.

    – Server load is under 30%
    – No errors at all recorded in the Exchange server logs
    – Firewall logs show successful connection. No drops or out of states.
    – I am told that RPC over HTTPS is not enabled on the server.
    – Client and server are in the same domain, just different VLANs

    So I ran Wireshark to capture the traffic. I am attaching a portion of it in a .txt format file. I have replaced the first two octets with XXX.XXX.

    XXX.XXX.42.38 is the server
    XXX.XXX.118.162 is the client

    Any thoughts on this would be appreciated.

    DC


    m80arm
    Member
    #232825

    Re: Intermittant Exchange Login Failures

    Hi Paladium,

    Good information post!!

    Could it be general network traffic between the two hosts or do you have any filtering between the two vlans?

    Do you experience the same issues with a different XP host?

    Have you tried running exchange in cache mode to see if it makes a difference?

    Michael


    Paladium
    Member
    #283593

    Re: Intermittant Exchange Login Failures

    Thanks for the quick reply Michael!

    There are multiple clients experiencing this issue, across several VLAN’s. Nothing consistent at all. Everything between clients and servers bounces through a firewall. The firewall (Check Point VSX) shows CPU idol time near 85%, so its not stressed at all, and there are no failures/drops/rejects/or out of states in the logs.

    I ran Wireshark on my machine last night and saw the exact same MAPI protocol errors, just as in the capture from another host that I used in this original post.

    It is becoming an increasingly noticeable problem, meaning many people now know about this and its raising the importance of the issue.

    They are not running in cache mode. I do not know why. I am asking them why, but they “seem” to all be out to lunch at the moent…

    Some more background on this MAY be helpful. Here goes:

    About two weeks ago the servers and clients were all on the same subnet, including public facing servers (my team pushed them to split things up for security reasons). So they split the segment into three VLANs. ReIP’d and changed gateways accordingly. They now have a user segment, server segment, and public facing server segment. All segments are required to bounce off the firewall, as you would expect.

    So it “seems” that there may be a latency problem but I have no way of measuring that other then packet capturing the data and looking at the response times.

    Frustrating…

    David


    m80arm
    Member
    #232826

    Re: Intermittant Exchange Login Failures

    If you perform a pathpint to the server are you getting decent responce times back?

    I would configure a workstation on the server Vlan and see what connectivity is like – Just to make sure the issue is not with the Checkpoint firewall.

    Michael


    Lior_S
    Member
    #282433

    Re: Intermittant Exchange Login Failures

    Reading through the log I noticed some fragmented packets, could be an MTU issue during authentication.

    Is there an option for MTU size on the firewall, and do you have ICPM disabled?

    Quote:
    I ran Wireshark on my machine last night and saw the exact same MAPI protocol errors, just as in the capture from another host that I used in this original post.

    can you point that out in the log, I missed it :confused:


    Paladium
    Member
    #283594

    Re: Intermittant Exchange Login Failures

    As it turns out… a recent update to a software package installed a dns element that registered itself on the host… which also happened to be a DC. I don’t have the details, but dns on the DC was screwed up. Or so I’m told…

    Thanks to all for the ideas and thoughts on this. Great community here!

    DC


    Lior_S
    Member
    #282434

    Re: Intermittant Exchange Login Failures

    If you ever do find out, let us know, as now i am just plain curious.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.