Re: Exchange Front End stops communicating with DC
- From: Saurabh <Saurabh@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Apr 2007 00:06:02 -0700
Well the issue is still not clear...
let us know : ---->>
1. After seeing the banner during telnet did u drop an email from FE to BE ?
did that get delivered ?
2. Which firewall are u using ? is that a PIX, watch guard, or what ?
3. Open the appropriate ports ..like check for SMTP (25) , LDAP (389)..etc
etc
4. Try taking a netmon trace and see what happens ?
5. What are the third party installed on the server ? anti - virus etc.
6. Also check the number of RPC counts made to FE using the EXTRA..tool
(www.exbpa.com)
check the app logs and increase the diagnostic logging and see which service
is failing ??
if possible send the app logs to me in email and lemme see
Regards
Saurabh Bhushan
"johnny_mango" wrote:
Hi, thanks for your response..
The weird thing is that it had been working well for various weeks and then
just stopped working the way it was expected to.
Anyway, to clarify, the firewall, to eliminate communication issues, was
permitting all ports between the back end and the front end.
I´d like to add that we also moved the front end from the DMZ and into the
internal network with the same results. I take it, from your advice, the best
place to place the front end server would be in the internal network?
Thanks again.
"Mark Arnold [MVP]" wrote:
On Mon, 2 Apr 2007 11:06:02 -0700, johnny_mango
<johnnymango@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi there,
We have a strange issue with a front and back end scenario. This client has
a front end server, Exchange 2003, in the DMZ between 2 firewalls. Upon
installing the front end, everything was fine for 5 mins or so, after which
it gradually went to pot, IIS administration couldn´t be opened, Netlogon
errors, RPC errors, couldn´t contact the DC. However, telnets were fine, you
could even see the Exchange banner on the front end, pings to DC fine by name
or IP. Couldn´t, however, open the exchange Administrator console, all the
services used by Exchange went down.
Then we moved the front end to the internal network to do testing, and it
was the same (therefore not a firewall issue.)
After that we formatted the server and repeated the porcess with the same
results.
I am thinking it is an RPC attack. But then why does it only affect the
front end and not the back end? At the moment we have left them with only the
back end, however it is being attacked by spam, but thankfully isn´t
suffering the problems of the front end.
Thanks in advance for any help you can give me.
Get the Exchange server out of the DMZ (or airgap, whatever you want
to call it) since it's not the right place.
You didn't say anything about what ports are open through the internal
firewall. To have an Exchange server in that configuration you need a
mental amount of ports open, enough to render the internal firewall
useless.
So, configure the environment correctly and then test it all again.
- Follow-Ups:
- Re: Exchange Front End stops communicating with DC
- From: johnny_mango
- Re: Exchange Front End stops communicating with DC
- References:
- Re: Exchange Front End stops communicating with DC
- From: Mark Arnold [MVP]
- Re: Exchange Front End stops communicating with DC
- Prev by Date: Re: Can I to Forward Exchange 2003 mail to an external POP3 account?
- Next by Date: Mails stuck in "vsi 1\Queue" folder - but doesn't appear in System Manager Queue view
- Previous by thread: Re: Exchange Front End stops communicating with DC
- Next by thread: Re: Exchange Front End stops communicating with DC
- Index(es):
Relevant Pages
|
