August 25th, 2011, 10:49 PM
Exchange 2010 - Throttling question
So our mail server got moved offsite, and was upgraded to Exchange 2010 sp1.
Ever since then, we've had issues with the new throttling policy.
Basically, when outlook 2003 is used, exchange 2010 has the tendency to block connections after a certain number of attempts, to avoid a DOS.
We've had the people running the server contact microsoft, and they helped develop a new throttling policy for our 2003 users. However, they advised to only apply it to the users experiencing the issue.
Problem is, once a user is 'blocked' by the policy, applying the new policy doesn't allow them to connect. It eventually works, I'm assuming after a timeout period.
My question is, is there a way to unblock, or reset the user on the server side so they can reconnect without waiting hours? The Admin there seems to think that its all on the client side, I disagree. The latest user affected by this is still unable to connect even after upgrading to 2010. It tries to connect, then goes to a disconnected status right away. The Admin does see the connections being blocked on the server logs due to the throttling policy.
I can go through and re enter the server and user's mailbox name, and it all resolves, so communication is working to the mail server from the affected users machine, it just will not allow them to connect....
August 25th, 2011, 11:11 PM
After about 30 minutes of letting it sit connecting/disconnected, it finally connected. It must have some sort of time out period, but there has to be a way to flush this manually...
Bonus if you can tell me how to do it through Exchange Management Shell so I don't have to involve the admin :P
August 26th, 2011, 07:06 PM
I asked a mod on another forum. His reply:
You should be able to alter the throttling policy on a per mailbox basis. Such as temporarily disable/remove it.
If you scroll down in that link you'll find "Managing Client Throttling Policy Settings on a Per-User Basis". All of it can be done through the shell.
August 26th, 2011, 07:20 PM
Thanks for the link. That method is what I am using to apply the new policy, which greatly increases the number of attempts for 2003 users. Problem is, once I set it, they are still unable to connect.
I'm guessing the easy thing to do is to apply this policy before they are locked out, however, the admin and microsoft advised against this, telling us to only apply it to affected users.
So, once set, we still have to wait for some timeout period.
If I can't figure it out, I'm going to insist on another case being opened with microsoft. I'm just trying to avoid this situation by finding the answer myself if possible..
Thanks again for looking!
August 26th, 2011, 09:58 PM
Do you have a large portion of users using Outlook 2003? That software is very old.
August 26th, 2011, 10:07 PM
Yes, mostly because we have some other software that is not compatible with 2007 or 2010. The rest of our users have been upgraded to 2010 already. Unfortunately, to replace the incompatible software system with required hardware, it will cost at least 10k :\
August 26th, 2011, 10:30 PM
If you only have a few 2003 users, one can proactively disable throttling for just those users.
August 26th, 2011, 10:40 PM
That is what I thought too, but the guy administering the offsite server, and Microsoft, both advised against doing that...
Maybe I'll just go ahead and update them to our 2003 policy, which increases the limit.
August 26th, 2011, 11:56 PM
Maybe that's the Microsoft way of pressuring for an upgrade to current software.
I've encountered that mentality before.
August 26th, 2011, 11:59 PM
Oh yea, we've had pressure from Microsoft and the server admin, saying 'just because its technically supported doesn't mean it will be functional'
...uh....yea....ok... wtf does supported mean then??
Anyway, thanks for all the help. I'm just going to apply the higher limit policy to all our 2003 users over a staggered period of time, and if anyone asks, they all had issues :P
By disc0rd in forum AntiOnline's General Chit Chat
Last Post: November 9th, 2003, 12:52 PM
By Dr_Evil in forum Microsoft Security Discussions
Last Post: November 2nd, 2003, 04:52 AM
By phishphreek in forum Miscellaneous Security Discussions
Last Post: August 22nd, 2003, 02:23 AM
By Alcatraz in forum Newbie Security Questions
Last Post: July 9th, 2003, 08:34 AM
By tonybradley in forum Microsoft Security Discussions
Last Post: June 30th, 2003, 09:57 PM