Hi,

We have one Production site(Two mailbox server and Two CAS servers) and DR site (One mailbox server and one CAS server)

ALL database mounted in production site and mailbox servers in DAG.

From send connector, we have enabled "proxy through a Client Access server" in my Exchange 2013.

My query is from production site active mailbox server is utilizing bandwidth data to DR site CAS server. but I have checked there is no CAS server name showing in headers all mails proxying through production site only.

My network team confirmed that  production site active mailbox server is utilizing bandwidth data to DR site CAS server.

Could you please anyone clarify on this.

Regards,

Kumar N

Hi Kumar,

"but I have checked there is no CAS server name showing in headers all mails proxying through production site only"

When you say the above point i think there is a very lean possibility that the connections can go through your DR site CAS server 

How ever i would recommend you to check the below things

1) Run the Command Get-Adsite and Get-Adsitelink to check through which site link the emails are routed.

2) Check if proxy through client access server option is enabled on the DR cas server. 

Hi Kumar, the send connector is just for external mail.

"Front End Transport service on Client Access servers   This service acts as a stateless proxy for all inbound and (optionally) outbound external SMTP traffic for the Exchange 2013 organization. The Front End Transport service doesn't inspect message content, doesn't communicate with the Mailbox Transport service on Mailbox servers, and doesn't queue any messages locally."

Check the following link for more information: 

https://technet.microsoft.com/en-us/library/aa996349%28v=exchg.150%29.aspx

best regards,

daniel

 

Hi Kumar N,

From your description, I would like to clarify the following thing:

When you enable the "Proxy through client access server", outbound email that is being sent via a send connector does not go directly out from the Mailbox server, and instead is proxied through a Client Access server in the site. Your understanding will be appreciated.

Hope this can be helpful to you.

Best regards,

Hi All,

Thanks for replying.

Hi Amy.Wang,

You said point is correct and mails proxied through a Client Access server in the production site only and same showing in email headers. but some data traffic using between DR cas server and production active mailbox server.

I found in DR CAS server port number 444 listing. For your reference in the below.

C:\>netstat -an |findstr "192.168.1.10"
  TCP    192.168.5.10:23185    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:23186    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25369    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25375    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25384    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25402    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25403    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25412    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25459    192.168.1.10:444    ESTABLISHED
  TCP    192.168.5.10:25460    192.168.1.10:444    ESTABLISHED

Hi Sathish,

from the point 2) Check if proxy through client access server option is enabled on the DR cas server. 

How to check it in DR cas server instead of send connector.

Regards,

Kumar N

Hi Kumar 

I was referring proxy through a Client Access server option 

Did you check if you have through which site link the emails are routed ?

Hi Sathish,

Thanks for your reply.

We are not routed through site link for emails.

 Get-adsite

Name                  HubSiteEnabled
----                  --------------
Site1                 False
Site2                 False

Get-adsitelink

Name           ADCost ExchangeCost Sites
----           ------ ------------ -----
Site1-Site2     100                 {abc.etc

Regards,

Kumar N

Hi Kumar,

Just now noticed  that your NetStat results seems to say that this issue could mostly occur. Then there is some real problem going in your end

If you have incorrect certificate bindings on the Exchange Back End web site, it can cause the web services on Exchange 2013 server not to work properly. This incorrect certificate binding will break the connection flow, may be due to that your connections are going through DR CAS server. Always make sure the Exchange Back End certificate bindings for 444 always is configured to use the self-signed certificate.

In addition to the above please check your IIS logs and RPC logs and see if you could see the connections going through your DR CAS server

Let us know if you isolate anything

Good Luck bro !!