Noticed at about noon that no emails had been received all day.Began to investigate and found that the MS Exchange Transport service had been set to deny email submission because it was using too much memory on the server (91%). The error message makes me think that we may have been getting used by malware or something similar.“The Microsoft Exchange Transport service is rejecting message submissions because the service continues to consume more memory than the configured threshold.”
There are also several warning messages that list particular IP addresses and say that a connection from that IP was denied because there were already the maximum number of connections (20). From what I can tell, all of the IP addresses are from Taiwan. The time period for which some emails may be missing is from close of business yesterday ( 4/3/2014) through about 12:45 today (4/4/2014). From the time I spent reading and trying to figure out the error, I think we may need to readjust our throttling policies to prevent this from happening. The exchange server is currently running at 90%+ CPU and 50%+ memory usage the majority of the time, and I’m not sure how to fix it.
Also, I cannot get into EMS I get a access denied message from the destination computer. (Exchange server) I want to get into there to change the throttling policy back to default, since we disabled it.
The Error reads:
The WinRM client cannot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer <Exchange> returned an 'access denied' error. Change the configuration to allow Kerberos authentication mechanism to be used or specify one of the authentication mechanism supported by the server. (How do I do this?) To use Kerberos, specify the local computer name as the remote destination. (I'm trying to use EMS while logged into the local Exchange server) Also verify that the client computer and the destination computer are joined to a domain. (Exchange is on our domain, and the computer trying to connect is the same computer) To use basic, specify the local computer name as the remote destination, specify Basic authentication and provide user mane and password. Possible authentication mechanisms reported by server.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
I assumed control of this exchange system already in place and I do not have much experience with exchange 2013 or server 2012. I do know 2008, but that doesn't help very much in this situation.
Recent changes to the system:
About three days ago we switch our sessions policy to allow many more connections, and I believe this caused the issue. This is what I changed it to:
Made the registry DWORD (32-bit) "Maximum Allowed Sessions Per User" and modified the value to 1000. Location of registry change @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
I just changed it to 10 from the 1000. I'm hoping this solves this. So far no.
Also, I am not the best in the shell or command line interfaces. Any help would be wonderful!