DSAccess is a shared Exchange Server component that accesses and stores directory information in a cache. DSAccess dynamically detects the directory servers that other Exchange components should contact, based on criteria such as Active Directory site configuration and Active Directory server availability. Exchange front-end servers use DSAccess to determine which server contains a particular user's mailbox, the Simple Mail Transfer Protocol (SMTP) addresses that exist for a user object, the servers that contain public folder stores, and so on.
DSAccess uses Lightweight Directory Access Protocol (LDAP) for most operations. However, DSAccess still uses RPCs to call the NetLogon service for each domain controller and global catalog server that it discovers.
If you put a front-end server in a perimeter network where you want to restrict RPC traffic between the perimeter network and the corporate network to specific services only, the NetLogon RPC from DSAccess to domain controller and global catalog servers may fail. If this occurs, DSAccess determines that RPC connectivity is just blocked, and that the servers are still available. However, DSAccess continues to send the NetLogon RPC, which may affect performance.
To stop DSAccess from doing the NetLogon RPC check, you can create a registry key. For more information about optimizing DSAccess in a perimeter network, see Configuring DSAccess for Perimeter Networks.
No comments:
Post a Comment