Some issues come, wondering why we could not suspend/delete AD accounts very quickly.
- 200 account from BLC were taking over 30 minutes;
- 1000 accounts was taking over 2 hours to complete
A review of the IMPS server and AD endpoint; shows that a default Exchange Gateway is defined.
The IMPS server will auto query the Exchange server if the AD account is being modified or created.
Depending on the use-case; 2 or 3 files will be created under the IMPS/logs/ADS folder for Exchange.
When the number of files increases significantly, this has an impact of the I/O performance of the OS; and IMPS response.
Additionally, the number of bulk changes, was overwhelming the Exchange servers default throttle limit for the IM service account used to manage Exchange access.
Below are screen shots captured from the client environment.
Over 76K files. The folder was slow to respond even with Windows Explorer.
Sorting the files; and view any of the return status from the Exchange server captures the message about the throttle limit of 18 concurrent shells.
- Use Win Scheduler and forfiles command to zip or delete older files
Use forfiles.exe (ships with Win2k3 and Win2k8) in a nightly scheduled batch job to remove the CAM/CAFT .txt files
forfiles /s /m <pathToCamCaftFiles>\*.txt /d -1 /c "cmd /c del @file"
- Contact the client's Exchange team
- Have them create a new throttle limit for just the IM service account
- Increase the limit to 100 concurrent connections.
- This number will work with the I/O and the modified timeouts
- Exchange Admin may create a new Throttling policy to be used by select user accounts
Example: New-ThrottlingPolicy MaxPowershell -PowerShellMaxConcurrency 100
- Exchange Admin would then apply this new throttling policy for the IM service account on the Exchange server.
Example: Set-Mailbox "User Name" -ThrottlingPolicy MaxPowershell
Justification: Scenario: 2000 creations from IME BLC. Exchange able to create user mailbox in 20 seconds. Timeouts bumped to 600 seconds
18 session pool: 2000 * 20 / 18 = 40,000 seconds / 18 = 2222 seconds = < 40 minutes (Expect 5-10% failure due to timeout over 600 seconds)
100 session pool: 2000 * 20 / 100 = 40,000 seconds / 100 = 400 seconds = < 5 minutes [Expect no failures]
- Increase the default timeouts of the IM Exchange Agent to 600 seconds from 30 seconds.
On Exchange server: Increase timeout of HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\Identity Manager\Ex2k7AgentTimeout 600 seconds.
On IMPS servers(all): Set the environmental variables, then bounce the im_ccs service. ADS_E2K_SEND_DC=1 & ADS_CONFIRM_MAILBOX 600 seconds.