Throttling Policy in Exchange 2010
What is Throttling?
In previous versions of Exchange there was no centralized way to control activity a single user was able to do on Exchange server. Exchange 2010 introduces a new feature called Throttling. The throttling concept of Exchange 2010 allows an administrator to control how much activity a user can perform against an Exchange 2010 client access server.
In this post we will discuss about how to view, modify an existing client throttling policy. We will also cover how can we create and apply a new throttling policy as per our need.
Throttling framework implements a limit based system that tracks a single user’s actions and drops requests when the user has gone over. In Exchange 2010 the throttling framework limits users based on the following:
Number of open concurrent connections
Time spent in connective to client access server
Time spent performing Active Directory look ups and calls
Time spent performing mailboxes RPC calls
Limit number of mail messages that can be sent
Client Throttling Policy
Client Throttling policy is group settings that can be used to control how much resources that a user or connection can use against Exchange organization. Throttling policies can only be used against users that are using Exchange 2010 servers.
Throttling policy can be created to make sure that users are not eating up Exchange 2010 CAS Server resource knowingly or unknowingly.
Throttling policies are stored in the following location in active directory.
CN=Global Settings, CN= Exchange Org, CN= Microsoft Exchange , CN=Services, CN= Configuration, DC= Domain, DC = COM
Throttling Policy Components
Exchange ActiveSync, IMAP, POP, Exchange Web Services, OWA & Windows Powershell are the components that can be controlled using default throttling policy or custom throttling policy .
Throttling Policy Parameters
Throttling policy components are governed by following policy parameters.
MaxConcurrency : Maximum concurrent connections a user can have against Exchange 2010 server at a given time.
PercentTimeInCAS : Percentage of a minute that can be spent running CAS code.
PercentTimeInAD : Percentage of a minute that can be spent running LDAP requests.
PercentTimeInMailboxRPC : Percentage of a minute that can be spent running mailbox RPC requests.
Create, Manage, Remove Throttling Policy
We can use the exchange shell to manage throttling policies
- Get-ThrottlingPolicy (displays/reads the policy)
- New-ThrottlingPolicy (Creates new policy)
- Set-ThrottlingPolicy (Modify existing policy)
- Remove-ThrottlingPolicy (Delete the policy)
1. Get-Throttling Policy (displays/reads the policy)
Anonymous connection to user’s calendar and Cross Premise connection to exchange server was introduced in Exchange 2010 SP1.
EASMaxDevices limits the number of active EAS partnerships per user.
EASMaxDeviceDeletesPerMonth limits the number of EAS partnerships a user can delete per month.
EWSMaxSubscriptions limits the number of Push and Pull subscriptions per CAS server.
EWSfastSearchTimeoutInSeconds determines the timeout for EWS searches.
EWSFindCountLimit caps the number of items returned for EWS searches.
MessageRateLimit limits the number of messages a user can submit.
RecipientRateLimit limits the number of recipients a user can address per 24 hour period.
ForwardeeLimit limits the number of recipients for Inbox forward/redirect actions
For more information on these parameters Please go through below article
2. New-ThrottlingPolicy (Creates new policy)
Requirement – Create a throttling policy that restricts a user to be able to only execute 10 destructive cmdlets in 60 seconds.
Run the command as mentioned in below figure.
3. Set-ThrottlingPolicy (Modify Existing Policy)
Requirement – Modify throttling policy to restrict a user to be able to only execute 20 destructive cmdlets in 60 seconds.
Run the first command as shown in below figure.
4. Remove-ThrottlingPolicy (Delete the Policy)
Requirement – Remove existing throttling policy name Testpolicy
Note – Before removing throttling policy please make sure it is not applied on any mailbox. If this policy applies to any mailbox please reset the throttling policy on that mailbox using Set-mailbox command.
Run the command as shown in below figure.
How to Apply throttling policy on mailbox.
We can apply throttling policy on mailbox using Set-mailbox command.
We cannot apply throttling policy on mailbox using Exchange Management Console.
How does Throttling Work?
Here Budget is generated from the throttling policy is based on how much activity a user is allowed to perform for 1 minute.
Throttling Policies and Caches
The throttling policy framework that Exchange uses works off a "frequency of use" cache. By default, when a throttling policy is first accessed, the process that is using that policy will load it from Active Directory and stick it in a process-wide cache for a *minimum* of 5 minutes. If no one else in that process accesses that policy from the cache, it will expire after 5 minutes so that any future calls will pick up the new data from Active Directory. However, if that policy *is* used over and over and over again, it will extend the life of that policy in the cache up to 15 minutes. After 15 minutes, the policy will expire and an up-to-date version will be loaded.
If you cannot wait for the 15 minutes to pass, you will need to cycle the process.
Important Note: – When you create a custom (new) throttling policy, any parameter that is not configured will inherit the values from the default policy.
Exchange code has a class called “FallbackPolicy” which is a throttling policy that has hard coded values. During exchange server installation, the values for the default policy are copied from the fallback policy in code. After copying the values from fallback policy, there is no “Association” between the fallback policy and default throttling policies. We can easily modify default throttling policy as it is simply an AD object but we cannot modify fallback policy since it is hard coded.
When doing throttling policy lookups for any user, Exchange uses a basic fallback path where if exchange server can’t read the explicitly assigned policy, It fallbacks to the default. If it can’t read the default throttling policy, it falls back to the fallback policy. Now, when I say that Exchange server “Can’t” read the throttling policy, I mean that there is *complete* failure in reading the policy. For any parts that it doesn’t recognize, it simply ignores them.
Throttling is very useful in most of the situation, but you need to be extra careful while implementing the same. The client throttling can have negative impact if you are using a BES (Blackberry enterprise server) server, so it is always better to assign a new policy to the besadmin account to have uninterrupted Blackberry operation.
Hope this helps you to understand what is throttling policy in exchange 2010.
Please email at email@example.com for any queries or feedback.