I am aware that MS Exchange decode looks at port 135 for the primary traffic, and then auto discovered from the dynamic 54k port ranges to identify the traffic.
However, I am wondering if this auto-discovery of the dynamic port ranges is directly tied to the AMD "Auto-Discovery" option.
Will the pre-defined SWS using port 135 for MS Exchange auto discover the rest of the ports even if the AMD Auto-Discovery is off?
I am asking this as IP Accounting is showing ~8gb of traffic from Exchange to an end user machine, however we aren't reporting a fraction of this.
With autodiscovery turned off for an AMD, the AMD will ignore all traffic sent to it, EXCEPT what is explicitly defined in software service definitions So if you turned off autodiscovery (and published this change), and had an Exchange software service set up to monitor a server (or servers) on port 135, it will only monitor connections from clients that are connecting to port 135 on those servers. It does not care what the client side ports are, unless explicitly defined in the software service. You can add a server port range in the software service definition, say from port 5400 to 5499 if you like, and then the AMD will process all traffic to the servers on those ports.
Another way to go about this (for exchange traffic, anyways) is to use the packaged appllications wizard to add exchange components. Go to Software Services -> Add Software Service -> Packaged Applications. This will allow you to look at live traffic on the AMD, or use a previously filtered and captured traffic trace (recommended in high traffic environments) to define common applications, such as exchange. It will automatically discover various tiers for exchange, and add software services and business unit definitions for you. More information on packaged applications here: Introduction to Packaged Applications
Let me know if this makes sense, or if anything needs clarification.
I made this amendment, however it has not impacted the traffic I am seeing in anyway, only increased the load (As A/D is now picking up other traffic, but no significant increase in Exchange).
Exchange analyzer was able to get the dynamic port from 135-port-control traffic before we invented Autodiscovery feature.
The only requirement is to defined User-Defined Software Service and provide IP:135 pair ...
Does it work for you?