inetinfo.exe causing 99% CPU Usage

[matthudski]

Windows 2k server, all patches all services packs etc. Exchange enterprise. Raid5, Dual PIII 1.3Ghz 1.5Gb ram 40 Users. AD controller but not PDC emulator. No roles installed.

inetinfo.exe runs constantly at about 99%. If I stop the SMTP service it goes back to 0-2% which is what it should be at.

Restarting the various services using MMC and using IIS admin do nothing.

Another thing which Im not sure is a problem or related is store.exe is using huge amounts of memory (150MB), As I have over 1GB spare, it's not a issue just an observation.

I have re-service packed exchange/windows and applied patches to IIS but still having sames problems.

This is realy killing my server..... Any ideas... Please help

Thanks in advance

Matt Hudski
matt@hudski.com

 

[koquito]

Did you check for viruses? Do you have any security on SMTP?maybe someone is relaying on your server.
Are you using firewalls?
Try to log into your server from a workstation, to use the SMTP service with Telnet. Watch if it lets you send emails without authentication. IF that is the case, make sure to block it, by asking for authentication.

A+, MCP, CCNA
marbinpr@hotmail.com

"I just know that I know nothing"
Socrates (469-399 B.C.E.)

 

[matthudski]

Sophos is installed with mailmonitor and all is clean, updated and scanned several times.

I use a checkpoint 2 firewall and have checked for security holes and all seems fine.

I will however check the smtp and see if required logon is activated (I think it is but i check anyway).

Thanks so far, but I still think the problem lies within IIS and is a bug??

Matt

 

[mdlay]

Unfortunately, my money would be on a virus, or unauthorized use (which could also be a virus). You should be able to drill down with performance monitor and track which threads are causing the high cpu use. Once you figure out which thread/process id, and figure out which process it is, you might get an idea what is going on.

I am assuming you don't get this sort of cpu use when you shut down the

http://www service?

If you don't, you might try shutting down your websites one by one, and watch your cpu use as you go for any significant drops.

I have also seen huge hits when pages use a lot of embedded sql, but this should not show up as IIS performance, rather db performance, but thought I would mention it.

M.

 

[matthudski]

I have now ruled out virus, trojan, adware and denial of service etc.

Another thing which I noticed is when I monitored the SMTP service the outbound connection refused goes up by about 10,000 a second (which is far far far too fast. It should only be one or two every hours or so at the most).

This is why I beleive that I was being "hacked" and my smtp relay is being used. As I ave a heckpoint 2 firewal the I beleive this is why the connections are being used.

I have ran a couple of trojan scanners which come up with nothing. Virus scanners (Ive done a few) nothing again.

Another strange thing is my browser seems to be nackered. I cannot view .asp on the web and web I upen control panel, or my computer or c: or any browser controled window I have to hit f5(refresh) before I can see what is in the window....

This is a resonalbily new install running on a very good server (good branded).

Please help before I go ahead and wipe my server and start again.

More info... We have another enterprise exchange server on the same network on a diferent but trusted domain using the this server as a relay, Not much mail comes from it but it does a little bit.

Regards and thanks again

Matt

 

[koquito]

Try to use Network MOnitor on the SMTP server for some minutes, I think it will give you information about where are those requests coming from. If you do not have the service (Network MOnitor) installed, you can do tit by gooing t to the control panel and thenad windows components and MOnitoring tools.
In my opinion is a great tool.
Didi you try blocking incoming smtp connnections from outside your network on your firewall?

A+, MCP, CCNA
marbinpr@hotmail.com

"I just know that I know nothing"
Socrates (469-399 B.C.E.)