Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Slow performance on Ports other than 80

Status
Not open for further replies.
towntopic

towntopic

Technical User
May 15, 2003
103
US
We have a very stange issue happening. I'm not the one who normally handles our server, but our Admin is out of the office all week and something needs to be done. Here's what's happening....

E-mail, messenger, and citrix connections are SUPER slow but the Internet is fine. It seems that performance on any ports other than 80 are extremely bogged down - so slow infact that requests on these ports are timing out. There are no errors within any logs on the server.

The strange thing is that it will all of a sudden come back to normal but then 5 min later be slow again.

Any thoughts?
 
Sort by date Sort by votes
Did you check your firewall logs to see if some insane traffic is coming through on other ports (like if you had a virus, or got hacked and set up as a mail relay)?

Did you look at your mail queues to see if anything looked suspicious?

Are all of the slow services located on the same server?

Line of thinking:
If your internet access is not controlled by a proxy (based on the description you gave, that's how it sounds), then each machine on the network would basically have direct access to the web- bypassing your servers for the most part- so their connection speed remains unaffected. It sounds like the problem resides on a single server, or closely connected group of servers.

If they are all on the same server, see if rebooting it helps (solves 90% of Windows Problems- sad but true!). I would also check your processes and see if any seem strange.

deletion mistake
no I can't recover that
you didn't save it

-Shrubble
 
Upvote 0 Downvote
Well, here's what I've found out. Our ISA server is both a Web Proxy and Firewall. By stopping and restarting the Firewall it seems to have fixed the issue, but I'm not quite sure why. I guess I'll post over in the ISA server section to ask why. Thanks for your thoughts, they got me thinking about how exactly we access the outside world and eventually led me to the ISA server.
 
Upvote 0 Downvote
I'll tell you something- firewalls are weird as all hell. Actually I'm surprised I didn't mention that also, there have been many, MANY occasions in my life when rebooting (or restarting) a firewall has cured a host of bizarre problems. Low end home/small business firewalls are the worst for that kind of stuff, especially when they start to get a little old.

Well, glad it was a simple fix

Cheers

deletion mistake
no I can't recover that
you didn't save it

-Shrubble
 
Upvote 0 Downvote
Ok, more info and the resolution...

After restarting the ISA Firewall the issue would go away for around 10 min or so then pop up again, so I knew something was bogging down our network. Not knowing what to do next I decided to looking into the ISA Server logs and see if I could spot something. Looking at the FWSEXTD(today's date).txt log so that I could see exactly all traffic and the port that was being accessed. Well, after sorting by the port number I saw that out of the 61,000 records almost 59,000 of them were from a particular user on our network through port 445. Immediately I took him off the network ran a virus scan because I knew the korgo virus acted like what the log was showing. Sure enough, his virus definitions weren't updated since May 30th and he didn't even have XP SP1 installed so of course he didn't have any of the security updates for XP and was thus a wide open target. After removing the virus, updating his machine and plugging him back into the network, everything is back to normal. Actually, the second we pulled him off the network and rebooted the server we were good to go.

This makes me so mad because my boss who is technically our System Administrator does a horrible job of maintaining our systems. I told him about Microsoft's new SUS for pushing critical updates down to clients and he's done nothing about it. Oh well, at least I learn a lot about our ISA Server.

Sorry for the rant and for listening. Sometimes the best way to work through a problem to bounce the problem off of someone else.

regards,
john myers
 
Upvote 0 Downvote
Security is a lesson never really learned until you see a compromise in action, believe me. The trick is getting that "spidey-sense" that tells you something's not right, even if it's not obvious.

Rolling out updates and patches can be just as scary as the things they're supposed to protect you from. Many of them can't be undone, and sometimes you find out after the fact that they don't play well with some piece of custom software you're running.

Well.. way to track down the issue without calling in some $175/hour tech! Always a nice feeling...

see ya





deletion mistake
no I can't recover that
you didn't save it

-Shrubble
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
437
DrB0b
DrB0b
zorg2004
  • Locked
  • Question
Cluster CSV Disk Ownership Performance
Replies
0
Views
279
zorg2004
zorg2004
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
342
mikehook
mikehook
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
304
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top