Solved

Internet very very slow, basically not working at all

Posted on 2006-10-31
11
238 Views
Last Modified: 2013-11-30
Hello,

All of a sudden our internet at work became very very slow, pretty much not working.

Called the isp and they could not ping our router.  Disconnected our network from the router, then they could ping it.  They said we must have a machine on the network slowing down the internet.  Removed all machines one at a time till we found the problem, which turned out to be the domain controller.  It's running Win 2003 SBS, Exchange 2003.  Rebooted, did a lavasoft adaware se scan and virus scan, not sure what is causing the problem.

What should I do from here?

Thanks.
0
Comment
Question by:mmacdougall
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 5

Expert Comment

by:Austin Texas
ID: 17847869
I'd be willing to bet dollars to dougnuts that someone is using your server to send spam.

Go to the server and open the Exchange System Manager.  Open the Servers branch.  Under the name of your server, click on Queues and tell me if you don't have a bunch of full queues.  A healthy exchange server should show all the queues at or near zero.

If not, open Protocols and SMTP on that same branch and right click the name of your server there to select properties.  In the Access tab click on the Relay button and make sure that you have "only the list below" selected and the list only contains the server's and loopback IP addresses.

Let me know what you find and I'll try to help further.

Thanks - Tex
0
 
LVL 4

Expert Comment

by:tomerlei
ID: 17848282
Trying to replace the NIC could be a worthy check too.
0
 
LVL 20

Expert Comment

by:masnrock
ID: 17849291
Have you tried doing a traffic analysis or even a security check on the DC? TexorcisT assessment is in all likelihood right on the money. That also points out that you need to review your security policy and implementation for your network.
0
 

Author Comment

by:mmacdougall
ID: 17849628
Tex - In the Queue there were 250 or so, but most looked like they were from our company and just couldn't send because the internet was so slow.  I even disabled outbound mail as a test for 5 minutes and the internet was still the same speed.

only the lis below was also selected.

Now today I come to work and everything is back to normal.  I tried to check from home lastnight at say 2am and it was still down.

Now I'm very confused.

Mansrock - whats the best free software to do a simple traffic analysis?  What will is show me exactly?
0
 
LVL 5

Accepted Solution

by:
Austin Texas earned 500 total points
ID: 17849914
MacDougall -

There are a variety of network monitoring tools you can try: NMap, Etherreal, etc.  None of them are really simple as they deal with very raw (packet level) network data.  You might want to setup Ethereal (http://www.ethereal.com/) to log your traffic and then if your server goes heywire again you can review the log to see where that traffic was coming/going.

I would also using the Use Microsoft Baseline Security Analyzer (MBSA) immediatly.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/HTBaseAnal.asp

You might want to seriously consider having a MS Certified Partner consultant with a certified Competancy in security come out and perform a security analysis of your server.

Let me know what happens.  I'm very interested.

Thanks - Tex
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 5

Expert Comment

by:Austin Texas
ID: 17850046
oh...and if you decide to hire a consultant, you can use this to help you find one:
http://directory.microsoft.com/mprd/default.aspx

 - Tex
0
 
LVL 7

Expert Comment

by:imacgouf
ID: 17855839
Hi,

There are free tools to help you
http://www.sysinternals.com/NetworkingUtilities.html

Mind if you check your Events Viewer to see if there are any Applications and Systems Errors during the period
Post it here so we can help check.  EventID and Source
0
 
LVL 17

Expert Comment

by:kadadi_v
ID: 17856056
Firstly check any ports or services are blocked by internet security/firewall or virus infected on your network so download & install the cfports from http://www.nirsoft.net and for network monitor use the NTOP OPEN Extra application from
  www.openxtra.co.uk/downloads/ntop-download.php
Can you completely reset your router to factory defaults and configure again and cehck the dns server settings of your internal & ISP dns server settings . I think any dns server adresses change from ISP so cehck the all details  from ISP .
Also restart the server / workstation services on win2003 server and restart your server machine.


Good Luck
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17861699
Grab the MAC address of your server using ipconfig.  If your using Windows Server then use the builtin Network Monitor to scan for a "chatty NIC"...in other words if your server is sending out huge amounts of data...if it is then see what IP address(s) its sending to and this will greatly reduce where the problem is coming from (if its sending huge amounts of packets to a local IP then its not likely a virus or a hijacking).  Also, if its a chatty NIC then replace it.

Use a performance monitor to check CPU usage,memory usage, page faults, network bytes/sec, dropped bytes/sec, and hard drive read/write useage to try and find some over-worked hardware.
0
 

Author Comment

by:mmacdougall
ID: 17861800
Everything has been working fine for a couple days now, so im not sure what happened.

if it happens again, where can I find the builtin Network Monitor?
0
 
LVL 17

Expert Comment

by:kadadi_v
ID: 17865198
Goto control panel > Add/Remove programs >Add/remove windows components then in Management & networking tools option clcik on detials and add/install the network monitor and give the your O/s cd .Then you can see the network monitor in your control panel>administrator tools.



Good Luck

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now