We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Internet very very slow, basically not working at all

Medium Priority
261 Views
Last Modified: 2013-11-30
Hello,

All of a sudden our internet at work became very very slow, pretty much not working.

Called the isp and they could not ping our router.  Disconnected our network from the router, then they could ping it.  They said we must have a machine on the network slowing down the internet.  Removed all machines one at a time till we found the problem, which turned out to be the domain controller.  It's running Win 2003 SBS, Exchange 2003.  Rebooted, did a lavasoft adaware se scan and virus scan, not sure what is causing the problem.

What should I do from here?

Thanks.
Comment
Watch Question

Austin TexasSystems Engineer
CERTIFIED EXPERT

Commented:
I'd be willing to bet dollars to dougnuts that someone is using your server to send spam.

Go to the server and open the Exchange System Manager.  Open the Servers branch.  Under the name of your server, click on Queues and tell me if you don't have a bunch of full queues.  A healthy exchange server should show all the queues at or near zero.

If not, open Protocols and SMTP on that same branch and right click the name of your server there to select properties.  In the Access tab click on the Relay button and make sure that you have "only the list below" selected and the list only contains the server's and loopback IP addresses.

Let me know what you find and I'll try to help further.

Thanks - Tex

Commented:
Trying to replace the NIC could be a worthy check too.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Have you tried doing a traffic analysis or even a security check on the DC? TexorcisT assessment is in all likelihood right on the money. That also points out that you need to review your security policy and implementation for your network.

Author

Commented:
Tex - In the Queue there were 250 or so, but most looked like they were from our company and just couldn't send because the internet was so slow.  I even disabled outbound mail as a test for 5 minutes and the internet was still the same speed.

only the lis below was also selected.

Now today I come to work and everything is back to normal.  I tried to check from home lastnight at say 2am and it was still down.

Now I'm very confused.

Mansrock - whats the best free software to do a simple traffic analysis?  What will is show me exactly?
Systems Engineer
CERTIFIED EXPERT
Commented:
MacDougall -

There are a variety of network monitoring tools you can try: NMap, Etherreal, etc.  None of them are really simple as they deal with very raw (packet level) network data.  You might want to setup Ethereal (http://www.ethereal.com/) to log your traffic and then if your server goes heywire again you can review the log to see where that traffic was coming/going.

I would also using the Use Microsoft Baseline Security Analyzer (MBSA) immediatly.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/HTBaseAnal.asp

You might want to seriously consider having a MS Certified Partner consultant with a certified Competancy in security come out and perform a security analysis of your server.

Let me know what happens.  I'm very interested.

Thanks - Tex

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Austin TexasSystems Engineer
CERTIFIED EXPERT

Commented:
oh...and if you decide to hire a consultant, you can use this to help you find one:
http://directory.microsoft.com/mprd/default.aspx

 - Tex

Commented:
Hi,

There are free tools to help you
http://www.sysinternals.com/NetworkingUtilities.html

Mind if you check your Events Viewer to see if there are any Applications and Systems Errors during the period
Post it here so we can help check.  EventID and Source
kadadi_vIT Admin
CERTIFIED EXPERT

Commented:
Firstly check any ports or services are blocked by internet security/firewall or virus infected on your network so download & install the cfports from http://www.nirsoft.net and for network monitor use the NTOP OPEN Extra application from
  www.openxtra.co.uk/downloads/ntop-download.php 
Can you completely reset your router to factory defaults and configure again and cehck the dns server settings of your internal & ISP dns server settings . I think any dns server adresses change from ISP so cehck the all details  from ISP .
Also restart the server / workstation services on win2003 server and restart your server machine.


Good Luck
Grab the MAC address of your server using ipconfig.  If your using Windows Server then use the builtin Network Monitor to scan for a "chatty NIC"...in other words if your server is sending out huge amounts of data...if it is then see what IP address(s) its sending to and this will greatly reduce where the problem is coming from (if its sending huge amounts of packets to a local IP then its not likely a virus or a hijacking).  Also, if its a chatty NIC then replace it.

Use a performance monitor to check CPU usage,memory usage, page faults, network bytes/sec, dropped bytes/sec, and hard drive read/write useage to try and find some over-worked hardware.

Author

Commented:
Everything has been working fine for a couple days now, so im not sure what happened.

if it happens again, where can I find the builtin Network Monitor?
kadadi_vIT Admin
CERTIFIED EXPERT

Commented:
Goto control panel > Add/Remove programs >Add/remove windows components then in Management & networking tools option clcik on detials and add/install the network monitor and give the your O/s cd .Then you can see the network monitor in your control panel>administrator tools.



Good Luck

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.