Solved

inetinfo.exe affecting exchange delivery

Posted on 2008-06-16
13
1,454 Views
Last Modified: 2011-10-19
hi all, we are experiencing strange problems on our server, a few weeks ago our exchange server logs started to take up all our hard drive space , i then moved them to another drive as they were using up all drive resources, now our server which is both file server and exchange server, has aa process inetinfo.exe which seems to fluctuate wildly its size was 755,556k last week then very low after i ran updates but now its getting larger 126,556k, is this affecting exchange performance, users are complaining  that mails are received 2 days later than when sent, i tested the mail delivery and realized the same any ideas on how i can fix this, is it a possibly a virus affecting inetinfo.exe
0
Comment
Question by:cstephen100
  • 6
  • 6
13 Comments
 
LVL 21

Expert Comment

by:suppsaws
ID: 21792578
Hello cstephen100,

If the exchange logs are eating up HD space, do you have a backup working on the server? If so the backup program should delete the logs automatically.
What do you see in the eventlogs actually?
Where is the inetinfio.exe file located on the HD?
http://www.symantec.com/security_response/writeup.jsp?docid=2005-102514-0353-99&tabid=2
it should be about 14k in size normally, and should be located under C:\WINDOWS\System32\inetsrv

Regards,

suppsaws
0
 
LVL 21

Expert Comment

by:suppsaws
ID: 21792592
cstephen100,

btw, what about you mail flow, are there any mail in the exchange queue?
You mean it's eating up all memory or HD space?

suppsaws
0
 
LVL 8

Expert Comment

by:greesh_hem
ID: 21792616
Run the Exchange Performance Troubleshooting analyzer (EXPTA) when the issue reoccurs and it will help in pointing to the root cause of the issue.
0
 
LVL 21

Expert Comment

by:suppsaws
ID: 21792626
0
 

Author Comment

by:cstephen100
ID: 21794762
hi thanks for your assistance the inet info file is in the correct location :C:\WINDOWS\System32\inetsrv i noticed that there was also a inetinfo dump file on the c drive  & if i check the processes tab under task manager i see that the inet.info process is taking  up 254,655k memory usage this figure fluctuates and has doubled since i checked it earlier today, the reason i think that this is related to the mail flow ia i read article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q291248 which states ""XIMS: High CPU Use by Inetinfo.exe Process Degrades E-mail Delivery""
I dont see any errors in event viewer or queed msgs but they are definatly delayed when sending , i ran EXPTA which pointed to an smtp routing error stating smtp instance name did not match dns server resolved name i changed them to match but it didnt  make any difference........
0
 

Author Comment

by:cstephen100
ID: 21794897
sorry i am just after noticing in queues in system manager that there are msgs in the smtp connector as attached

queues.doc
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 21

Accepted Solution

by:
suppsaws earned 500 total points
ID: 21800231
0
 

Author Comment

by:cstephen100
ID: 21802844
thanks on further research i ran filemon and targeted the inetinfo.exe  the acivity is very high i dont think this is normal activity but do not know whats causing it, would attached file of inetinfo activity give any clue
inetinfo-activity.doc
0
 
LVL 21

Assisted Solution

by:suppsaws
suppsaws earned 500 total points
ID: 21810443
the ineinfo.exe is ok, it's just exchange that has ALOT of queues, probably due to an NDR attack or somekind...
Have a look at this site:
http://support.microsoft.com/kb/886208

as you can see, they also mention inetinfo.exe to take alot of memory or CPU power.
do the things the page says, cleanup the queueq and make sure to protect your server from further NDR attacks.
More info can be found here:
http://www.amset.info/exchange/spam-cleanup.asp
0
 

Author Comment

by:cstephen100
ID: 21894734
Thanks suppsaws im nearly there,tried lots from the links you sent, deleting queues from command prompt etc, im nearly there, the only trouble is i still cannot stop the queues from building up, whether it is an ndr attack or not, the exchange Q's build up rapidly i searched experts exchange knowledge base and found how to turn of non delivery reports but the queues still keep piling up, thus causing store .exe and inet info .exe to demand lots of memory usage, is there any way i can stop them.....
0
 
LVL 21

Expert Comment

by:suppsaws
ID: 21896898
you should just follow that guide, it can take a LONG time to empty up the queues.
There can be over 100.000 mails in the queue.
Also check if you aren't an open relay.
0
 

Author Comment

by:cstephen100
ID: 21917104
i can empty them fine using cmd prompt but cant stop the message queues builing up rapidly , i have carried out the steps to check if its open relay & Its not if we cant stop this msg attack we may have to reinstall exchange
0
 

Author Comment

by:cstephen100
ID: 21928433
thanks for your answers suppssaws, i finally was able to clear the queues using the info you provided exchange is now functioning properly
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now