Link to home
Create AccountLog in
Avatar of cstephen100
cstephen100

asked on

inetinfo.exe affecting exchange delivery

hi all, we are experiencing strange problems on our server, a few weeks ago our exchange server logs started to take up all our hard drive space , i then moved them to another drive as they were using up all drive resources, now our server which is both file server and exchange server, has aa process inetinfo.exe which seems to fluctuate wildly its size was 755,556k last week then very low after i ran updates but now its getting larger 126,556k, is this affecting exchange performance, users are complaining  that mails are received 2 days later than when sent, i tested the mail delivery and realized the same any ideas on how i can fix this, is it a possibly a virus affecting inetinfo.exe
Avatar of suppsaws
suppsaws
Flag of Belgium image

Hello cstephen100,

If the exchange logs are eating up HD space, do you have a backup working on the server? If so the backup program should delete the logs automatically.
What do you see in the eventlogs actually?
Where is the inetinfio.exe file located on the HD?
http://www.symantec.com/security_response/writeup.jsp?docid=2005-102514-0353-99&tabid=2
it should be about 14k in size normally, and should be located under C:\WINDOWS\System32\inetsrv

Regards,

suppsaws
cstephen100,

btw, what about you mail flow, are there any mail in the exchange queue?
You mean it's eating up all memory or HD space?

suppsaws
Avatar of greesh_hem
greesh_hem

Run the Exchange Performance Troubleshooting analyzer (EXPTA) when the issue reoccurs and it will help in pointing to the root cause of the issue.
Avatar of cstephen100

ASKER

hi thanks for your assistance the inet info file is in the correct location :C:\WINDOWS\System32\inetsrv i noticed that there was also a inetinfo dump file on the c drive  & if i check the processes tab under task manager i see that the inet.info process is taking  up 254,655k memory usage this figure fluctuates and has doubled since i checked it earlier today, the reason i think that this is related to the mail flow ia i read article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q291248 which states ""XIMS: High CPU Use by Inetinfo.exe Process Degrades E-mail Delivery""
I dont see any errors in event viewer or queed msgs but they are definatly delayed when sending , i ran EXPTA which pointed to an smtp routing error stating smtp instance name did not match dns server resolved name i changed them to match but it didnt  make any difference........
sorry i am just after noticing in queues in system manager that there are msgs in the smtp connector as attached

queues.doc
ASKER CERTIFIED SOLUTION
Avatar of suppsaws
suppsaws
Flag of Belgium image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
thanks on further research i ran filemon and targeted the inetinfo.exe  the acivity is very high i dont think this is normal activity but do not know whats causing it, would attached file of inetinfo activity give any clue
inetinfo-activity.doc
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thanks suppsaws im nearly there,tried lots from the links you sent, deleting queues from command prompt etc, im nearly there, the only trouble is i still cannot stop the queues from building up, whether it is an ndr attack or not, the exchange Q's build up rapidly i searched experts exchange knowledge base and found how to turn of non delivery reports but the queues still keep piling up, thus causing store .exe and inet info .exe to demand lots of memory usage, is there any way i can stop them.....
you should just follow that guide, it can take a LONG time to empty up the queues.
There can be over 100.000 mails in the queue.
Also check if you aren't an open relay.
i can empty them fine using cmd prompt but cant stop the message queues builing up rapidly , i have carried out the steps to check if its open relay & Its not if we cant stop this msg attack we may have to reinstall exchange
thanks for your answers suppssaws, i finally was able to clear the queues using the info you provided exchange is now functioning properly