justingrantiv
asked on
Slow Network Traffic, Internet, Exchange, Outlook, and AVG antivirus
Several issues going on here.
Our backbone consists of 2 3com Switch 4400's 48 port's each connected via a backplane kit. 10/100
We have 7 MIcrosoft 2003 Server's all with latest service patches etc...
Exchange 2003 Server SP2 on its own box with 65 users
We have a Dedicated full T1 of internet with a Watchguard Firebox III 700 device
Recently we have been experiencing a lot of slowness of network traffic. From not being able to get out on the internet, to outlook telling is it is trying to connect to the Exchange server connecting and then going thru that process several times througout the day.
I have looked thru the logs on the Firewall and I see a lot of HTTP traffic going out but that's about it. Nothing out of the ordinary at least. The traffic on the physical switches seems to be relatively standard as well however they are about 7 years old.
Ideas? HELP!
Our backbone consists of 2 3com Switch 4400's 48 port's each connected via a backplane kit. 10/100
We have 7 MIcrosoft 2003 Server's all with latest service patches etc...
Exchange 2003 Server SP2 on its own box with 65 users
We have a Dedicated full T1 of internet with a Watchguard Firebox III 700 device
Recently we have been experiencing a lot of slowness of network traffic. From not being able to get out on the internet, to outlook telling is it is trying to connect to the Exchange server connecting and then going thru that process several times througout the day.
I have looked thru the logs on the Firewall and I see a lot of HTTP traffic going out but that's about it. Nothing out of the ordinary at least. The traffic on the physical switches seems to be relatively standard as well however they are about 7 years old.
Ideas? HELP!
Does the slowness seem worse for users connected to one particular switch?
ASKER
no it is random across the board. Today x user will have major problems with it and tomorrow it's someone else. Some days it's everyone.
well.....unknown http traffic is going out side means that some of your computers are infected with viruses in your organization because your computers are broad casting unnecessary traffic to the internet or in your organization which will make your network totally busy and slow. offcourse its very difficult to trace out the clients which are broadcasting in your organization. first update your clients from microsoft side with new security patches. and update your anti virus with new virus defination. scan your computers in safe mode or disable your network card and do scan in normal mode. other way is to plug out your all cables from switch except your modem or firewall device and plug the cable of one client and check the network traffic from firewall monitoring or third party monitoring software if current computer is not generating any unnecessary traffic then connect another computer and check it again from monitoring software. if any computer you plugged generating network flood or broadcasting to network plugge it out the cable and scan with antivirus or update with service pack or security patches.
if your clients are not up-to-date from microsoft or third party antiviruse then network flood or broadcasting will slow down your network and creating problems.
Thanks
if your clients are not up-to-date from microsoft or third party antiviruse then network flood or broadcasting will slow down your network and creating problems.
Thanks
ASKER
We have had Symantec Corporate loaded on all workstations for 5 years. We changed to AVG network edition 3 months ago as the new version of Symantec Corp. SUCKS. All machines also run all of their Windows updated nightly and we run a virus definition check every hour. Needless to say we have run scans on all the workstations and servers and we have found nothing anywhere with any of that. Unplugging everything and plugging in one by one is an option but man that will take forever as there are 65 plus devices on the network.
Any good network monitoring software that anyone recommends that is free / inexpensive?
Any good network monitoring software that anyone recommends that is free / inexpensive?
Did you use your free trial of 3Com Network Supervisor software yet? That should have come w/ the switches. Other than that I have heard Look@LAN Network Monitor is decent:
http://www.snapfiles.com/get/lanlook.html
http://www.snapfiles.com/get/lanlook.html
Well dear i face the same problem 7, 8 years before...Network is very slow and broadcast unknow traffic...
May be your DNS Issue. is your DNS working properly in your organization. check the event logs. network is slow because it is not resolving the names and queries from server. when your clients are logging and authenticate from AD Server is it take long time to authenticate..??!!!. From client side you can type nslookup and see is it showing your server.domainname.com. again type nslookup server.domainame.com. and check how much it will take time to resolve, if not resolving then its your dns issue.
Else
may be some attacks are coming from outside to your dns server. can you unplug your all clients cable and see your server network card lights are continue blinking or not but internet connection is active on your server. you have to do this other wise it will never clear that from where the unnessary network traffic is coming.
one thing more Can you or it is possible to change your anti virus to Endpoint Protection 11 .
Thanks
May be your DNS Issue. is your DNS working properly in your organization. check the event logs. network is slow because it is not resolving the names and queries from server. when your clients are logging and authenticate from AD Server is it take long time to authenticate..??!!!. From client side you can type nslookup and see is it showing your server.domainname.com. again type nslookup server.domainame.com. and check how much it will take time to resolve, if not resolving then its your dns issue.
Else
may be some attacks are coming from outside to your dns server. can you unplug your all clients cable and see your server network card lights are continue blinking or not but internet connection is active on your server. you have to do this other wise it will never clear that from where the unnessary network traffic is coming.
one thing more Can you or it is possible to change your anti virus to Endpoint Protection 11 .
Thanks
ASKER
Logon is very fast. Dns resolves very quickly both internally and externally.
The latest thing I have been able to find is that all users that are having the problem if they Ipconfig /release and then ipconfig /renew they start working again. The machines get the exact same ip information but they start working.
Endpoint Protection 11 - NO I've used that at other clients and it uses WAY too many resources for one program. We have version 10 of Symantec on the pc's here. We loaded AVG 8.0 Network Edition and it has actually caught things that Symantec never did and the pc's response / individual speed has increased with less CPU utilization just from removing Symantec.
The latest thing I have been able to find is that all users that are having the problem if they Ipconfig /release and then ipconfig /renew they start working again. The machines get the exact same ip information but they start working.
Endpoint Protection 11 - NO I've used that at other clients and it uses WAY too many resources for one program. We have version 10 of Symantec on the pc's here. We loaded AVG 8.0 Network Edition and it has actually caught things that Symantec never did and the pc's response / individual speed has increased with less CPU utilization just from removing Symantec.
well you mean when u release your ip and renew it the machine is working perfectly. so do one more thing flush the dns on client and register it again. and see what happen...
here is the command if you dont know.
ipconfig /flushdns
and then
ipconfig /registerdns
here is the command if you dont know.
ipconfig /flushdns
and then
ipconfig /registerdns
ASKER
Did the flush about an hour ago and it "lost" connection again after about 45 minutes. Same results. release / renew / flush / register and its working yet again. Never physically loose network connections however. I can ping internal things by ip address. Can't ping the external address when the "connection" is down but i normally can whenever everything is working.
can you tell me one thing did you recently change your switch. or you have your setup on 3 com switch from begnning.
if you recently change your switch and getting this issue, then do one thing for testing purpose you have to take another brand swtich and connect that switch on your network and put your clients on that switch with server. and test and see the result if there is any difference..!!!!
because now a days 3com switch has manufacturing faults.
if you recently change your switch and getting this issue, then do one thing for testing purpose you have to take another brand swtich and connect that switch on your network and put your clients on that switch with server. and test and see the result if there is any difference..!!!!
because now a days 3com switch has manufacturing faults.
ASKER
this 3com has been in place for 6 or 7 years. I did order 2 new Switches to replace these that should be here on Monday that are Gigabit switches
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We ordered Dell as everything we have here now is Dell from the rack, to the printers, to all the servers. Only thing that wasn't was the 3com switches and we also have 3 Proxim wireless Access units which seem to work flawlessly.
They came in however there is some major deadline that i can't take the network down for this evening so i won't be able to put them in today.
They came in however there is some major deadline that i can't take the network down for this evening so i won't be able to put them in today.
ASKER
Problem solved. Ended up being a print server that had the wrong default gateway in it. This print server has been on our network for 5 years or more. We changed our default gateway over 3 years ago. Why it just started causing an issue who knows. The machines when they lost their ip address looked to that print server deep down in the IP logs / tables whatever the heck it is that the reporting tool microsoft sent me to use. IPconfig / all showed the dhcp server as our real dhcp server.
Totally WEIRD.
Totally WEIRD.
ASKER
Problem actually ended up being a print server that had dhcp enabled on it still. It was causing major issues