[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Disk access to SBS 2003 Extremely Slow

Posted on 2009-04-14
8
Medium Priority
?
949 Views
Last Modified: 2012-05-06
Hello all:

   I manage a server that has worked quite well for nearly three years.  In just the past few days, it has slowed way down.  I notice this mainly from the server console.  If I try to browse the contents of the folders, it seems to take forever.  When opening applications - for example, event viewer, Start, Admin Tools open quickly.  Event Viewer itself is slow.  Getting the details for an event is very slow.  The same is true for opening management utilites.  Task Manager shows almost no CPU activity.  System Idle is usually in the 90% + range.  But the hard drives seem to be working pretty hard.  Configuration is a 7 x 250GB SATA drives in a RAID5 with one hot spare.  All configured as Drive C.  One other hot-swap drive is available for backup as drive E:  There is a lot of room available still on drive C: (like 650 GB).  I checked the 3Ware controller utility and everything seems to be in the green.  I am getting a lot NDR messages being sent out from the server.  I disabled SMTP for a while and that seemed to help, but not solve the problem.  So I enabled it again.  Does anyone have any ideas what I can check next??

Oh, and I in the middle of upgrading our Trend Micro SMB Messaging from 3.6 to Worry Free Bus. Security Advanced.  Backup is BackupExec 10d.
0
Comment
Question by:jhuntii
  • 4
  • 4
8 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24143813
Rather than cut and paste of a MS KB article you should have stated the source.
http://support.microsoft.com/kb/886208

Post above flagged to moderators for removal.

Simon.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24146986
RAID 5 is slow anyway. If you have seven drives what you should have done was created two arrays, one for the OS and applications (mirror of two drives) and the rest for data.

Run the SBS best practises tool on the server, see if that flags anything of interest.
If the server is being abused then it would show in the queues in ESM.

Simon.
0
 

Author Comment

by:jhuntii
ID: 24151613
There are those who would argue that RAID5 is fast, not slow... :)  However, I love RAID1 myself and if I had it to do over I would set this up differently.  Anyway, the speed has been acceptable for the past couple of years.  Only in in the past few days it has become nearly unuseable.  I'll run the best practices tool (if I can get it downloaded and installed - it may take a day or two just for that!).  I'm also checking NDR settings/possible attack.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 65

Expert Comment

by:Mestha
ID: 24156761
For hosting the OS, RAID 5 is slow. RAID 5 has its place, but by setting up everything on a single RAID 5 array you have crippled the system.

Exchange is a high transactional database, which needs to write to two two locations at the same time. Take in to account the fact that you have everything on the same array, plus the speed hit of RAID 5, and you have a system that is being held back by its storage configuration.

Throw in the additional overhead of SBS, and it is combination that will have performance issues.

Simon.
0
 

Author Comment

by:jhuntii
ID: 24395813
It turns out that we found thousands of messages in the queue - most from postmaster.  In researching this it appears we have been under an NDR attack.  I have set up the recipient filtering and tarpitting and cleaned out the messages.  That allows the server to speed up - for about a week, then the queues fill up and the server slows down again.  Should I turn off NDR responses for a while?  Also, this server has started to send out mass mailings - could this have had an effect on the queues filling up?  (No, the messages in the queues are not to those we send to.)
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24396325
If you have set recipient filter and then restarted the SMTP server that should have put a stop to the NDR attacks. That is the point.
Exchange is a very poor bulk emailing tool, and I would suggest finding another product to send those messages, or better still, outsource it.

Simon.
0
 

Author Comment

by:jhuntii
ID: 24398601
OK, I'll suggest that and see if that stops the  NDR messages.  Thanks.
0
 

Author Closing Comment

by:jhuntii
ID: 31570055
Thanks, Mestha.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question