Solved

Disk access to SBS 2003 Extremely Slow

Posted on 2009-04-14
8
940 Views
Last Modified: 2012-05-06
Hello all:

   I manage a server that has worked quite well for nearly three years.  In just the past few days, it has slowed way down.  I notice this mainly from the server console.  If I try to browse the contents of the folders, it seems to take forever.  When opening applications - for example, event viewer, Start, Admin Tools open quickly.  Event Viewer itself is slow.  Getting the details for an event is very slow.  The same is true for opening management utilites.  Task Manager shows almost no CPU activity.  System Idle is usually in the 90% + range.  But the hard drives seem to be working pretty hard.  Configuration is a 7 x 250GB SATA drives in a RAID5 with one hot spare.  All configured as Drive C.  One other hot-swap drive is available for backup as drive E:  There is a lot of room available still on drive C: (like 650 GB).  I checked the 3Ware controller utility and everything seems to be in the green.  I am getting a lot NDR messages being sent out from the server.  I disabled SMTP for a while and that seemed to help, but not solve the problem.  So I enabled it again.  Does anyone have any ideas what I can check next??

Oh, and I in the middle of upgrading our Trend Micro SMB Messaging from 3.6 to Worry Free Bus. Security Advanced.  Backup is BackupExec 10d.
0
Comment
Question by:jhuntii
  • 4
  • 4
8 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24143813
Rather than cut and paste of a MS KB article you should have stated the source.
http://support.microsoft.com/kb/886208

Post above flagged to moderators for removal.

Simon.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24146986
RAID 5 is slow anyway. If you have seven drives what you should have done was created two arrays, one for the OS and applications (mirror of two drives) and the rest for data.

Run the SBS best practises tool on the server, see if that flags anything of interest.
If the server is being abused then it would show in the queues in ESM.

Simon.
0
 

Author Comment

by:jhuntii
ID: 24151613
There are those who would argue that RAID5 is fast, not slow... :)  However, I love RAID1 myself and if I had it to do over I would set this up differently.  Anyway, the speed has been acceptable for the past couple of years.  Only in in the past few days it has become nearly unuseable.  I'll run the best practices tool (if I can get it downloaded and installed - it may take a day or two just for that!).  I'm also checking NDR settings/possible attack.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24156761
For hosting the OS, RAID 5 is slow. RAID 5 has its place, but by setting up everything on a single RAID 5 array you have crippled the system.

Exchange is a high transactional database, which needs to write to two two locations at the same time. Take in to account the fact that you have everything on the same array, plus the speed hit of RAID 5, and you have a system that is being held back by its storage configuration.

Throw in the additional overhead of SBS, and it is combination that will have performance issues.

Simon.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:jhuntii
ID: 24395813
It turns out that we found thousands of messages in the queue - most from postmaster.  In researching this it appears we have been under an NDR attack.  I have set up the recipient filtering and tarpitting and cleaned out the messages.  That allows the server to speed up - for about a week, then the queues fill up and the server slows down again.  Should I turn off NDR responses for a while?  Also, this server has started to send out mass mailings - could this have had an effect on the queues filling up?  (No, the messages in the queues are not to those we send to.)
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24396325
If you have set recipient filter and then restarted the SMTP server that should have put a stop to the NDR attacks. That is the point.
Exchange is a very poor bulk emailing tool, and I would suggest finding another product to send those messages, or better still, outsource it.

Simon.
0
 

Author Comment

by:jhuntii
ID: 24398601
OK, I'll suggest that and see if that stops the  NDR messages.  Thanks.
0
 

Author Closing Comment

by:jhuntii
ID: 31570055
Thanks, Mestha.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

##the calculator has been updated to version 1.6 please download the use the updated version## Hi there, After the previous post of the original version of the calculator here : http://www.experts-exchange.com/articles/OS/Microsoft_Operatin…
Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now