trono
asked on
Internet times out periodically
Hi all,
We are having problems with our internet becoming very slow to the point where pages time out. This happens 3 or 4 times a day seemingly at random times. When not going through the ISA 2004 firewall/proxy this issue does not seem to occur.
What is the best way to try and resolve this? Is there any monitoring software that I can run that will monitor throughout the day and show me more information about these timeouts?
We are having problems with our internet becoming very slow to the point where pages time out. This happens 3 or 4 times a day seemingly at random times. When not going through the ISA 2004 firewall/proxy this issue does not seem to occur.
What is the best way to try and resolve this? Is there any monitoring software that I can run that will monitor throughout the day and show me more information about these timeouts?
Check first the following:
To check, if ISA or the router or the line has a problem, you should try with one single client to bypass ISA. If you experience normal speed with the bypassing clients and slow performance with clients over ISA, the issue maybe ISA related.
If you assume your router, just try to reboot your router so see, if this solves it. Some routers do only allow a number of simultanous connections and esp. file sharing programs like bittorrent may kill them.
For ISA, there may be the following reaons:
- If log files are enabled, they can raise from several MBs up to GBs. You should make sure, that so virus scanners are scanning them, as they take longer and longer as the log files are growing over the day.
- Check your RAM usage, if this can be an issue
- Temporarily disable the web cache
- Check the settings for Flood-Mitigation. It may be an oiption the build up a computerset with internal IP ranges and raise the values for these clients.
Some programs may open a lot of simulanous connections and this may be interpreted as a flood attack. If ISA detects a flood or spoofing attack, it may block temproraily some clients.
Also check, how many connection requests are denied on the external interface. This may also a reason for ISA to slow down.
To check, if ISA or the router or the line has a problem, you should try with one single client to bypass ISA. If you experience normal speed with the bypassing clients and slow performance with clients over ISA, the issue maybe ISA related.
If you assume your router, just try to reboot your router so see, if this solves it. Some routers do only allow a number of simultanous connections and esp. file sharing programs like bittorrent may kill them.
For ISA, there may be the following reaons:
- If log files are enabled, they can raise from several MBs up to GBs. You should make sure, that so virus scanners are scanning them, as they take longer and longer as the log files are growing over the day.
- Check your RAM usage, if this can be an issue
- Temporarily disable the web cache
- Check the settings for Flood-Mitigation. It may be an oiption the build up a computerset with internal IP ranges and raise the values for these clients.
Some programs may open a lot of simulanous connections and this may be interpreted as a flood attack. If ISA detects a flood or spoofing attack, it may block temproraily some clients.
Also check, how many connection requests are denied on the external interface. This may also a reason for ISA to slow down.
ASKER
Thanks for the suggestions so far. It has been determined that when bypassing ISA the issue does not occur...so it looks like it's definetly something to do with the ISA server or where it's connected.
- The ISA server is kept upto date via WSUS
- Unfortunatley no errors in the event log
- Don't think it's the log files as they have not changed in size compared to in the past
- The RAM is a little less than would be ideal but no more RAM is used when the issue occurs
- Not sure about disabling the cache as it says all the settings will be removed.
- We have ISA 2004 so I don't think the flood mitigation feature is available
- The ISA server is kept upto date via WSUS
- Unfortunatley no errors in the event log
- Don't think it's the log files as they have not changed in size compared to in the past
- The RAM is a little less than would be ideal but no more RAM is used when the issue occurs
- Not sure about disabling the cache as it says all the settings will be removed.
- We have ISA 2004 so I don't think the flood mitigation feature is available
I would still suggest a manual update check using Microsoft Update to confirm patch status. Do you see any alerts logged in ISA alerts tab?
- OK
1.) Usually, ISA is setup either to log in W3C Format databases (IIS Format) or to log to a SQL server instance. If you are unsure, check, whether you have a SQL server instance installed or if you find *.mdf / *.ldf files on your server.
If you log to files, the files have a format like ISALOG_xxxx.yyy somewhere.
SQL Server databases as well as the log files should not be scanned by virus scanner.
The files should grow on every access, as long as not disabled.
2.) RAM is an issue, as long as the physical RAM is completely used, means the server starts swapping into the swapfile ( pagefile.sys). This file should also excluded from virus scanners.
3.) If the cache is enabled, you should find an urlcache directory with a file named dir1.cdat on your system. Also this file should be excluded from virus scanning. If you use caching, you should select an amount of disk space, which corresponds to your usage. I use normally not more than 200 MB.
4.) Make sure, that you disable the monitoring, if you have used it. The monitoring should not run in the background. This is only for analysis purposes.
5.) As I remember, ISA 2004 supports also connection verifiers. These can be usefull to generate alerts if the external connection fails. But they also produces some traffic, use them with rarely.
6.) try to find out, if you can observe any other kind of load on the server if you experience this issue. You have also a performance counter on the ISA start page, you can enable. Otherwise you can also use the windows performance counters to make a longer observation about a few load parameters.
7.) free disk space (should never rund under 100 MB free space)
1.) Usually, ISA is setup either to log in W3C Format databases (IIS Format) or to log to a SQL server instance. If you are unsure, check, whether you have a SQL server instance installed or if you find *.mdf / *.ldf files on your server.
If you log to files, the files have a format like ISALOG_xxxx.yyy somewhere.
SQL Server databases as well as the log files should not be scanned by virus scanner.
The files should grow on every access, as long as not disabled.
2.) RAM is an issue, as long as the physical RAM is completely used, means the server starts swapping into the swapfile ( pagefile.sys). This file should also excluded from virus scanners.
3.) If the cache is enabled, you should find an urlcache directory with a file named dir1.cdat on your system. Also this file should be excluded from virus scanning. If you use caching, you should select an amount of disk space, which corresponds to your usage. I use normally not more than 200 MB.
4.) Make sure, that you disable the monitoring, if you have used it. The monitoring should not run in the background. This is only for analysis purposes.
5.) As I remember, ISA 2004 supports also connection verifiers. These can be usefull to generate alerts if the external connection fails. But they also produces some traffic, use them with rarely.
6.) try to find out, if you can observe any other kind of load on the server if you experience this issue. You have also a performance counter on the ISA start page, you can enable. Otherwise you can also use the windows performance counters to make a longer observation about a few load parameters.
7.) free disk space (should never rund under 100 MB free space)
Yea, and following Ray-GT, there is an update for a ISA-NAT problem. This is usually applied by WSUS, but check your WSUS as well as your ISA, if this is really applied (and accepeted in WSUS).
Look for
- ISA SP3
- UDP Update for ISA (MS08-037 Nov. 2008)
- Security Update ISA (KB 960995 Apr. 2009)
Look for
- ISA SP3
- UDP Update for ISA (MS08-037 Nov. 2008)
- Security Update ISA (KB 960995 Apr. 2009)
ASKER
thanks i had missed the latest update for ISA released on April 2009...it is good to have but unfortunatley has not resolved the issue. At this stage is looks like it is a problem with one of our switches...not sure why as yet but when we connect the ISA server and clients into a 10/100 switch instead of the usual gigagyte switch the issue seems to disappear. Still at a bit of a loss as to why & how to resolve this issue but seems like we are getting closer to confirming that the problem is an issue with the ISA server & or cisco routers connection with the gigabyte switch.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Rah-GT is right, this is a good idea....
ASKER
Have finally tested all you suggestions. i.e turned off caching, checked for duplex errors but unfortunatley there are still intermittent timeouts.
I have been able to confirm that it is only internet traffic that goes via ISA that is effected...when bypassing the proxy these intermittent timeouts do not seem to occur.
Haven't used it before but wondering if we might be able to narrow this down by using a product such as ethereal? Any assistance with where to go from here would be appreciated.
I have been able to confirm that it is only internet traffic that goes via ISA that is effected...when bypassing the proxy these intermittent timeouts do not seem to occur.
Haven't used it before but wondering if we might be able to narrow this down by using a product such as ethereal? Any assistance with where to go from here would be appreciated.
You mentioned that the issue only occurs if you are connected to a gigabit switch. Did you manage to rule out any errors on the switch side? I would also recommend a NIC driver update.
Do you see any alerts logged by ISA under the monitoring tab at all during or just before the timeout issues?
Do you see any alerts logged by ISA under the monitoring tab at all during or just before the timeout issues?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, Gigabit may also point to cabling issues.
ASKER
Still trying to narrow this one down but all your help has been appreciated.
ASKER
Still having issues but have some good suggestions to work with.
http://technet.microsoft.com/en-us/forefront/edgesecurity/bb734854.aspx
2. Do you see any errors on the Event Logs?