Solved

Slow ping rate caused by SBS2003 server

Posted on 2011-03-03
7
685 Views
Last Modified: 2012-05-11
We have a client that has broadband issues. I've narrowed this down to being caused by their server but I just can't figure out what it is that's doing it.

Basically, from any workstation, a constant ping to the outside world will return at about 400 - 500ms. Ping the server and it replies in <1ms.

However, physically unplug the server from the switch and the ping to the outside world immediately falls to around 25ms.

If I get the server to ping itself then I get a <1ms reply.
If I ping the server from a workstation I get a <1ms reply.
If I ping a workstation from the server I get a <1ms reply.

I've been running a Network Traffic Monitor program on a different server (Win 2003 standard) but I'm not seeing massive amounts of traffic from anything. It makes me think it's not a network that's simply flooded with traffic.

I've spent a few hours on site with this today. I've been going through the services list with a fine tooth comb and I stopped anything that I didn't recognise. At one point, the ping rate fell just after stopping a Kaseya agent service. I thought I'd found the problem so I uninstalled the Kaseya agent and rebooted. The high ping rate returned after the reboot and I just find anything that's causing it.

I'm guessing that I ended a process somewhere that made something else crash. I'm not sure what though.

I'm now working on this remotely this evening in the hope that I can resolve it in the next hour or so (bedtime soon!) and they'll have a working system tomorrow.

Any ideas?
0
Comment
Question by:edz_pgt
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:WBGames
Comment Utility
Check the speed duplex of the card going to the outside. 1 GB 100 mb or 10 mb
0
 
LVL 1

Author Comment

by:edz_pgt
Comment Utility
There's only one card - it's not multi-homed.

The bit that gets me is that disconnecting the server from the network suddenly lets the network behave properly and ping times reduce in a big way.

It's as if there's something running on the server, broadcasting a flood to the network and slowing everything down. Trouble is, I can't see any traffic with my monitoring program (Ntop/Winpcap).
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
download and run the sbs best practice advisor (bpa)   www.sbsbpa.com   fix everything it finds...there are likely settings on the Server NIC that need to be disabled.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:edz_pgt
Comment Utility
I've done the fixes that the BPA advises but no change so far. :(
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
on the server run the following and post the results

ipconfig /all
0
 
LVL 1

Accepted Solution

by:
edz_pgt earned 0 total points
Comment Utility
Turned out to be a large (15MB) email being rejected and then resent to a yahoo.com email account. Finally sorted it by blocking port 25 outbound on the router. This made the email visible in the Exchange queue so that i could delete it. It seems that email that is already in the process of being sent does not appear in the queue. Blocking the port prevented it from beginning to send. Problem solved.
0
 
LVL 1

Author Closing Comment

by:edz_pgt
Comment Utility
Thanks for your suggestions anyway. I can't really justify awarding anything as a solution but possibly useful suggestions for others to find.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now