Exchange 2003 Server slows entire network Internet access

Posted on 2012-08-19
Last Modified: 2013-01-08
All at once a couple days ago internet access slowed to a crawl on all the computers onhte domain including both workstations and servers.  I'v tested a direct connect to the T-1 Cisco 1721 router supplied by our T1 supplier and everything is fine.  I've checked the switches and all is ok.  On further testing I've determined that the problem only occurs when the Exchange server (Ver. 2003 on a sewparate box) is running.  If it is shut down everything is normal.  If I start it up Internet access dies after 5 to 10 minutes.  It sounds like a virus or trojan but so far I;ve found nothing.  We have a total of two Dell servers.  One is the domain controller and file server.  The other is the Exchange server.  Both are running server 2003.

This slow down does not appear to affect the local network speed - only the Internet.  Any ideas would be appreciated.
Question by:Mogart
    LVL 52

    Expert Comment

    What all does that affected Exchange holds ... i guess its a Member server and not a DC.
    Is it responsible for mailflow or something ?

    - Rancy
    LVL 3

    Expert Comment

    Is it possible it's got a duplicate IP address, most likely with the router or switch that's recently been installed?
    I've seen that cause problems similar to what has been described..
    LVL 8

    Expert Comment

    Make sure your Exchange server is locked down.  Meaning know one can third-party relay off of your mail server.  Also, given your bandwidth you may also need to implement restrictions on email size for in and outbound to no more than 10Mb email size.  

    If you don't have the proper settings on your Exchange server and firewall the mail server can get compromised allowing third-party relay.  Allowing people to use your server for spamming.

    I highly recommend using a service like Microsoft Hosted Filtering or Google's Postini to filter virus and spam email traffic before mail is received by your mail server.  With either service you will locked down port 25 in your mail server to only allow Microsoft or Postini to send to your mail server.  

    I've used these services at every company that I've worked at over the last 10+ years.  These services are much more robust than any appliance that you can put in place.

    Accepted Solution

    The problem has been resolved internally.  It turned out to be a script on the domain controller that was downloading Symantec antivirus strings and installing them on the servers and several PC's.  This script was apparently written by a previous IT person to do updates rather than using the Symantec managed client method.

    In any event the problem went away after I disabled the script.  The reason I had so much trouble running it down was because everything still worked but just extremely slowly.  It would have been easier if it had actually frozen a process.

    Note to gsmartin:  We do use Postini for filtering.

    Author Closing Comment

    The other responses did not solve the problem

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
    Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now