asked on Are these symptoms of broadcast storm? Or more related to an individual server?
hi guys,
I posted yesterday regarding issues we have been having all week with people saving/opening to our file server. It is on a Windows 2003 Storage Server on an HP Proliant 380G5 with around 4GB of RAM and an Intel Xeon 2.33ghz. A SAN of around 15TB is connected directly with SAS cards to the back of this server.
This server has an IP of 192.168.11.35/24. If we accessed the server directly from the console or even RDP/VNC to it, it would freeze momentarily and then let you continue working on it.
The biggest issue is that a network consisting of approximately 300 users all had issues saving/opening file to and from this location. Copying files of around 200mb to local desktops would take almost 1minute through our gigabit switches, something which usually takes a few seconds.
However, if I logged on to any other server on the network which was on the same range, it would literally take a few seconds to copy files to the desktop. Some of the servers I tested from were also connected to the same switch as the one mentioned above.
My question is, would a broadcast storm every cause this? Or would a broadcast/switch issue cause you to have problems and slow speeds regardless of which server you accessed?
Does this issue mostly point to a specific server issue or would general network issues cause this also?
P.s - I logged on remotely to this file server and seeing as nobody is at the office today, it is absolutely fine? Hmmm....
Any ideas would be great.
Cheers
Yashy
I posted yesterday regarding issues we have been having all week with people saving/opening to our file server. It is on a Windows 2003 Storage Server on an HP Proliant 380G5 with around 4GB of RAM and an Intel Xeon 2.33ghz. A SAN of around 15TB is connected directly with SAS cards to the back of this server.
This server has an IP of 192.168.11.35/24. If we accessed the server directly from the console or even RDP/VNC to it, it would freeze momentarily and then let you continue working on it.
The biggest issue is that a network consisting of approximately 300 users all had issues saving/opening file to and from this location. Copying files of around 200mb to local desktops would take almost 1minute through our gigabit switches, something which usually takes a few seconds.
However, if I logged on to any other server on the network which was on the same range, it would literally take a few seconds to copy files to the desktop. Some of the servers I tested from were also connected to the same switch as the one mentioned above.
My question is, would a broadcast storm every cause this? Or would a broadcast/switch issue cause you to have problems and slow speeds regardless of which server you accessed?
Does this issue mostly point to a specific server issue or would general network issues cause this also?
P.s - I logged on remotely to this file server and seeing as nobody is at the office today, it is absolutely fine? Hmmm....
Any ideas would be great.
Cheers
Yashy
Windows Server 2008Windows NetworkingSwitches / Hubs
Last Comment
Qlemo
Sounds like a poisened MAC table entry in the switch, leading to a loop. Resetting the switch should help then.
I don't think it is anything like a config issue (a real loop without proper spanning tree to prevent from loops).
But before doing anything else, a network capture for traffic for a single machine to the "failing" server should be done. If I'm correct, you should see a lot of identical packages.
I don't think it is anything like a config issue (a real loop without proper spanning tree to prevent from loops).
But before doing anything else, a network capture for traffic for a single machine to the "failing" server should be done. If I'm correct, you should see a lot of identical packages.
I also think you should get Comm View (Tamosoft), put in on the server, learn how to interpret the packets and see what is going on when things get slow. Get Smart Whois (Tamosoft) at the same time and be able to look up (easily) IP addresses you don't know.
People could also be using Web Mail with big attachments.
People could also be using Web Mail with big attachments.
ASKER
The system was last rebooted three times in the past two days due to this. It didn't rectify the issue. The AV hasn't been disabled on the fileserver no, we could try that.
I'm using Wireshark guys if I need to capture traffic. So would I just run wireshark on my PC and then try to copy files down from the server to my desktop and then analyse the traffic? Or would I run it on the server itself perhaps?
I'm using Wireshark guys if I need to capture traffic. So would I just run wireshark on my PC and then try to copy files down from the server to my desktop and then analyse the traffic? Or would I run it on the server itself perhaps?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
when was the system/updated/rebooted last.
You could use perfmon as well as procmon one to monitor system performance (including network) and the other to see what is going on on the system.