Windows Server - SBS2K3 Premium +ISA 2004 2 NICS - IPCONFIG /ALL

No known changes or programs installed and suddenly a dramatic
slowdown in internet connection No IE web access with proxy FF01:8080
set deselect proxy and connection is OK. RWW/Email/FTP and other non
http access is OK speedtest shows 1.5 down .2 up it was 8.5 down 1 up.
Direct connection to modem is OK

I have checked all the basics and have either missed something or the
issue is deeper. Have rerun internet connection wizard and rebooted
and even tried changing from ISP DNS server to googles with no change.
I have not worked thriugh an issue like this on SBS2K3 in a long long
time and could really use some assistance.

While not a "server down" the complaints about the speed are building
(and wearing) on me.


C:\>ipconfig /all - SERVER

Windows IP Configuration

Host Name . . . . . . . . . . . . : ff01
Primary Dns Suffix  . . . . . . . : FF.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : FF.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.6
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-1C-23-C5-C9-D5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.2
Primary WINS Server . . . . . . . : 192.168.1.2

Ethernet adapter Network Connection:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS
VBD Client) #2
Physical Address. . . . . . . . . : 00-1C-23-C5-C9-D7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 70.25.00.10
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 70.25.00.9
DNS Servers . . . . . . . . . . . : 192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\>

C:\Documents and Settings\Administrator>cd\

C:\>ipconfig /all CLIENT

Windows IP Configuration

Host Name . . . . . . . . . . . . : FF12
Primary Dns Suffix  . . . . . . . : FF.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : FF.local
FF.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : FF.local
Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E
Gigabit E
thernet NIC
Physical Address. . . . . . . . . : 00-1C-C0-51-2A-C2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.112
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCP Server . . . . . . . . . . . : 192.168.1.2
DNS Servers . . . . . . . . . . . : 192.168.1.2
Primary WINS Server . . . . . . . : 192.168.1.2
Lease Obtained. . . . . . . . . . : Monday, November 22, 2010
2:07:53 PM

Lease Expires . . . . . . . . . . : Tuesday, November 30, 2010
2:07:53 P
M

C:\>

Do you have a feel for whether this is DNS related or HTTP related? I assume
from the above that its more likely to be HTTP related.

Am I correct in assuming that you run an http proxy on your server? I do not
have SBS Premium, so I do not know what comes with it, but I would assume the
proxy/gateway on your server is the likely culpret.

However, a few other suggestions:

1. You referred to a speedtest showing your speeds lower than they were. If
you can tolerate complaints from your users (or do it out of hours) it would
be interesting to know what the figures are if you plug a pc in directly to
your touer/modem and then re-run the tests. The rational being that if a pc
on the network is generating a lot of internet traffic then that could be
using up much of your bandwidth and that would cause you to see lower
results than you might expect.

2. Since you have ISA (I do not), I think this allows you to see where your
network traffic is going. If so then can you see whether anything in
significant is standing out as using a lot of bandwidth?

3. I assume you have checked the logs on the server for any issues and not
found anything significant?

4. I had an issue a number of years back now where our network seemed to be
slowing down (but interestingly seemed fine for a few minutes after a reboot
of the server), tracked it down eventually to masses of spam being sent out
via our server (NDR spam). So its worth having a quick look at your exchange
queues and if you have large amounts of emails awaiting delivery then that
might be the cause.

Of the above all the ones which relate to something eating your bandwidth
would also affect FTP, SMTP etc, but I suspect that people are less likely
to notice if these are slow.

Hope this is useful, even if to rule out some things.
--
Brian Cryer
http://www.cryer.co.uk/brian

ume
't
the
If
uld
to
pc
r
be
oot
ut
nge
t
y

Direct to modem connect is full speed. No mail backup or NDR's in
exchnage. doing some searching I found ISA error "Web Proxy filter
cannot bind to socket" while following this I lost my remote connection
so I have to go on site today. Any other suggestions?

DNS Patch. Make sure you add 8080 to the ReservedPorts registry key so
that DNS does not grab it.

If the web proxy filter is not loading, ISA will be routing traffic
differently than normal. Not sure what the performance impact might be,
but this seems like an obvious possible explanation. So I'd start by
sorting that out.

--
Steve Foster
For SSL Certificates, Domains, etc, visit.:
https://netshop.virtual-isp.net