Re: problems with KB951746
- From: "Gary Karasik" <gkarasik@xxxxxxx>
- Date: Fri, 15 Aug 2008 19:38:32 -0700
Both on the server and on the clients. On the server even if I bypass the
hardware router and ISA.
--
GaryK
"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message
news:vKqdnQgHzczspzvVnZ2dnUVZ_oDinZ2d@xxxxxxxxxxxxxx
Is DNS lookup slow *on the server* when the patch is applied and system is
under load? Or does this appear to strictly be a client issue using SBS?
-Cliff
"Gary Karasik" <gkarasik@xxxxxxx> wrote in message
news:eNSlmW0$IHA.3556@xxxxxxxxxxxxxxxxxxxxxxx
So this is where I'd start....look at your network perimeter and see if
you can verify there is a firewall issue.
Then, if you are CONFIDENT that you are okay there and the speed issue
remains, reconfigure SBS (CEICW) and point it to another DNS server that
is known to be patched and working (openDNS is a good option here).
Problem still exists if I bypass the hardware firewall and if I bypass
ISA.
I've tried all sorts of forwarders and root hints and DNS servers. The
only thing that makes a difference in performance is removing 951746.
Let me know if that helps,
-Cliff
I'm fairly confident you'll be able to fix the issue from there.
"Gary Karasik" <gkarasik@xxxxxxx> wrote in message
news:%236rvj2y$IHA.5660@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I can't decide how to proceed with getting this problem solved. Wien
the server-side DNS-vulnerability patch (951746) is installed, all my
SBS2K3 systems are exhibiting the same problem: extremely show internet
access when the system is under load, meaning when three or more
clients are trying to access the internet at once.
With the patch uninstalled everything returns to normal. This is not
resolved by reserving ports as one fix suggests.
The problem seems to be that DNS can't resolve quickly when the patch
is installed. Sometimes it is so slow that the system times out. I've
tried different forwarders, different DNS servers, and root hints only.
If the patch is installed, nothing helps.
Someone has posted a message about this in the SBS private forum, but
he isn't getting much help.
My indecision stems from the fact that no symptoms show if there is no
load, so if I call CSS after hours I can't show them any symptoms, and
I don't want to load the patch during a work day because access is so
slow that client work slows to a virtual standstill, the remote
branches connections to Exchange server stop responding, and local
clients can't do any work that involves the internet.
I think I'm just going to have to live with this and hope that MS comes
up with a fix for someone else and I hear about it.
Maybe someone here can suggest an approach, because I'm stumped as to
how to proceed.
--
GaryK
.
- References:
- problems with KB951746
- From: Gary Karasik
- Re: problems with KB951746
- From: Cliff Galiher
- Re: problems with KB951746
- From: Gary Karasik
- Re: problems with KB951746
- From: Cliff Galiher
- problems with KB951746
- Prev by Date: Re: Server Cooling
- Next by Date: Re: problems with KB951746
- Previous by thread: Re: problems with KB951746
- Next by thread: Re: problems with KB951746
- Index(es):
Relevant Pages
|
