Re: problems with KB951746

Is DNS lookup slow *on the server* when the patch is applied and system is under load? Or does this appear to strictly be a client issue using SBS?

-Cliff

"Gary Karasik" <gkarasik@xxxxxxx> wrote in message news:eNSlmW0$IHA.3556@xxxxxxxxxxxxxxxxxxxxxxx
So this is where I'd start....look at your network perimeter and see if you can verify there is a firewall issue.
Then, if you are CONFIDENT that you are okay there and the speed issue remains, reconfigure SBS (CEICW) and point it to another DNS server that is known to be patched and working (openDNS is a good option here).


Problem still exists if I bypass the hardware firewall and if I bypass ISA.

I've tried all sorts of forwarders and root hints and DNS servers. The only thing that makes a difference in performance is removing 951746.

Let me know if that helps,

-Cliff

I'm fairly confident you'll be able to fix the issue from there.
"Gary Karasik" <gkarasik@xxxxxxx> wrote in message news:%236rvj2y$IHA.5660@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I can't decide how to proceed with getting this problem solved. Wien the server-side DNS-vulnerability patch (951746) is installed, all my SBS2K3 systems are exhibiting the same problem: extremely show internet access when the system is under load, meaning when three or more clients are trying to access the internet at once.

With the patch uninstalled everything returns to normal. This is not resolved by reserving ports as one fix suggests.

The problem seems to be that DNS can't resolve quickly when the patch is installed. Sometimes it is so slow that the system times out. I've tried different forwarders, different DNS servers, and root hints only. If the patch is installed, nothing helps.

Someone has posted a message about this in the SBS private forum, but he isn't getting much help.

My indecision stems from the fact that no symptoms show if there is no load, so if I call CSS after hours I can't show them any symptoms, and I don't want to load the patch during a work day because access is so slow that client work slows to a virtual standstill, the remote branches connections to Exchange server stop responding, and local clients can't do any work that involves the internet.

I think I'm just going to have to live with this and hope that MS comes up with a fix for someone else and I hear about it.

Maybe someone here can suggest an approach, because I'm stumped as to how to proceed.

--

GaryK







.

Relevant Pages

  • Re: Internet Speed
    ... I think what we are trying to say is to use the DHCP from the SBS and NOT ... DNS and WINS point to the SBS. ... as the server IP address. ... it is recommend to configure all SBS client computers' IP and DNS ...
    (microsoft.public.windows.server.sbs)
  • Re: 70-294 next week
    ... to another DNS ... server for at least ... client, which then ... configuration on the client. ...
    (microsoft.public.cert.exam.mcse)
  • Re: Dual NIC vs Single NIC
    ... |> 135919 DNS Server Search Order Functionality in Windows ... Thank you for helping me to correct the misunderstand of DNS query ... Thank you again for your supplement about the client DNS cache issue. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Dual NIC vs Single NIC
    ... I will again argue that turning off the client DNS cache (0 refresh ... 261968 Explanation of the Server List Management Feature in the Domain ... Internet when the SBS server is offline. ...
    (microsoft.public.windows.server.sbs)
  • RE: Dynamic Update of A&PTR Records - Best Practice?
    ... The DNS server does not support the DNS dynamic update protocol; ... For Windows Server 2003-based computers, the primary full computer name is ... When one of these events triggers a DNS update, the DHCP Client service, ...
    (microsoft.public.windows.server.dns)