Re: problems with KB951746
- From: "Gary Karasik" <gkarasik@xxxxxxx>
- Date: Sat, 16 Aug 2008 07:23:52 -0700
--
GaryK
You originally posted this a couple weeks ago as a different thread.
"Attn: Susan Bradley" or somesuch. As I recall, it was ONE SBS server and
as of the end of the week last week, you had decided to contact Microsoft
CSS. So, my questions are:
1) What did CSS say?
I tried 800-PCSAFETY, but that's really consumer oriented, and they weren't
much help. I haven't called CSS. There's no real point because I can't have
the fix in place during production--the internet is practically
unusable--and there are no symptoms outside of production for CSS to
troubleshoot.
2) Did you make changes to the other three servers within the last week?
I'm trying to pinpoint why the problem has spread...
No changes. The problem hasn't spread--only my awareness of it. One of them
was having DSL problems, and I attributed the Inet slowdown to that. But as
soon as the DSL troubles were cleared up, it became obvious they were having
the same problem. On another one the office was closed for a couple of
weeks--clients attending a convention--so again there was no load on the
system and no obvious symptoms. The fourth is a small office full of really
sweet people who didn't want to bother me about the slow internet response
times.
3) Do any of the four servers run *without* ISA? I'd like to troubleshoot
on a network as 'clean' as possible...
Sadly, no. But I can bypass ISA and reproduce the problem.
4) Do all four servers connect to the internet using the same ISP?
No.
I appreciate your focusing on this.
GaryK
"Gary Karasik" <gkarasik@xxxxxxx> wrote in message
news:ug9WDl0$IHA.1180@xxxxxxxxxxxxxxxxxxxxxxx
Agreed. But in this case it's moot. The issue persists even if both
firewalls are bypassed.
--
GaryK
"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message
news:hIadnXIUU8UcpjvVnZ2dnUVZ_j6dnZ2d@xxxxxxxxxxxxxx
Depends on how aggressive the firewall is with its intrusion prevention
measures. Blocking legitimate IP addresses responding on ports the
firewall doesn't expect will cause problems. And three or more people
using the net will cause the firewall to block IPs more rapidly. Never
*assume* that the problem isn't somewhere. Test and verify...test and
verify... :)
-Cliff
"Gary Karasik" <gkarasik@xxxxxxx> wrote in message
news:u7%23gyc0$IHA.3756@xxxxxxxxxxxxxxxxxxxxxxx
Also, if this were a firewall issue, I think it would be there all the
time, not just when the system is under load.
--
GaryK
"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message
news:I5OdnRWuYKkGijvVnZ2dnUVZ_uqdnZ2d@xxxxxxxxxxxxxx
Gary,
I doubt the patch, or SBS, is the problem here. What I suspect is
happening is that the patch is doing what it is supposed to do. But
one of the things the patch does is cause the source port to be
randomized. If your firewall is not configured to allow DNS traffic
from a random source port then your recursive DNS requests are being
stopped at the firewall...and you'll get the symptoms you describe.
It is also possible, but less likely, that your ISP's DNS servers are
misconfigured and are unable to reply on odd source ports.
So this is where I'd start....look at your network perimeter and see
if you can verify there is a firewall issue.
Then, if you are CONFIDENT that you are okay there and the speed issue
remains, reconfigure SBS (CEICW) and point it to another DNS server
that is known to be patched and working (openDNS is a good option
here).
Let me know if that helps,
-Cliff
I'm fairly confident you'll be able to fix the issue from there.
"Gary Karasik" <gkarasik@xxxxxxx> wrote in message
news:%236rvj2y$IHA.5660@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I can't decide how to proceed with getting this problem solved. Wien
the server-side DNS-vulnerability patch (951746) is installed, all my
SBS2K3 systems are exhibiting the same problem: extremely show
internet access when the system is under load, meaning when three or
more clients are trying to access the internet at once.
With the patch uninstalled everything returns to normal. This is not
resolved by reserving ports as one fix suggests.
The problem seems to be that DNS can't resolve quickly when the patch
is installed. Sometimes it is so slow that the system times out. I've
tried different forwarders, different DNS servers, and root hints
only. If the patch is installed, nothing helps.
Someone has posted a message about this in the SBS private forum, but
he isn't getting much help.
My indecision stems from the fact that no symptoms show if there is
no load, so if I call CSS after hours I can't show them any symptoms,
and I don't want to load the patch during a work day because access
is so slow that client work slows to a virtual standstill, the remote
branches connections to Exchange server stop responding, and local
clients can't do any work that involves the internet.
I think I'm just going to have to live with this and hope that MS
comes up with a fix for someone else and I hear about it.
Maybe someone here can suggest an approach, because I'm stumped as to
how to proceed.
--
GaryK
.
- Follow-Ups:
- Re: problems with KB951746
- From: Cliff Galiher
- Re: problems with KB951746
- References:
- problems with KB951746
- From: Gary Karasik
- Re: problems with KB951746
- From: Cliff Galiher
- Re: problems with KB951746
- From: Gary Karasik
- Re: problems with KB951746
- From: Cliff Galiher
- Re: problems with KB951746
- From: Gary Karasik
- Re: problems with KB951746
- From: Cliff Galiher
- problems with KB951746
- Prev by Date: Re: problems with KB951746
- Next by Date: Re: Windows Mobile Question
- Previous by thread: Re: problems with KB951746
- Next by thread: Re: problems with KB951746
- Index(es):
Relevant Pages
|
