Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


September 08, 2008

Troubleshooting a Slow-Running Windows Server 2008

A Web Exclusive from Windows IT Pro
Alan Sugano
IT 911
InstantDoc #100210
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Performance Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
back to blog index

 

We are in the middle of a major upgrade project for a new client. The client has two VMware ESX host servers running a variety of virtual server guests, including two domain controllers (DCs), File Server, Exchange Server 2007, SQL Server 2005, Microsoft Office SharePoint Server (MOSS) 2007 and Terminal Server.   All servers are running Windows Server 2008 as the base OS with a mix of x86 and x64.  All the servers were prepped for an initial Exchange cut over last Friday.  Earlier in the week, on Tuesday, we completed training on Exchange and SharePoint for the client and the servers ran flawlessly. 

But starting on Wednesday, we noticed that something was seriously wrong with some of the servers.  The symptoms included the following:

• On the SharePoint Server, one site was completely inaccessible.
• SharePoint performance on the working sites was very slow.
• On the Exchange Server, the receive connectors did not appear in the Exchange Management Console (EMC).
• On the Exchange Server, the databases took a long time to appear in the EMC, and when they did their status was Unknown .
• Performance on one of the DCs was very slow.
• If you mapped a drive to any share on the slow servers and ran the command dir /s the directory listing paused very half second.  Normally, a directory listing scrolls by so fast that you can’t read it.

Both ESX hosts had 16GB of memory and each had two quad core 3GHz processors in them.  Some of the virtual servers were Ok, but obviously something was very wrong with the Exchange and SharePoint servers and one of the DCs.  The server performance was so slow, it essentially made them unusable. Since we were cutting over to the new Exchange Server on Friday, we had to quickly determine the cause of the problem.  A review of the Event Viewer did not show any possible causes.  The CPU, disk, and network utilization was very low and well within normal parameters.  Yet the slowness continued.  Since the servers were running on ESX, we fortunately had an image backup of each of these servers from the prior week.  We decided to restore the Exchange Server image from tape and the server started properly working fast again!  But when we rebooted the server it slowed down again.  We did notice that three updates that were installed on the server went through a configuration process when the server was rebooted.  This led us to believe that the server was slowing down because of one or more of the Server 2008 updates.  The updates that were installed on this server included:

Exchange 2007 SP1 Post Rollup 3.
KB950050
KB955020
KB949189
KB952287
KB941693
KB948590
KB950582
KB950762
KB950974
KB951066
KB953733
KB953838
KB953839
KB947562
KB951072
KB951618
KB951978
KB951698

To narrow down the problem, we removed each patch one at a time (one of them couldn’t be removed) and rebooted the server.  Then we tested the server to see if the server started performing fast again.  After removing each patch one by one, the server was still unfortunately slow.  On a hunch one of my employees Blandy Allred suggested that we try to remove Symantec Endpoint SR2 MP2 Client.  As soon as he removed it, the server started working fast again!  We reinstalled the Symantec Endpoint Client and the server remained fast.  After Endpoint was reinstalled, we reapplied all the patches and the server slowed down again!  But we uninstalled and reinstalled Endpoint and the server started working again.  Evidently one or more of the patches conflicts with Symantec Endpoint.  If Symantec Endpoint is installed and the patches are applied, the server will slow down.  If the patches are applied and then Symantec Endpoint is installed, the server will remain fast.  The fix here is a relatively simple one.  If you are running Server 2008 with Symantec Endpoint and the server is slow, uninstall and reinstall Symantec Endpoint and the server performance should return to normal.  I’ve notified Symantec of this problem, and I'll keep you informed of any progress that is made on this issue.  It took us three days to figure out what the problem was.  Fortunately the fix is simple once you know the solution.  This issue appears to happen on both x86 and x64 versions of Server 2008.  Hopefully this article will prevent you from hitting your head against the wall trying to find the solution!

 

End of Article

Reader Comments
Any response from Symantec?

rdl1912a September 10, 2008 (Article Rating: )

I spoke with them today (9/11/08) and they're still trying to reproduce the problem. It may have something to do with the managed client and/or activating Network Threat Protection and Proactive Threat Protection. As soon as I hear something I'll post it!

asugano@adscon.com September 11, 2008 (Article Rating: )

Symantec was able to reproduce the problem when pusing the Client Security Installation package from the Management Server. They're working on a solution. I'll let you know as soon as I know.

asugano@adscon.com September 18, 2008 (Article Rating: )

Maintenance Release (MR) 3 of Symantec Endpoint Security seems to help the problem. We've had numerous hang ups with file shares on Windows Server 2008 using MR2. Also disabling IPv6 seems to help. We've noticed a significant performance (+80%) increase in backups with Backup Exec by upgrading to MR3 and disabling IPv6 support.

asugano@adscon.com October 27, 2008 (Article Rating: )

Cool article!...It would have been great to get a dump of the server while it was slow so we could get a foot print of the problem like what resources were held during the slow down or what processes were spiking the CPU. Great info and thanks for the follow-up.

michmor2k October 30, 2008 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.





Search IT 911
 
IT 911
NOVEMBER 2008
       1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30       
or

 Recently in IT 911
Troubleshooting a Slow-Running Windows Server 2008

Last Comment
Cool article!...It would have been great to get a dump of the server while it was slow so we could g...
(5 Comments)
Serious VMware Bug
Make a Comment
A Dreary Black Hat

Last Comment
"...perhaps a transition to more corporate participation is a natural thing. After all, we aren’t ge...
(1 Comments)
Two Head Scratching Announcements from RIM
Make a Comment
New Generation of Certifications for Longhorn Server
Make a Comment

More blogs about technology,
software, and Windows.


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Is Your Approach to VMware Server Recovery Outdated?
Is your data protected from server failure? Download this white paper to find the best way to back up, recover, and restore your VMware ESX Server 3.x.

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

GoGrid Offers FREE Trial for Windows Cloud Servers
Deploy Windows Server 2003 and 2008 with free load balancing through GoGrid’s award winning web-based GUI – all in less than 5 minutes

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What?
This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Don't Miss 3 Introductory PowerShell Lessons!
Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

What Would You Do If You Ran Microsoft?
ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.

Maximize Your SharePoint Investment
This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.

Rock Your Knowledge, and Compete with Friends and Colleagues!
Are you the Web Application Performance Guru in your office? It's time to have fun! Download now to access the crossword puzzle. Challenge yourself and complete this fun activity!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing