SBS 2008 Using Excessive Bandwidth
|
Prev: Remote Desktop Help Urgently Needed-SBS 2003
Next: "SBS & EBS Users" group name change on LinkedIn
From: Poodle on 25 Mar 2010 04:55 Hi guys I have SBS2008 Standard Edition. Recently, its been consuming excessive bandwidth. According to my UTM logs, the server uses around 120MB evey hour of the day, resulting in abt 1.6GB data usage daily. This has meant that our 5GB cap doesnt last at all. I have reconfigured WSUS to get the bare minimum updates, updates only esential to the busines and also configured WSUS to sync manually. This doesnt seem to have solved the problem. I ran a full system scan using NOD32 antivirus and it found nothing. Forefront updates are also now disabled, but to no resolve. Any ideas guys? -- Poodle
From: Jim Behning SBS MVP on 25 Mar 2010 08:43 What does the UTM report for workstation usage? I like running Wireshark on a problem machine to see what traffic is happening. Doesn't your UTM show what the high traffic sites are? Or does it have a real time log you can watch? Do not trust that just one scan system will catch a bug. Run Superantispyware, Malwarebytes and something else to see what other scanners see. Back to Wireshark.Use it and also run the SBS best practices analyzer. I wonder if your machine might be spamming or an open relay. Open relay takes so skill to make happen though but a rough smtp engine might happen. On Thu, 25 Mar 2010 01:55:01 -0700, Poodle <Poodle(a)discussions.microsoft.com> wrote: >Hi guys > >I have SBS2008 Standard Edition. Recently, its been consuming excessive >bandwidth. According to my UTM logs, the server uses around 120MB evey hour >of the day, resulting in abt 1.6GB data usage daily. This has meant that our >5GB cap doesnt last at all. I have reconfigured WSUS to get the bare minimum >updates, updates only esential to the busines and also configured WSUS to >sync manually. This doesnt seem to have solved the problem. I ran a full >system scan using NOD32 antivirus and it found nothing. Forefront updates are >also now disabled, but to no resolve. > >Any ideas guys? See what SBS support is working on http://blogs.technet.com/sbs/default.aspx Check your SBS with the SBS Best Practices Analyzer http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
From: Chris Puckett [MSFT] on 25 Mar 2010 12:11 I've seen this from the Forefront updates. There's a scheduled task to check for updates every hour. Keep an eye on it after disabling those. (I'm not sure how you disabled the Forefront updates). You can also double check the Forefront log file to see what it is doing: C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\Data\ProgramLog.txt. -- Chris Puckett This posting is provided "AS IS" with no warranties, and confers no rights. "Jim Behning SBS MVP" <jimbehning(a)doesthisblockpork.mindspring.com> wrote in message news:r8mmq5dv4tburnk6f72kqh5uf90bu1ec4h(a)4ax.com... > What does the UTM report for workstation usage? I like running > Wireshark on a problem machine to see what traffic is happening. > Doesn't your UTM show what the high traffic sites are? Or does it have > a real time log you can watch? > > Do not trust that just one scan system will catch a bug. Run > Superantispyware, Malwarebytes and something else to see what other > scanners see. > > Back to Wireshark.Use it and also run the SBS best practices analyzer. > > I wonder if your machine might be spamming or an open relay. Open > relay takes so skill to make happen though but a rough smtp engine > might happen. > > On Thu, 25 Mar 2010 01:55:01 -0700, Poodle > <Poodle(a)discussions.microsoft.com> wrote: > >>Hi guys >> >>I have SBS2008 Standard Edition. Recently, its been consuming excessive >>bandwidth. According to my UTM logs, the server uses around 120MB evey >>hour >>of the day, resulting in abt 1.6GB data usage daily. This has meant that >>our >>5GB cap doesnt last at all. I have reconfigured WSUS to get the bare >>minimum >>updates, updates only esential to the busines and also configured WSUS to >>sync manually. This doesnt seem to have solved the problem. I ran a full >>system scan using NOD32 antivirus and it found nothing. Forefront updates >>are >>also now disabled, but to no resolve. >> >>Any ideas guys? > See what SBS support is working on > http://blogs.technet.com/sbs/default.aspx > Check your SBS with the SBS Best Practices Analyzer > http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
From: Poodle on 25 Mar 2010 12:59 Im using a SonicWall UTM with Viewpoint and that gives me a real time log. The log shows high volume to the Forefront site, but the number of hits to that site, compared to the total hits the server makes per day do not match. The hits to Forefront are way lower. In essence, there is a site (s) that is not accounted for in the logs and that is where all the bandwidth is goin to. I disabled the automatic update on the Forefront console, even WSUS is set to manual sync, but it would seem this has not solved my problem. I will run the spyware tools you've recomended and see. Thanks. -- Poodle "Jim Behning SBS MVP" wrote: > What does the UTM report for workstation usage? I like running > Wireshark on a problem machine to see what traffic is happening. > Doesn't your UTM show what the high traffic sites are? Or does it have > a real time log you can watch? > > Do not trust that just one scan system will catch a bug. Run > Superantispyware, Malwarebytes and something else to see what other > scanners see. > > Back to Wireshark.Use it and also run the SBS best practices analyzer. > > I wonder if your machine might be spamming or an open relay. Open > relay takes so skill to make happen though but a rough smtp engine > might happen. > > On Thu, 25 Mar 2010 01:55:01 -0700, Poodle > <Poodle(a)discussions.microsoft.com> wrote: > > >Hi guys > > > >I have SBS2008 Standard Edition. Recently, its been consuming excessive > >bandwidth. According to my UTM logs, the server uses around 120MB evey hour > >of the day, resulting in abt 1.6GB data usage daily. This has meant that our > >5GB cap doesnt last at all. I have reconfigured WSUS to get the bare minimum > >updates, updates only esential to the busines and also configured WSUS to > >sync manually. This doesnt seem to have solved the problem. I ran a full > >system scan using NOD32 antivirus and it found nothing. Forefront updates are > >also now disabled, but to no resolve. > > > >Any ideas guys? > See what SBS support is working on > http://blogs.technet.com/sbs/default.aspx > Check your SBS with the SBS Best Practices Analyzer > http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx > . >
From: Leythos on 25 Mar 2010 14:46 In article <AB171F4A-C65A-43B0-9FDB-B7717E5678C6(a)microsoft.com>, Poodle(a)discussions.microsoft.com says... > > Hi guys > > I have SBS2008 Standard Edition. Recently, its been consuming excessive > bandwidth. According to my UTM logs, the server uses around 120MB evey hour > of the day, resulting in abt 1.6GB data usage daily. This has meant that our > 5GB cap doesnt last at all. I have reconfigured WSUS to get the bare minimum > updates, updates only esential to the busines and also configured WSUS to > sync manually. This doesnt seem to have solved the problem. I ran a full > system scan using NOD32 antivirus and it found nothing. Forefront updates are > also now disabled, but to no resolve. > > Any ideas guys? Why not look at the real-time display to see what IP's are using what ports? If you are using XTM software you can also see the data rates in the viewer. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
|
Next
|
Last
Pages: 1 2 Prev: Remote Desktop Help Urgently Needed-SBS 2003 Next: "SBS & EBS Users" group name change on LinkedIn |