inetinfo.exe hogging CPU

SBS 2003 premium / Exchange 2003


The process inetinfo.exe is using 68% of CPU resources and has ground server
to halt.

I have gone thrugh the steps to make sure the server is not a Open Relay and
it does not appear to be - but has the symptoms of an open relay.

We have applied all the reqirements in

Article ID : 324958


How to block open SMTP relaying and clean up Exchange Server SMTP queues in
Windows Small Business Server

Is there any other possibilities that it could be - ISA or something ??

Pat

 

what other apps are running on your server? the culprit could be any number
of things, but I doubt that it's because your an open relay.

 

Other Apps:

IIS 6.O with companyweb and DefaultWeb running, Sharepoint Central,
Sharepoint Admin and Symantec for exchange on port 81

SQL is installed and as far as I know is running in the background for SBS
Monitoring and SBS Sharepoint

Exchange 2003 which gets mail in by POP connector and sends mail out by SMTP

no other software on the server except retrospect backup connected to a tape
loader backup.

Pat

 

Hello Pat,

Thank you for posting to the SBS Newsgroup.

I understand that you find the process inetinfo.exe consumes lots of CPU
time and memory, and you would like to know how to resolve it and whether
there are any other possibilities that can cause the issue.

First of all, I would like to know if your SBS 2003 server works well
despite of this problem.

Inetinfo.exe is the IIS Admin Service which hosts several Exchange
services. My experience is probably your computer is the target of a
reverse non-delivery report (NDR) attack.

I do not know whether you have tested the messages in the Exchange queues
are NDR messages or not. I suggest that you test it, if yes, you need to
configure recipient filtering in Exchange Server 2003, and clean up the
Exchange queues. For the detailed steps to resolve this issue, please
follow the steps in the KB article:

886208 Exchange queues fill with many non-delivery reports from the
postmaster
http://support.microsoft.com/?id=886208

Also antivirus software may also cause this issue. Make sure the following
folders and files are excluded from be scanned by the antivirus software:

-Exchange databases and log files

-Exchange .mta files (default location: \Exchsrvr\Mtadata)

-Exchange message tracking log files (default location:
\Exchsrvr\Server_Name.log)

-Virtual server folders (default location: \Exchsrvr\Mailroot)

-Site Replication Service (SRS) files (default location: \Exchsrvr\Srsdata)

-Internet Information Service (IIS) system files (default location:
\%SystemRoot%\System32\Inetsrv)

-Internet Mail Connector files (default location: \Exchsrvr\IMCData)

-The working folder that is used to store streaming temporary files that
are used for message conversion. By default, this working folder is located
at \Exchsrvr\MDBData.

-A temporary folder that is used in conjunction with offline maintenance
utilities such as Eseutil.exe. By default, this folder is the location that
you run the .exe files from, but you can configure this when you run the
utility.

-DC's sysvol folder and all its subfolders (C:\Windows\Sysvol)

Also we can disable the antivirus services for a test.

Hope this information helps. I am looking forward to hearing from you.

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

Brandy,

Thanks for the direction and here are my results of your suggestions

Performance is fine but I am getting some strange 'permission' based errors
like not allowed to install some upgrades and service packs because of
insufficient permissions,

I am not getting a NDR attack

I updated the files to exclude from the AVS and it has not made a
difference.

I disabled Symantec AVS and still not luck

 

Hello Pat,

Thank you for posting back.

Due to lack of error information for researching, I would suggest that
please go to event log and paste all the relate error information to me.
Also, please follow the steps below:

1. Open the Microsoft Internet Information Services management console.

2. Navigate to the Default Web Site and right-click on it.

3. Select Properties.

4. On the Home Directory tab, click the Configuration button.

5. On the App Mappings tab, click to enable the checkbox for "Cache ISAPI
Applications".

6. Restart the IIS service.

I think the KB article below maybe will help:

292010 High Memory Consumption by SMTP Message Screener Under Stress
http://support.microsoft.com/?id=292010

Thanks for your time, I am looking forward to hearing from you soon.

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

Thanks for help

Turns out it was Symantec AVS after all - I uninstalled it and get Trend
Micro instead - uses a lot less resources

 

Hello Pat,

Thank you for posting back. I am glad to hear your problem has being
resolved. If you need any assistance in the future, please do not hesitate
to post back.

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.