inetinfo.exe hogging CPU

Discussion in 'Windows Small Business Server' started by Pat Coleman, Mar 29, 2005.

  1. Pat Coleman

    Pat Coleman Guest

    SBS 2003 premium / Exchange 2003


    The process inetinfo.exe is using 68% of CPU resources and has ground server
    to halt.

    I have gone thrugh the steps to make sure the server is not a Open Relay and
    it does not appear to be - but has the symptoms of an open relay.

    We have applied all the reqirements in

    Article ID : 324958


    How to block open SMTP relaying and clean up Exchange Server SMTP queues in
    Windows Small Business Server

    Is there any other possibilities that it could be - ISA or something ??

    Pat
     
    Pat Coleman, Mar 29, 2005
    #1
    1. Advertisements

  2. what other apps are running on your server? the culprit could be any number
    of things, but I doubt that it's because your an open relay.
     
    Kevin Weilbacher [SBS-MVP], Mar 29, 2005
    #2
    1. Advertisements

  3. Pat Coleman

    Pat Coleman Guest

    Other Apps:

    IIS 6.O with companyweb and DefaultWeb running, Sharepoint Central,
    Sharepoint Admin and Symantec for exchange on port 81

    SQL is installed and as far as I know is running in the background for SBS
    Monitoring and SBS Sharepoint

    Exchange 2003 which gets mail in by POP connector and sends mail out by SMTP

    no other software on the server except retrospect backup connected to a tape
    loader backup.

    Pat




     
    Pat Coleman, Mar 30, 2005
    #3
  4. Hello Pat,

    Thank you for posting to the SBS Newsgroup.

    I understand that you find the process inetinfo.exe consumes lots of CPU
    time and memory, and you would like to know how to resolve it and whether
    there are any other possibilities that can cause the issue.

    First of all, I would like to know if your SBS 2003 server works well
    despite of this problem.

    Inetinfo.exe is the IIS Admin Service which hosts several Exchange
    services. My experience is probably your computer is the target of a
    reverse non-delivery report (NDR) attack.

    I do not know whether you have tested the messages in the Exchange queues
    are NDR messages or not. I suggest that you test it, if yes, you need to
    configure recipient filtering in Exchange Server 2003, and clean up the
    Exchange queues. For the detailed steps to resolve this issue, please
    follow the steps in the KB article:

    886208 Exchange queues fill with many non-delivery reports from the
    postmaster
    http://support.microsoft.com/?id=886208

    Also antivirus software may also cause this issue. Make sure the following
    folders and files are excluded from be scanned by the antivirus software:

    -Exchange databases and log files

    -Exchange .mta files (default location: \Exchsrvr\Mtadata)

    -Exchange message tracking log files (default location:
    \Exchsrvr\Server_Name.log)

    -Virtual server folders (default location: \Exchsrvr\Mailroot)

    -Site Replication Service (SRS) files (default location: \Exchsrvr\Srsdata)

    -Internet Information Service (IIS) system files (default location:
    \%SystemRoot%\System32\Inetsrv)

    -Internet Mail Connector files (default location: \Exchsrvr\IMCData)

    -The working folder that is used to store streaming temporary files that
    are used for message conversion. By default, this working folder is located
    at \Exchsrvr\MDBData.

    -A temporary folder that is used in conjunction with offline maintenance
    utilities such as Eseutil.exe. By default, this folder is the location that
    you run the .exe files from, but you can configure this when you run the
    utility.

    -DC's sysvol folder and all its subfolders (C:\Windows\Sysvol)

    Also we can disable the antivirus services for a test.

    Hope this information helps. I am looking forward to hearing from you.

    Best regards,

    Brandy Nee

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Brandy Nee [MSFT], Mar 30, 2005
    #4
  5. Pat Coleman

    Pat Coleman Guest

    Brandy,

    Thanks for the direction and here are my results of your suggestions
    Performance is fine but I am getting some strange 'permission' based errors
    like not allowed to install some upgrades and service packs because of
    insufficient permissions,

    I am not getting a NDR attack



    I updated the files to exclude from the AVS and it has not made a
    difference.

    I disabled Symantec AVS and still not luck
     
    Pat Coleman, Mar 30, 2005
    #5
  6. Hello Pat,

    Thank you for posting back.

    Due to lack of error information for researching, I would suggest that
    please go to event log and paste all the relate error information to me.
    Also, please follow the steps below:

    1. Open the Microsoft Internet Information Services management console.

    2. Navigate to the Default Web Site and right-click on it.

    3. Select Properties.

    4. On the Home Directory tab, click the Configuration button.

    5. On the App Mappings tab, click to enable the checkbox for "Cache ISAPI
    Applications".

    6. Restart the IIS service.

    I think the KB article below maybe will help:

    292010 High Memory Consumption by SMTP Message Screener Under Stress
    http://support.microsoft.com/?id=292010

    Thanks for your time, I am looking forward to hearing from you soon.

    Best regards,

    Brandy Nee

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Brandy Nee [MSFT], Mar 31, 2005
    #6
  7. Pat Coleman

    Pat Coleman Guest

    Thanks for help

    Turns out it was Symantec AVS after all - I uninstalled it and get Trend
    Micro instead - uses a lot less resources
     
    Pat Coleman, Apr 15, 2005
    #7
  8. Hello Pat,

    Thank you for posting back. I am glad to hear your problem has being
    resolved. If you need any assistance in the future, please do not hesitate
    to post back.

    Best regards,

    Brandy Nee

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Brandy Nee [MSFT], Apr 18, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.