Windows IT Pro
Connect With Us
Home > Systems Management > Troubleshooting a Slow-Running Windows Server 2008

Troubleshooting a Slow-Running Windows Server 2008

Sep. 7, 2008 Alan Sugano | Windows IT Pro

We are in the middle of a major upgrade project for a new client. The client has two VMware ESX host servers running a variety of virtual server guests, including two domain controllers (DCs), File Server, Exchange Server 2007, SQL Server 2005, Microsoft Office SharePoint Server (MOSS) 2007 and Terminal Server. All servers are running Windows Server 2008 as the base OS with a mix of x86 and x64.  All the servers were prepped for an initial Exchange cut over last Friday. Earlier in the week, on Tuesday, we completed training on Exchange and SharePoint for the client and the servers ran flawlessly. 

But starting on Wednesday, we noticed that something was seriously wrong with some of the servers. The symptoms included the following:

• On the SharePoint Server, one site was completely inaccessible.
• SharePoint performance on the working sites was very slow.
• On the Exchange Server, the receive connectors did not appear in the Exchange Management Console (EMC).
• On the Exchange Server, the databases took a long time to appear in the EMC, and when they did their status was Unknown .
• Performance on one of the DCs was very slow.
• If you mapped a drive to any share on the slow servers and ran the command dir /s the directory listing paused very half second.  Normally, a directory listing scrolls by so fast that you can’t read it.

Both ESX hosts had 16GB of memory and each had two quad core 3GHz processors in them.  Some of the virtual servers were Ok, but obviously something was very wrong with the Exchange and SharePoint servers and one of the DCs.  The server performance was so slow, it essentially made them unusable. Since we were cutting over to the new Exchange Server on Friday, we had to quickly determine the cause of the problem.  A review of the Event Viewer did not show any possible causes.  The CPU, disk, and network utilization was very low and well within normal parameters. Yet the slowness continued.  Since the servers were running on ESX, we fortunately had an image backup of each of these servers from the prior week.  We decided to restore the Exchange Server image from tape and the server started properly working fast again!  But when we rebooted the server it slowed down again.  We did notice that three updates that were installed on the server went through a configuration process when the server was rebooted.  This led us to believe that the server was slowing down because of one or more of the Server 2008 updates.  The updates that were installed on this server included:

Exchange 2007 SP1 Post Rollup 3.
KB950050
KB955020
KB949189
KB952287
KB941693
KB948590
KB950582
KB950762
KB950974
KB951066
KB953733
KB953838
KB953839
KB947562
KB951072
KB951618
KB951978
KB951698

To narrow down the problem, we removed each patch one at a time (one of them couldn’t be removed) and rebooted the server. Then we tested the server to see if the server started performing fast again. After removing each patch one by one, the server was still unfortunately slow.  On a hunch one of my employees Blandy Allred suggested that we try to remove Symantec Endpoint SR2 MP2 Client.  As soon as he removed it, the server started working fast again! We reinstalled the Symantec Endpoint Client and the server remained fast. After Endpoint was reinstalled, we reapplied all the patches and the server slowed down again!  But we uninstalled and reinstalled Endpoint and the server started working again.  Evidently one or more of the patches conflicts with Symantec Endpoint. If Symantec Endpoint is installed and the patches are applied, the server will slow down.  If the patches are applied and then Symantec Endpoint is installed, the server will remain fast. 

The fix here is a relatively simple one. If you are running Server 2008 with Symantec Endpoint and the server is slow, uninstall and reinstall Symantec Endpoint and the server performance should return to normal.  I’ve notified Symantec of this problem, and I'll keep you informed of any progress that is made on this issue. It took us three days to figure out what the problem was. Fortunately the fix is simple once you know the solution. This issue appears to happen on both x86 and x64 versions of Server 2008. (See also, "Windows Server 2008's Radical Features").

Hopefully this article will prevent you from hitting your head against the wall trying to find the solution!

 

Discuss this Article 21

CJA333
on Mar 3, 2011
It's back....
Server 2008 x64 R2 Enterprise Core just upgraded SEP to 11.0.6200.754 (RU 6a, MP2) and it disabled my machine. The machine is a IBM Blade (HS21) running Hyper-V, 32Gigs of RAM, FC San Fortunately, I success on about 400 other clients, mainly XP, some Win7. I have yet to try more servers, but will definitely proceed with caution.
This was pushed out from the management server.
Good Luck... not the first time for me that SEP has done more harm than good.

asugano@adscon.com
on Oct 27, 2008
Maintenance Release (MR) 3 of Symantec Endpoint Security seems to help the problem. We've had numerous hang ups with file shares on Windows Server 2008 using MR2. Also disabling IPv6 seems to help. We've noticed a significant performance (+80%) increase in backups with Backup Exec by upgrading to MR3 and disabling IPv6 support.
asugano@adscon.com
on Aug 3, 2009
With earlier versions of Symantec it seems to be hit or miss and really not tied to any server roles. Some 2008 servers would work OK, while others would stop responding. However with Symantec Endpoint 11 MR4 MP2 all Windows 2008 Servers have been stable. I suggest upgrading ASAP to this version.
michmor2k
on Oct 30, 2008
Cool article!...It would have been great to get a dump of the server while it was slow so we could get a foot print of the problem like what resources were held during the slow down or what processes were spiking the CPU. Great info and thanks for the follow-up.
Roy (not verified)
on Sep 10, 2008
Any response from Symantec?
asugano@adscon.com
on Sep 11, 2008
I spoke with them today (9/11/08) and they're still trying to reproduce the problem. It may have something to do with the managed client and/or activating Network Threat Protection and Proactive Threat Protection. As soon as I hear something I'll post it!
asugano@adscon.com
on May 26, 2009
*** Update. Symantec has just released a new version of Endpoint 11 MR4 MP2 (5/19/09) that is suppose to address the issues with Windows Server 2008. We're in the process of testing it and I will update you results.
Verlyn (not verified)
on Jul 29, 2009
I hit the very same problem on a 2008 server and after days of testing variations and ideas I found your article - uninstalled Symantec (version 11.0.4010.19) and the server was fixed. I wish I had found it earlier - it would have saved major headaches and delays- but thank goodness I found it. I had tried disabling Symantec early in my testing but not uninstalling. Still need to reinstall and see what happens. I have wondered - this is the only server I installed the file server role on and the only one that had conflicts with Symantec. Curious about what roles you installed on your servers.
banita.pi83
on Nov 24, 2010
We had a similar problem but with Kaspersky 6 for Windows Server. Even when disabled Windows Server 2008 was struggling when using interface. I've noticed that any new process, task was hogging CPU and slowing down whole session dramatically. Even simple 'tasklist' in from cmd was taking aprox. 5 min! Updates were downloading forever, everything was crippled. After uninstalling Kaspersky it came back to normal, like a breath of fresh air. We will try installing it again and do some tests.

Thanks for this article, it point us in the right direction!
asugano@adscon.com
on Sep 18, 2008
Symantec was able to reproduce the problem when pusing the Client Security Installation package from the Management Server. They're working on a solution. I'll let you know as soon as I know.
asugano@adscon.com
on Jun 11, 2009
Good news! We have tested the latest version of Symantec Endpoint 11 MR4 MP2 (5/19/09) at several clients running Windows Server 2008 and so far so good. Servers have remained stable and appear to be working great!
Brad (not verified)
on Nov 23, 2009
We have the same issue. We just deployed a new Server 2008 file server and installed the latest version of Symantec Endpoint Protection v 11.0.5. We'll try installing 11.0.4202 MR4 MP2 and see if that fixes it.
popoboy
on May 26, 2010
I had exactly this same problem and went through essentially the same steps on two DCs. It was taking literally 30 seconds to get the UAC popup after launching an app. We use Kaspersky AV, but after finding no other explanation for the slowdowns, I tried uninstalling it. Bingo! I had fast servers again. After reinstalling it, the problem did not return.

I had previously ruled out Kaspersky AV as the cause of the problem because I had just disabled it while leaving it installed. This changed nothing. It had to be completely removed to solve the problem. It took me a week to figure this out. I also run the Kaspersky Admin Kit on one of these servers, which I never touched (both servers were slow, so admin kit was not a likely culprit).

Thank you for posting this article!

Please or Register to post comments.

Related Articles
IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• The Microsoft
Technology Roadmap
• Office 365 Implementation
• Hyper-V Optimizing
• Windows 8 Deployment
and much more!

Come See Paul Thurrott & Rod Trent in Person!

Early Registration Now Open

Upcoming Training

Mastering System Center 2012

During over 6 hours of training you can join John Savill from your computer as he will walk you through the key components and capabilities of System Center 2012, what’s involved in using the components, and the benefit they can bring to your environment.

Register Now

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc