I have an issue with my Symantec ScanEngine for some time, and I’d be glad if any one could shed some light on this..
Our vscanner server was re-installed a few weeks ago, it was a 2003 windows server on a 4GB RAM and 2 dual-core processors server. I installed Windows 2008 R2 on it instead, after some problems we had with the old OS.
I installed ScanEngine 5.2.11 on the server and I tried to combine all of the best practices I could find.
The thing is every time I turn the vscanner on, we suffer from a pretty bad performance problem.
If the connectivity to the filer is perfect without the vscan ( </= 1 ms pings). When the vscanner is running I see peaks every 10-20 replies and after a few-minutes the pings go up to 200 ms and stay there for about 20 replies, that’s when the filer is almost un-responsive and I turn the scanning off.
The server has a 1Gb nic and it’s the same connection as in the original server..
I tried to lower the settings in the vscanner in order to see if it improves the performance but it’s no good.. these are the main settings I applied:
Memory usage – 512 MB (the process won’t go over 100-120 MB)
Maximum file size – 20 MB
Scanning threads - 128
Container extract depth – 5
In the NetApp side, the settings were to the default – 10/10000 seconds for timeout and abort_timeout.
I tried to lower the abort_timeout to 60, and the timeout setting in the vscanner server to 40 seconds (2/3 like in symantec’s best practices guide)
I also turned the SMB 2.0 option in the NetApp on.
In the OS TCP stack settings, everything is enabled. The only setting I left disabled is Network access: Let Everyone permissions apply to anonymous users, because it is set by a GPO..
I except errors to the filer’s console about scans that failed every few minutes.
In the vscanner side, the last time I tried turning the scanning on (after work hours), I saw in the monitoring that requests are around 2 per second.. and the ping issue still accured.
Another strange behavior I encountered is that although the speed of the Broadcom nic is 1Gb, when the pings start going bad, the network monitoring in the task manager won’t go over about 10%.. I checked the speed of the card with the network team, and the settings are the same. I upgraded the nic driver as well and it didn’t help much.. I don’t have an option to see the nic speed or change it in the interface..
The NetApp filer is storing home directories, profiles and shares so it is pretty busy during the day..
I’d be really glad if anyone has an idea to why this is happening or what should I try doing..