Vidéos d'aide de Screencast

Exchange Server Hanging

Created: 29 Janv. 2013 • Updated: 11 Fév. 2013 | 9 comments
Ce problème a été résolu. Voir la solution.

Hi All,

Good Day.

We are using Sep 12.1 RU1 MP1, Recently we have installed on Exchange 2010 and now we have noticed that Exchange server is Hanging because High utilization, and we have lookup the same case with Microsoft and they have guided " idsvia64.sys" is causing the issue ? (Got it from Memory Dump analysis)

We have installed following components on Exchange server and given recommended Exclusions as well

1. Virus, spyware and Basic download protection

  • Advance download protection

2. PTP

  • SONAR and ADC

3. NTP

  • Intrusion Prevention

I need to confirm that  " idsvia64.sys" is the part of which component  on Protection ?

Regards

Ajin

Commentaires CommentairesAccéder au dernier commentaire

l'image des Ajit Jha

Hi Ajin,

The IPS engine introduces cumulative CPU and network latency based on the number of TCP streams open. This is most noticeable on high bandwidth servers with a high sustained rate of TCP/UDP streams. The more TCP/UDP streams, the more IDS engine memory usage and CPU processing time will affect the performance of the network connection(s). Utilizing IPS is not recommended on servers consuming more than 35% average CPU load, or processing more than 300 Mbps of sustained TCP/UDP bandwidth. Doing so can result in lowered service response times, outages, and OS failures.

Please note: in SEP 12.1 and later versions, IPS kernel driver (idsxpx86.sys for 32-bit and idsvia64.sys for 64-bit systems) is installed and running with Advanced Download Protection feature (aka Download Insight).

For more information:

http://www.symantec.com/business/support/index?pag...

Regard's

Ajit Jha

Technical Consultant

ASC & STS

l'image des Mithun Sanghavi

Hello,

In SEP 12.1 and later versions, IPS kernel driver (idsxpx86.sys for 32-bit and idsvia64.sys for 64-bit systems) is installed and running with Advanced Download Protection feature (aka Download Insight).

In your case, I would request you to check these Articles below:

Best Practices for employing Intrusion Prevention System (IPS) to high-availability/high bandwidth servers.

http://www.symantec.com/docs/TECH162135

Windows Server 2008 x64 Crashes with Symantec Endpoint Protection 12.1 client installed with DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

http://www.symantec.com/docs/TECH199657

Secondly, 

I would request you to uninstall SEP 12.1 RU1 MP1 and then reinstall SEP 12.1 RU2 on it.

By reinstalling the SEP 12.1, it would then create exceptions for Exchange 2010 which may help eventually.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
l'image des SebastianZ

Have a look at further recommendations for installing SEP on windows server systems:

http://www.symantec.com/business/support/index?pag...

...and about the automatic exclusions of SEP on Exchange 2010 machine:

http://www.symantec.com/docs/TECH102400

l'image des Brɨan

First thing I would do is remove all components except AV. See what the result is.

Also, make sure you have the necessary exclusions in place for Excahnge.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Ashish-Sharma

HI,

I agree above comments.

What happend when you have stop sep service?

If you have install exchange different drive automatic exclusions not work you can add manually.

Thanks In Advance

Ashish Sharma

l'image des AjinBabu

Thank u all for inputs,

We will remove IPS module from Exchange servers, will post the result by the end of tomorrow since the issue is occurring on Peak working hours.
Once again Thanks

Best Regards
Ajin

l'image des Ajit Jha

Yes, we all want to see the result, as its know issue, but still.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

l'image des AjinBabu

Hi All,

Thanks for all Help.

We have run our exchange server with only AV and spyware component and it is working perfectly for the past 7 days :)

Regards

Ajin