RE: ISA Server Slowdowns...

  • From: "Ball, Dan" <DBall@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 7 Feb 2005 15:13:22 -0500

Problem was with ALL websites... Server would be sitting at 5-10%
utilization, but nothing would come through.  It would take 3-4 minutes
to load a single page, if it loaded at all. Sometimes, it would get so
bad that the Firewall Client would not even be able to detect the ISA
server.  I've heard other people talk about this issue, so I know I'm
not alone.

 

Yes, SurfControl is installed on that server, but with everything
sitting more-or-less idle, it doesn't look like that was the root cause.

 

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Monday, February 07, 2005 12:52
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] ISA Server Slowdowns...

 

I'll bet your problem domain was www.camcast.net, wasn't it?

I'll also bet you have Surf Control installed on the ISA?

 

________________________________

From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Mon 2/7/2005 7:20 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server Slowdowns...

http://www.ISAserver.org

For those of you who have experienced the massive slowdowns that ISA2004
has occasionally, I just recently closed out a case with Microsoft about
this.  Our problem was most likely due to having multiple DNS settings,
once I removed all entries but the ones to our internal DNS server, we
haven't experienced a massive slowdown since.

 

Here are some of the major causes, as listed by the ISA
Development/Testing crew:

----------

1 - DNS lookup failures.  The longer it takes ISA to resolve a name, or
if a lookup fails, the longer it takes to allow / deny the request

2 - Plug-in behavior - if (as in the case of SurfControl), it adds a LOT
of domains / content validation points, this can slow ISA to a crawl

3 - ISA policies.  The more rules you create and the more complex the
rule criteria, the longer it takes for ISA to evaluate them.  Generally,
you should use as few rules as possible and arrange them thus:

- Anonymous Deny

- Anonymous Allow

- Authenticated Deny

- Authenticated Allow

---------- 

Just thought I'd pass this on in case it helps anyone else...

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: