[isapros] applying changes takes ages
- From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Tue, 4 Sep 2007 20:27:47 +1000
Hey gang got an issue here I'm trying to work through.
I have an isa 2006 std box running in firewall mode that takes an exorbitant
amount of time to apply any changes. Like I'm talking 5-10 minutes.
A little background:
It's a basic win2k3 sp2 install with around 20 rules (least privilege), a
few published services like smtp,web, owa, VPN clients (pptp). I read about
an issue on multi core processors but this is pure single core. I also read
about when a number of web servers are published with multiple link
translations it can take time, but we aren't using any link translation atm.
The server seems to go CPU bound in a big way when I apply any rule or
config changes, sits around 100%. Incidentally there are no simultaneous or
subsequent ISA alters nor are there any system or app log events fired.
I'm not sure what's pinning the CPU, the task manager doesn't give me any
real heads up on anything, the box at load is sitting around 300-500mb ram
free, we've recently added a new disk for logging but in this case I've even
turned off logging for the time being to try and get to the bottom of the
performance. My gut feeling was that there was a bad rule or something in
the ruleset but I've reviewed these and they seem to be OK. I have run an
ISABPA and didn't find anything more than the usual you are using strict
rpc, and a few other red herrings. I haven't as yet ran a sniff whilst the
changes are being applied but I would have assumed that would be somewhat
fruitless anyway.
Can anyone shed any more light or give me any pov's.
Thanks
Greg
Other related posts:
