- May 4, 2018
- 54
- 0
- 4,540
Last week I updated the operating system on our server running windows server essentials 2016. After the update we noticed our network became significantly slower, navigating through folders on our file server became painfully slow and any programs that rely on connections to the server are borderline unusable. Using wireshark I found the server is flooding both it's connections (one connection is just to a NAS used for backups, the other is the network) with queries to the server this one was built to replace. It seems that it sends the packets out in bursts, two packets are "Type A, Class IN" followed immediately by two packets "Type AAAA, Class IN". All the queries are directed to the address/name of our old test server we only used to test software before building our current server, there was only a short, couple week period, back in 2018 where both servers would have been up and running and I can't think of anything I set up that would be generating these queries.
System Information:
Build 2018
Running Windows Server 2016 Essentials
Xeon E3-1230 V5
32GB RAM
The server's primary use is as our solidworks PDM and application server.
How do I go about determining what process is generating these and stop it, should I simply create a firewall rule to block sending packets to these addresses?
System Information:
Build 2018
Running Windows Server 2016 Essentials
Xeon E3-1230 V5
32GB RAM
The server's primary use is as our solidworks PDM and application server.
How do I go about determining what process is generating these and stop it, should I simply create a firewall rule to block sending packets to these addresses?
Facebook
Twitter
Instagram