Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

inetinfo.exe AND Lsass.exe saturating CPU

Status
Not open for further replies.
tmcmahon33

tmcmahon33

MIS
May 22, 2001
15
US
Can someone help me identify why this is happening?

Also, How do I determine if I'm running Post SP3 for MS Exchange 2k?

When I view my Exchange console I see:
Server Version 6.0 (Build 6249.4: Service Pack 3
Modified 2/26/2004 12:50AM

OS:
W2k w/SP4
 
Sort by date Sort by votes
This is an attack that should be protected against if you have SP4 for win2k server.

This is a DOD against exchange server. if your exchange server is directly connected to the internet without a firewall the you deserve to have this happen to you.

The Solution :
1) Stop all the services. (The processor returns to normal levels.)
2) Restart the services.

after installing sp4 you should do this from the affected server to test the fix.
telnet to port 127.0.0.1 1031.....you will get a Connection failed message.

if it asks for a logon you will still be vulnerable.


Doomhamur
Network Engineer
"Certifications? we dont need no stinking certifiaction."
yahoo IM handle: greater_vortex
 
Upvote 0 Downvote
Setup overview for my EMAIL:
I am running Webshield 4.5 MR1A w/hot fix 8 SMTP gateway for MS Exchange which runs in my DMZ.

It hands the mail to my MS Exchange Server 2000 Server w/SP3 on the inside of the protected network.
Windows 2k w/SP4

How do I determine if I am running Post SP3 for exchange?
 
Upvote 0 Downvote
the inetinfo problem has nothing to do with exchange.

make sure all windows security updates are installed the follow the 2 step procedure i listed.

If that does not work, let me know.

Thanks

Doomhamur
Network Engineer
"Certifications? we dont need no stinking certifiaction."
yahoo IM handle: greater_vortex
 
Upvote 0 Downvote
SP4 for Windows was already installed.

I restarted the server tonight and performed the telnet step above. It denies the connection when I try to telnet.
The cpu does drop temporarily.

Where do I go from here?

I am seeing at least 100k spam mails within the past 48 + hours. My system is getting bombarded. It does seem that we are getting more spam than ever.

Since my reboot the CPU has spiked 8 times in the past 10 hours and I have seen 618 emails come in to the gateway.

Please advise my next steps...
 
Upvote 0 Downvote
Well, inetinfo has a lot to do with exchange. It's where the categorizer and smtp transport lives. Lots of times, an issue with a corrupted inbound message can cause spikes in inetinfo. The same for a leaky smtp transport event sink. I can't think of an anti-virus vendor that has not had this issue at one point or another. Try downloading ADplus and take a dump of the inetinfo process. You'll be able to walk through the thread and see what's up.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
1K
garysm
garysm
ComputersUnlimited
  • Locked
  • Question
Exchange 2010 and Office 365
Replies
0
Views
76
ComputersUnlimited
ComputersUnlimited
CorbinMyMan
  • Locked
  • Question
Lost public folders on production server. Still have db and backups. Best way to restore?
Replies
3
Views
106
CorbinMyMan
CorbinMyMan
martinhoff
  • Locked
  • Question
Need opinion to Decommission Exchange 2007 and move on 2016
Replies
0
Views
80
martinhoff
martinhoff

Part and Inventory Search

Sponsor

Back
Top