Veritas 9.0 causing high levels of traffic on my network

[lewa8978]

Just purchased 9.0 (servers, Exchange and SQL). I have four 2000 servers I need to backup up: a file server, an Exchange server 2000, a SQL 7.0 server, and a Web server. After installing the software, I was getting so much traffic on my network that it was bringing it down. I turned off the backup server, and everything was fine. Every time I started to run a backup the whole network went down. Here's how I installed the software:

file server: has the remote client
SQL server: has the remote client only
Web server: has the remote client only
Exchange server: is the media server, has the SQL and Exchange pieces on it.

I thought about putting the SQL piece on the SQL server, but the documentation said it didn't matter if you have it locally or not, and I didn't want to have to reboot that server (it's in use almost 24x6).

I also setup the SMTP notification, but while I've sent out test messages, I've never received one. I saw the document on the Veritas Web site about w32.sqlexp.worm, but have ruled that out as a culprit.

Could my problem be one of the following:

1. the SMTP notifications (I've seen postings asking about reducing these).

2. Antivirus software (NAV CE 7.6), which is running on all of the servers.

3. Something else I haven't thought of.

I removed the Veritas software this morning when I came in and the network was down yet again. I haven't had a problem since. I have to get this software loaded and working - I had to just about beg to get it purchased in the first place. Any ideas would be greatly appreciated.

 

[peter405]

Need a little bit more information on the problem than "the whole network went down". What precisely went down? Servers, desktops, a hub/switch? Sounds to me like a network/bandwidth issue rather than a "veritas" issue.

 

[lewa8978]

I was trying to keep it short, which I failed to do. Here's more info:

When we first experienced problems, I thought it was our Cisco router, because we just lost Internet connectivity. No problem. But then I found I couldn't ping the inside address of the router, which wouldn't be the problem of ISP, so then I thought maybe our router was bad. Couldn't ping the router, couldn't telnet into it, no oustide access, but all inside access was OK but slow. I reset the router, and while the router was off, the network went bezerk. I started losing servers (no ping, no connection, nothing). I couldn't even ping my cisco switch. I turned the router back on, and everything on the inside of the network came back. Even when the network was up, I was losing packets left and right, everything was running really slow, etc., especially when looking at my Exchange server. I turned the server off, and the whole network was back to normal - inside and outside connectivity, no lost packets, life was great, except for the fact that now we had no e-mail. I am absolutely the only person who touches the servers, so I can say for sure that the only thing that has changed on any of them this week is the installation of the backup software, so I started there. I tried running a backup job - the same thing happened. My router disappeared, everything was running very slowly. I stopped the job, reset the server, and it was OK. I removed the software and haven't had even a hint of trouble since.

 

[bytehd]

USe NETMON or similar to sniff packets.
IF 9 is polling....

 

[blindsteve]

lewa:

How did you rule out the worm as the problem? the symptoms you are describing sure sound like it...

 

[Fuubar]

I second the opinion of BlindSteve; you really need to investigate the SQL Slammer Worm thoroughly. I also urge you to take bytehd's advice as well. You are really going blind on this one if you are not running packet sniffing software in conjunction with a network monitor app to find out what the problem's source is.

Backup Exec 9 installs MSDE which is also susceptible to the worm. Your servers may have the worm resident and need to be cleaned. You need to immediately patch the BE 9 server after install.

This is how BE 9 works: it uses the NDMP protocol on the network and both the BE srvr and the remote agent on the remote server listen on port 10000. You can change the ports they listen on. During an actual backup job, there will be two connections made, each one going to and from the BE server and remote. If you run Netmon like I did, you will see the connections made and on what ports. You will also notice that about a minute after the backup completes, the connections are dropped. The rest of the time, they are just listening on the network. That's it. If after 60 seconds, there is no activity on one of the connections made between BE server and remote....the connection is dropped.

I really think MSDE and the Slammer Worm is your problem.