Omgili, forum search, forums search, search forums, discussion search,discussions search, search discussions, board search, boards search, search boards
  Advanced Search

Re: Excessive replication traffic

On Mon, 27 Apr 2009 10:24:39 -0400, "Ace Fekay [Microsoft Certified Trainer]" <...@mvps.RemoveThisPart.org
<...@l16g2000pra.googlegroups.com...

If anything is in the Netlogon folder that gets changed, that is if you have
anything in there, that will trigger a full replication. My concern is that
you *may* (just guessing at this point) a piece of malware. The Conficker
bug propagates using shares, but the only thing I that comes to mind with a
DC is the Netlogon shared folder that get replicated (besides the AD
database, Sysvol, etc), but it's Read only for domain users, so I don't
think that's a factor.

I assume that your AV is up to date, but just to get a second opinion, run a
tool called Malwarebytes (www.malwarebytes.com) and see what comes up.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
acem...@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker



On Mon, 27 Apr 2009 07:40:12 -0700 (PDT), "mom...@gmail.com" <...@gmail.com
Thanks for your help.

Actually we identified the issue because one of our network guys was
monitoring the traffic over our WAN links and found the DC's between
city A and B the traffic suddenly jumped to a few hundred MBs per day.
We have some tools for monitoring network traffic over WAN and
isolated it down to 2 IPs of the DC's in each city.

I;ve checked all the netlogons and sysvols for any abnormal files and
there's nothing there

On Tue, 28 Apr 2009 08:31:47 +0200, "Florian Frommherz [MVP]" <...@frickelsoft.PLEASELEAVETHISOUT.net
Howdie!

<...@gmail.com
Can those network guys identify what protocols are involved? I mean, it
could be any service you have installed on the DCs (in addition to the DC
role) - so the service that creates that traffic (SMB/fileshare, HTTP, ...)
would be useful for troubleshooting.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

On Wed, 29 Apr 2009 07:14:26 -0700 (PDT), "mom...@gmail.com" <...@gmail.com
Guys thanks for your help, I found the issue. Someone had modified the
Antivirus settings recently the McAfee kept on scanning the AD dbases
causing them to constantly replicate as described in the MS kb.

Many thnak

On Wed, 29 Apr 2009 22:58:37 +0000 (UTC), Meinolf Weber [MVP-DS] <...@gmx.de
Hello momo...@gmail.com,

Thanks for the feedback about your solution.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


On Wed, 29 Apr 2009 19:17:59 -0400, "Ace Fekay [Microsoft Certified Trainer]" <...@mvps.RemoveThisPart.org
<...@c18g2000prh.googlegroups.com...

Glad you found it and posted back with the resolution!

Cheers!

Ace

Discussion Title: Re: Excessive replication traffic
Title Keywords: Excessive  replication  traffic 


Omgili Home Usenet About FAQ Omgili TV Shows Privacy

International Omgili: חיפוש בפורומים | 掲示板検索