Windows File Server very slow after Windows Server Patch for WannaCry (SMB).



  • Hello All,

    After hearing about WannaCry, we have started to check each pc if patch for WannaCry is installed or not, if not install it.

    In this process, we have made Windows Updates to Windows Server 2012 R2 and did restart to server in busy hours itself to make sure server is patched properly.

    And after making updates, following are the patches are applied, which includes patch for SMB vulnerability :0_1495091222646_windows updates server.JPG

    And at the same day I had setup WSUS on same server to make Updates centrally.

    Problem :
    After doing this process, the File Server performance went down. Even the Backup took too long for small size of backup from Server.

    Today, the same thing with File Server performance (very slow) and backup totally failed (we are pushing backups from Server with EaseUS Todo Backup Server to NAS-Shared Folder) and even not able to access shared folder on NAS from Server, while I can access from other computers to NAS Shared folders.

    Note:
    We have thread on SW (https://community.spiceworks.com/topic/1995507-smb-very-slow-after-running-windows-update?page=2#entry-6903666) for same and I am posting and following up there also to get some solution while protecting server.

    I understand the problem is with SMB (may be with specific version, v1?). What I am thinking of is, removing the patch and do some workaround to fix the vulnerability, if the patch is making File Server slow ?

    Appreciate your suggestions !!



  • Few thoughts of Other IT pros:

    1. While this patch was released in March 2017, and there were no complaints earlier. But as you can see from above SW thread, there are so many IT Pros have complaint about slowness...
    2. Maybe Backup software trying to use SMB v1, for which patch fixes, blah blah...

  • Service Provider

    Does that backup software allow you to select NFS shares instead of SMB shares? That might be a workaround.



  • I'd try to apply the patch if possible, but you can also block port 445.



  • You can also disable SMBv1 completely in Group Policy. You shouldn't have any applications dependent on it, and if you do it is time to look for new vendors.

    https://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy/



  • I found issue to be with WSUS in my case. I have installed Windows Updates (SMB patch included) and WSUS on Windows Server 2012 R2 on same day, so I was not clear which one creating an issue, 1. Patch or 2. WSUS. And I was already seeing the SQL stuff Comsuming the maximum resources and Memory usage was some 80% which was not usual, so we uninstalled the WSUS as it's not very important for us, and Memory usage went down to 20%. File Server performance back to normal (good speed).



  • @mobeen Why is your file server and WSUS server on the same platform?



  • @DustinB3403 said in Windows File Server very slow after Windows Server Patch for WannaCry (SMB).:

    @mobeen Why is your file server and WSUS server on the same platform?

    We were not using WSUS. After realizing about WannaCry we just planned to push the updates from Server to make sure all computers are patched, so setup WSUS on File Server itself.

    I was not aware that WSUS will require good enough resources and as you said I was not sure if File Server and WSUS not should be on same server ?



  • @mobeen I like to separate my server roles whenever possible. WSUS doesn't require a ton of power to operate, a file server on the other hand may (depending on the usage) but generally doesn't either.

    If I had the choice with it, I would've just stood up a separate server just for WSUS.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.