I am migrating a server from physical Server 2008 R2 over to a physical, scratch build Server 2019 Standard GUI.
Bottom line up front: EXE files are slow to run or checking the properties of the file when accessed through an UNC path or mapped drive. If it's moved to the workstation or ran locally on the server, it is not. I had all the stuff below typed up before realizing it only affected EXE files. I created a 0 KB text file on the share and opened the properties instantly. Renamed it from TXT to EXE and had a 5-6 second delay opening the properties.
We are running into an issue with a 3rd party application that connects to a Gupta SQL database specifically, but manifests itself with most any EXE file we run from a share path. Even viewing the properties of an EXE file can take 3-5 seconds to pop up on the new server while the old is near instant. PDF's and other document file types run relatively quickly.
The vendor for the 3rd party app tried everything they can think of and we are at a standstill.
Clients are Windows 7 Pro and Windows 10. No lingering updates on clients or server. SMB1 is disabled on both client and new server. Old server has SMB1 enabled but packet traces show SMB2 is being used.
New Server Specs:
Intel 2.1 Ghz (2×8 cores), RAM 32G, HDD: 744 GB 6Gbps SSD
Old Server Specs:
Intel 2.4 Ghz (2×8 cores), RAM 16G, HDD: 256 GB 6Gbps SATA
Both RAID 1-0
Things I've tried or noticed
-
The SQL queries and actions within those screens is fast. I also
noticed something as simple as opening the properties of the EXE
file on the new server is 4-5 seconds longer than on the old server,
which is near instant. -
Windows firewall is off on both client and server. Virus protection
(MS Security Essentials, Defender) are off on both client and server
to rule that out. I compared the advanced settings of the NIC cards
on both servers and they match with the exception of Largesend and TCP/UDP Checksum offload. Those are disabled on the Server 2019 as there is apparently issues with those settings on Broadcom NIC's. They were enabled previously but disabled them for testing. UAC is all the way to the lowest setting on both client and servers. -
The file server part has already been migrated and SMB is fast
compared to the old server. I am getting 10Mbps copying files from
the new server to my desktop and 5 Mbps from the old server to the
desktop. -
We have QuickBooks running locally on one workstation and pointing
to a QB database on a share and it runs fast and smooth. -
The Resource Monitor shows a spike of about 1 Mbps on the network
interface, but doesn't really move anything else. - I've plugged my laptop directly into 2nd NIC on the server to
eliminate layer 1/2 being the problem. Also used different network
cables to make sure. - I've checked the GPO and local policies about making sure things are
signed, it is disabled. I've checked the various registry entries
under HKLM/…/Lanman* for file server tuning and they don't exist. - Wireshark shows some TCP retransmissions on the new server that I do
not see on the older server when going through the normal network.
Looking at the SMB2 statistics you can see the delay is almost a
minute on the new server and old server, doing the same action. One thing I have noticed is the window size on the new
server is
really large compared to the old. The old is consistently 256 while
the new is 4100+. - Using the IP address to map the shares or access the UNC path to eliminate DNS being the issue.
Best Answer
It was MalwareBytes Cloud. Even with a whitelist entry for the path, EXE and local folder.