Windows Server 2008 Enterprise x64, fully patched.
Every few days, this server would lock up and refuse to let any client machines see its shares. Since it is a DC, this caused other problems as well.
After many hours of troubleshooting, I ran 'netstat -n' and found over 4000 client connections in the 'CLOSE_WAIT' state on TCP port 445. There would be several in this state from each client (this is on a /24 network with no outside access, so we're nowhere
near 4000 devices that could even potentially access the server).
Any ideas on how to keep these CLOSE_WAIT from accumulating like this?
We are seeing a similar issue with a number of servers that have several thousand CLOSE_WAIT sessions to some DFS servers which eventually exhaust connections causing impact to end users. The client nodes have FIN_WAIT_2 status in their netstat
and seems very similar to the above issue. Eventually the situation clears after some reboots etc. Any help with this would be greatly appreciated!
You can run netstat -ano to identify the process hosting the sessions.
Meanwhile, I'd like to confirm if Symantec is installed on the servers. If so, please temporarily disable the Symantec service and check the result.
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.