Interesting issue that we observed recently with quite a few variables so I'll attempt to make it as clear as possible. HQ site located in Southern California where main file server is present (Older NAS box running Windows Storage Server 2008). Multiple remote offices in Northern California, each connected to HQ by a 20Mbps connection via MPLS.
Users have drive mappings to local servers in each remote office but also have a drive mapping (X:) to file server at HQ (it's a company drive). Yesterday, users in single remote office complain about network slowness. Fire up monitoring tool and see inbound traffic to remote site is well over the threshold. Deep dive and see GBs of traffic between HQ file server and a desktop user in remote office. Call user and setup a remote session (check to see if they are trying to copy a large amount of data across the link).
To surprise, user has nothing open on her system. Open Resource Manager on her system and drill into the Network Activity module. Network I/O is fluctuating back and forth between 18 to 23 Mbps sustained and Network Utilization is constant at 20%. CPU resources are normal on users system (nothing spiking).
Watched this activity for the better part of an hour. Resource Monitor says it's the System process (PID 4) and it's microsoft-ds (port 445) that is causing the network utilization issues. Take a peek with Process Explorer but am really unable to identify too much going on.
On a whim, disconnected her X: drive mapping and the network utilization dropped almost to 0%. Asked user if she was doing anything on this drive and she explained this to me:
"Had opened up X: drive and was searching for a file a few hours earlier in day. Typed filename in Search box in Windows Explorer. Progress bar started to move but she gave up after a while and simply closed the window".
Her client is Windows 7 x64. The X: drive is close to 700GB and has almost 950,000 files and 100,000 folders on it. Is it possible when she closed the window, that the search was still executing across the WAN and was somehow responsible for driving up the network utilization?
We tried similar steps but after letting it run for 30 minutes, we saw no increase in the network utilization.
Curious to see if anyone has ever seen anything similar or maybe has a taken on the situation? Sorry for the long story!
