A client was recently complaining of slow network speeds.
I ran Wireshark and it seem the network is being overwhelmed by SMB2 instances;
Client IP > Server IP - SMB2 - Create Request File:
Follwed by
Server IP > Client IP - SMB2 - Create Response, ERROR : STATUS_FILE_IS_A_DIRECTORY
----------------------------------------------------------------------------------------------
There are literally hundreds of these per minute, per user which is completely overwhelming the network.
After a bit of investigation they seem to be linked to having mapped drives, as soon as I disconnect the mapped drives the errors stop.
The user doesn't even have to be doing anything, you can log in and just leave the machine alone but it continues to spam these errors, the errors seem to be one per mapped drive, if they have 8 mapped drives they get 8 errors, 2 mapped drives they get 2 errors etc etc.
I have clients that are Windows 7 and Windows 10 so it doesn't seem to be linked to a particular OS.
So far I've tried;
Ensuring Windows Server up to date Mapping drives based off FQDN and IP Mapping drives from different drives on the server (C: and D Trying a test mapped drive which is a completely empty folder and is open to all users Mapping the drives via GPO and Logon Script and Manually Removing the AntiVirus Disabling Firewall Running CHKDSK on all server drives Running virus and malware scans on server Logging into client machines as administrator Moving client machine into an OU with no active group policies
None of these things have changed anything at all
I've attached the Wireshark results from both the create request and then the error.
Does anyone have any idea what I'm dealing with?
Thanks
