Results 1 to 11 of 11
  1. #1
    New Lounger
    Join Date
    Apr 2010
    Location
    Boston
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Urgent Help with Legacy Win NT System

    We have an older Win NT Small Business Server still up and running to support a MRP Legacy accounting package that runs on a Centura database.

    Within the last two days users have complained that the software is very slow and when I look at the Win NT Task Manager there is a program, TCPSVCS.exe that's running between 88 & 99% CUP load. Access to this server is limited to only a few individuals and they all have virus protection on their local clients.

    I have no ideas as to where to begin to look to resolve this issue. Any thoughts on what might be causing this? Virus? other ?

    Also, assuming I can correct this can this machine be virtualized with something like VMWare so I can move it to more modern hardware?

    Thanks All,
    Chuck

  2. #2
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Delaware, US
    Posts
    1,172
    Thanks
    19
    Thanked 99 Times in 88 Posts
    That is a Windows program, specifically it's TCP/IP service.
    http://www.file.net/process/tcpsvcs.exe.html

    It is, however, possible that you have a Trojan version running. Have you run any virus check on the server itself?
    Graham Smith
    DataSmith, Delaware
    "For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)

  3. #3
    New Lounger
    Join Date
    Apr 2010
    Location
    Boston
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thank you for taking the time to respond !!

    I wondered if that might be the problem and tried to download and run a few malware programs but nothing seems compatible with Win NT. (tried things like MalwareBytes, etc). Anyone know of anything that might be backward compatible with this operating system?

    Thank You.
    Chuck

  4. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,199
    Thanks
    48
    Thanked 987 Times in 917 Posts
    You need a bootable AV test disk. Make an image backup of the server first.
    Try the Panda Cloud Cleaner Rescue ISO from this link.
    http://www.pandasecurity.com/uk/supp..._homeusers.htm

    Yes, you can virtualize NT with VMware Converter, but I think you must do it by booting from the VMware Converter CD.
    https://communities.vmware.com/threa...art=0&tstart=0

    You can also convert to VHD, for Hyper-V or VirtualBox, with the Sysinternals converter.
    https://technet.microsoft.com/en-gb/.../ee656415.aspx

    cheers, Paul

  5. #5
    New Lounger
    Join Date
    Apr 2010
    Location
    Boston
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks Paul, appreciate the input.

    As I'm continuing to look at this I went to the server and opened Control Panel / Network Icon and selected the Network Protocol Tab to look at the TCP/IP settings. I only have one network adapter on this server and it's on the motherboard. This was originally setup for a Static IP and the entry for the "specified" IP is entered as 10.0.0.5

    I thought this strange as I didn't remember it as such so I opened a Command Window and typed ipconfig /all and it's telling me that the network adapter for this server is addressed as 10.0.0.2 (what I remembered).

    How can this be the case? And might this be part of the problem? I can't change anything right now as I have users on the system but thought tonight that I'd change what I say in the Network Protocol entry screen to remove the 10.0.0.5 back to 10.0.0.2

    This make any sense as I'm not really a network guy just one person trying to run a small family business without breaking the bank on IT stuff.

    Thanks again.

    Chuck

  6. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,640
    Thanks
    147
    Thanked 883 Times in 844 Posts
    I've seen where unchecking (TCP/IPv6) has resolved this.

    Not sure if disabling it and re-enabling it would do anything - among your clients, are there any strangers, or is it a free for all ?

    I suppose it's possible it is trying to connect to both which I would think would load the CPU.

  7. #7
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,199
    Thanks
    48
    Thanked 987 Times in 917 Posts
    Rather than change the IP address, re-boot the server and see what it has for an IP address. It doesn't actually matter what it uses as the users should be using DNS to find it.

    NT doesn't support IPv6 AFAIK.

    cheers, Paul

  8. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,640
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Can't remember the date of the article or which OS it was discussing and NT is way before my time anyway.

  9. #9
    New Lounger
    Join Date
    Apr 2010
    Location
    Boston
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks all for your inputs. Shut the server down after everyone logged off last night to further investigate. Realized that the two IP address assignments were as a result of a previous network card that was removed from the machine back in February (routine cleaning) but was not "removed" from from the devices list under the network settings. I removed / uninstalled the card and then found and loaded a newer network card driver for the one being used and the TCPSCVS.exe load went from the 90% range down to about Nil.

    Sometimes a simple solution that's not originally evident.

    Thanks again.

  10. #10
    New Lounger
    Join Date
    Apr 2010
    Location
    Boston
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    ......now to virtualize this old goat before I run into more problems on this old, old hardware !!

  11. #11
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Delaware, US
    Posts
    1,172
    Thanks
    19
    Thanked 99 Times in 88 Posts
    Quote Originally Posted by chuckv View Post
    Realized that the two IP address assignments were as a result of a previous network card that was removed from the machine back in February (routine cleaning) but was not "removed" from from the devices list under the network settings.
    I did have a quick look online and saw something along these lines mentioned but it was pertaining to a newer OS so I wasn't sure.

    Good luck trying to keep a WinNT server running - virtually or not.
    Graham Smith
    DataSmith, Delaware
    "For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •