dllowry2
asked on
Lost the M: drive on Exchange server. Store files were on the M: drive. Cannot start Exchange Services any longer
I had what appeared to be a DNS problem with one of the Domain controllers. We could not access the file server shared drive from users PC'. Rebooted server and we could access the File server drive again.
We also could not seem to access outlook.
I killed the Outlook processes witht eh KILL.exe process and restarted the Exchange services and all was fine.
I started Looking at Domain controller where I run Exchange 2000 and it appeared to have a few executables running that looked suspicious.
VPC32.exe
CHUMIL32.exe
I attempted to kill the VPC32.exe and outlook immediatly went down.
I rebooted server and could then not start teh exchange services.
I looked and the M: drive was no longer an available drive.
It does not show any event logs indicating it was removed, lost, etc.
Also after the reboot I now see a process servicechat2.exe running on the Exchagne server pc.
Any suggestions on what course of action I can take to troubleshoot this?
Help me make this work and you can name your price on points.
Thanks
David
ASKER
POP3, MTA Stack, Exchange Management, Information Store, and Exchange Event services will not start.
The others did.
The others did.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK,
Can I delete the bside folder and its files?
Here is the Hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 2:05:46 PM, on 8/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
C:\WINNT\system32\services
C:\WINNT\system32\lsass.ex
C:\WINNT\System32\termsrv.
C:\WINNT\system32\svchost.
C:\WINNT\system32\spoolsv.
C:\WINNT\System32\msdtc.ex
C:\WINNT\System32\CpqRcmc.
C:\Compaq\vcagent\vcagent.
C:\PROGRA~1\NAV\DefWatch.e
C:\WINNT\system32\Dfssvc.e
C:\WINNT\System32\svchost.
C:\Program Files\Expertcity\GoToMyPC\
C:\WINNT\system32\cba\pds.
C:\Program Files\Expertcity\GoToMyPC\
C:\WINNT\System32\ismserv.
C:\WINNT\System32\llssrv.e
C:\Program Files\MonitorIT\AgentServi
C:\Program Files\Expertcity\GoToMyPC\
D:\Program Files\NovaNET\NNWINSDR.EXE
C:\Program Files\MonitorIT\RpmAgent.e
C:\PROGRA~1\Symantec\SYMAN
C:\WINNT\system32\ntfrs.ex
C:\WINNT\system32\regsvc.e
C:\WINNT\System32\locator.
C:\WINNT\system32\MSTask.e
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.
C:\PROGRA~1\NAV\Rtvscan.ex
C:\Program Files\Pwrchute\ups.exe
C:\WINNT\System32\WBEM\Win
C:\WINNT\System32\wins.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.
C:\WINNT\System32\CPQNiMgt
C:\WINNT\system32\cpqmgmt\
C:\WINNT\system32\cpqmgmt\
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\
C:\WINNT\system32\cba\xfr.
C:\WINNT\system32\MsgSys.E
C:\WINNT\system32\mqsvc.ex
C:\Program Files\Common Files\System\MSSearch\Bin\
C:\WINNT\System32\sysdown.
C:\WINNT\system32\cpqmgmt\
C:\WINNT\System32\CPQMGMT\
C:\WINNT\System32\svchost.
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CPQTEAM.
C:\WINNT\system32\Atiptaxx
C:\PROGRA~1\NAV\VPTray.exe
C:\winnt\system32\bside\sy
C:\WINNT\system32\sysop.ex
D:\Program Files\SolarWinds\2002 Engineers Edition\SolarWinds-Toolbar
C:\Program Files\WinZip\WZQKPICK.EXE
C:\winnt\system32\bside\Ch
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\dmremote
C:\WINNT\System32\dmadmin.
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Exchsrvr\bin\exmgmt.
C:\Program Files\Trend\Smex\InstMon.e
C:\Program Files\Trend\Smex\RMonitor.
C:\Program Files\Trend\Smex\InstRTS.e
C:\Program Files\Trend\Smex\SmexVS.ex
C:\Program Files\Trend\Smex\SMEXMA.ex
C:\Program Files\GFI\MailEssentials\m
C:\Program Files\GFI\MailEssentials\p
C:\WINNT\system32\mmc.exe
C:\utility\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [CPQTEAM] CPQTEAM.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NAV\VPTray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Win2KService] C:\winnt\system32\bside\sy
O4 - HKLM\..\Run: [Microsoft Windows Update] sysop.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] sysop.exe
O4 - HKCU\..\Run: [SolarWinds Toolbar] D:\Program Files\SolarWinds\2002 Engineers
Edition\SolarWinds-Toolbar
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {08F04139-8DFC-11D2-80E9-0
https://onsite.trustwise.com/services/FortisBankSANV/vscnfchk.cab
O16 - DPF: {70D86F3C-BA4D-11D2-80F5-0
https://onsite.megasign.nl/services/FortisBankNederlandNVDCI/vspcakm.cab
O16 - DPF: {86C4AF33-6171-11D2-80CD-0
https://onsite.megasign.nl/VSRenewSign.dll
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
192.168.0.31,192.168.0.32
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon
O23 - Service: Compaq NIC Agents (CPQNicMgmt) - Compaq Computer Corp. -
C:\WINNT\System32\CPQNiMgt
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.
O23 - Service: Compaq Version Control Agent (cpqvcagent) - Compaq Computer Corporation -
C:\Compaq\vcagent\vcagent.
O23 - Service: Compaq Web Agent (CpqWebMgmt) - Compaq Computer Corp. -
C:\WINNT\System32\CPQMGMT\
O23 - Service: Compaq Foundation Agents (CqMgHost) - Compaq Computer Corp. -
C:\WINNT\system32\cpqmgmt\
O23 - Service: Compaq Server Agents (CqMgServ) - Compaq Computer Corp. -
C:\WINNT\system32\cpqmgmt\
O23 - Service: Compaq Storage Agents (CqMgStor) - Compaq Computer Corp. -
C:\WINNT\system32\cpqmgmt\
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -
C:\PROGRA~1\NAV\DefWatch.e
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -
C:\WINNT\System32\dmadmin.
O23 - Service: GFI MailEssentials Attendant - GFI Software Ltd. - C:\Program
Files\GFI\MailEssentials\m
O23 - Service: GFI POP2Exchange - GFI Software Ltd. - C:\Program
Files\GFI\MailEssentials\p
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\
(file missing)
O23 - Service: Intel Alert Handler - Unknown owner - C:\WINNT\system32\ams_ii\h
missing)
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINNT\system32\ams_ii\i
missing)
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.
O23 - Service: GFI List Server (listserv) - GFI Software Ltd - C:\Program
Files\GFI\MailEssentials\L
O23 - Service: MonitorIT Agent Service - Unknown owner - C:\Program
Files\MonitorIT\AgentServi
O23 - Service: NovaNET - Unknown owner - D:\Program Files\NovaNET\NNWINSDR.EXE
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation -
C:\PROGRA~1\Symantec\SYMAN
O23 - Service: ScanMail_MailAction - Trend Micro Inc. - C:\Program Files\Trend\Smex\SMEXMA.ex
O23 - Service: ScanMail_Monitor - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstMon.e
O23 - Service: ScanMail_RealTimeScan - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstRTS.e
O23 - Service: ScanMail_Web - Trend Micro Inc. - C:\Program Files\Trend\Smex\WebRoot\I
O23 - Service: SecureNetworkChatService - SecureAction Research Ltd. - C:\Program Files\Secure
Network Chat\ServiceChat2.exe
O23 - Service: Surveyor - Compaq Computer Corp. - C:\compaq\survey\Surveyor.
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\PROGRA~1\NAV\Rtvscan.ex
O23 - Service: Compaq System Shutdown Service (sysdown) - Compaq Computer Corporation -
C:\WINNT\System32\sysdown.
O23 - Service: Tardis time service (Tardis) - Unknown owner - C:\WINNT\System32\tardisnt
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - C:\Program Files\Pwrchute\ups.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe"
-service (file missing)
Can I delete the bside folder and its files?
Here is the Hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 2:05:46 PM, on 8/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
C:\WINNT\system32\services
C:\WINNT\system32\lsass.ex
C:\WINNT\System32\termsrv.
C:\WINNT\system32\svchost.
C:\WINNT\system32\spoolsv.
C:\WINNT\System32\msdtc.ex
C:\WINNT\System32\CpqRcmc.
C:\Compaq\vcagent\vcagent.
C:\PROGRA~1\NAV\DefWatch.e
C:\WINNT\system32\Dfssvc.e
C:\WINNT\System32\svchost.
C:\Program Files\Expertcity\GoToMyPC\
C:\WINNT\system32\cba\pds.
C:\Program Files\Expertcity\GoToMyPC\
C:\WINNT\System32\ismserv.
C:\WINNT\System32\llssrv.e
C:\Program Files\MonitorIT\AgentServi
C:\Program Files\Expertcity\GoToMyPC\
D:\Program Files\NovaNET\NNWINSDR.EXE
C:\Program Files\MonitorIT\RpmAgent.e
C:\PROGRA~1\Symantec\SYMAN
C:\WINNT\system32\ntfrs.ex
C:\WINNT\system32\regsvc.e
C:\WINNT\System32\locator.
C:\WINNT\system32\MSTask.e
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.
C:\PROGRA~1\NAV\Rtvscan.ex
C:\Program Files\Pwrchute\ups.exe
C:\WINNT\System32\WBEM\Win
C:\WINNT\System32\wins.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.
C:\WINNT\System32\CPQNiMgt
C:\WINNT\system32\cpqmgmt\
C:\WINNT\system32\cpqmgmt\
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\
C:\WINNT\system32\cba\xfr.
C:\WINNT\system32\MsgSys.E
C:\WINNT\system32\mqsvc.ex
C:\Program Files\Common Files\System\MSSearch\Bin\
C:\WINNT\System32\sysdown.
C:\WINNT\system32\cpqmgmt\
C:\WINNT\System32\CPQMGMT\
C:\WINNT\System32\svchost.
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CPQTEAM.
C:\WINNT\system32\Atiptaxx
C:\PROGRA~1\NAV\VPTray.exe
C:\winnt\system32\bside\sy
C:\WINNT\system32\sysop.ex
D:\Program Files\SolarWinds\2002 Engineers Edition\SolarWinds-Toolbar
C:\Program Files\WinZip\WZQKPICK.EXE
C:\winnt\system32\bside\Ch
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\dmremote
C:\WINNT\System32\dmadmin.
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Exchsrvr\bin\exmgmt.
C:\Program Files\Trend\Smex\InstMon.e
C:\Program Files\Trend\Smex\RMonitor.
C:\Program Files\Trend\Smex\InstRTS.e
C:\Program Files\Trend\Smex\SmexVS.ex
C:\Program Files\Trend\Smex\SMEXMA.ex
C:\Program Files\GFI\MailEssentials\m
C:\Program Files\GFI\MailEssentials\p
C:\WINNT\system32\mmc.exe
C:\utility\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [CPQTEAM] CPQTEAM.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NAV\VPTray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Win2KService] C:\winnt\system32\bside\sy
O4 - HKLM\..\Run: [Microsoft Windows Update] sysop.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] sysop.exe
O4 - HKCU\..\Run: [SolarWinds Toolbar] D:\Program Files\SolarWinds\2002 Engineers
Edition\SolarWinds-Toolbar
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {08F04139-8DFC-11D2-80E9-0
https://onsite.trustwise.com/services/FortisBankSANV/vscnfchk.cab
O16 - DPF: {70D86F3C-BA4D-11D2-80F5-0
https://onsite.megasign.nl/services/FortisBankNederlandNVDCI/vspcakm.cab
O16 - DPF: {86C4AF33-6171-11D2-80CD-0
https://onsite.megasign.nl/VSRenewSign.dll
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
192.168.0.31,192.168.0.32
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon
O23 - Service: Compaq NIC Agents (CPQNicMgmt) - Compaq Computer Corp. -
C:\WINNT\System32\CPQNiMgt
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.
O23 - Service: Compaq Version Control Agent (cpqvcagent) - Compaq Computer Corporation -
C:\Compaq\vcagent\vcagent.
O23 - Service: Compaq Web Agent (CpqWebMgmt) - Compaq Computer Corp. -
C:\WINNT\System32\CPQMGMT\
O23 - Service: Compaq Foundation Agents (CqMgHost) - Compaq Computer Corp. -
C:\WINNT\system32\cpqmgmt\
O23 - Service: Compaq Server Agents (CqMgServ) - Compaq Computer Corp. -
C:\WINNT\system32\cpqmgmt\
O23 - Service: Compaq Storage Agents (CqMgStor) - Compaq Computer Corp. -
C:\WINNT\system32\cpqmgmt\
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -
C:\PROGRA~1\NAV\DefWatch.e
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -
C:\WINNT\System32\dmadmin.
O23 - Service: GFI MailEssentials Attendant - GFI Software Ltd. - C:\Program
Files\GFI\MailEssentials\m
O23 - Service: GFI POP2Exchange - GFI Software Ltd. - C:\Program
Files\GFI\MailEssentials\p
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\
(file missing)
O23 - Service: Intel Alert Handler - Unknown owner - C:\WINNT\system32\ams_ii\h
missing)
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINNT\system32\ams_ii\i
missing)
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.
O23 - Service: GFI List Server (listserv) - GFI Software Ltd - C:\Program
Files\GFI\MailEssentials\L
O23 - Service: MonitorIT Agent Service - Unknown owner - C:\Program
Files\MonitorIT\AgentServi
O23 - Service: NovaNET - Unknown owner - D:\Program Files\NovaNET\NNWINSDR.EXE
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation -
C:\PROGRA~1\Symantec\SYMAN
O23 - Service: ScanMail_MailAction - Trend Micro Inc. - C:\Program Files\Trend\Smex\SMEXMA.ex
O23 - Service: ScanMail_Monitor - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstMon.e
O23 - Service: ScanMail_RealTimeScan - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstRTS.e
O23 - Service: ScanMail_Web - Trend Micro Inc. - C:\Program Files\Trend\Smex\WebRoot\I
O23 - Service: SecureNetworkChatService - SecureAction Research Ltd. - C:\Program Files\Secure
Network Chat\ServiceChat2.exe
O23 - Service: Surveyor - Compaq Computer Corp. - C:\compaq\survey\Surveyor.
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\PROGRA~1\NAV\Rtvscan.ex
O23 - Service: Compaq System Shutdown Service (sysdown) - Compaq Computer Corporation -
C:\WINNT\System32\sysdown.
O23 - Service: Tardis time service (Tardis) - Unknown owner - C:\WINNT\System32\tardisnt
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - C:\Program Files\Pwrchute\ups.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe"
-service (file missing)
not only you can, but you should... also, remove the appropriate key from your registry (HKLM/Software/Microsoft/W
O4 - HKLM\..\Run: [Win2KService] C:\winnt\system32\bside\sy
fully patch the system before bringing it back online.
O4 - HKLM\..\Run: [Win2KService] C:\winnt\system32\bside\sy
fully patch the system before bringing it back online.
ASKER
Done and rebooting.
I will pass information on the event logs shortly. Disconnected from the network from teh server at the moment.
I will pass information on the event logs shortly. Disconnected from the network from teh server at the moment.
http://forums.spywareinfo.com/lofiversion/index.php/t50996.html
Instructions to ditch this ugly beast :)
Instructions to ditch this ugly beast :)
ASKER
OK, after a final reboot and start of the exchange services it still appears I cannot start the Exchange services without errors . Below is events in the event log after the reboot. If I could attatch teh event logs I would , I just dont think we can on this website!
Also when attempting to go to DNS the exchange server only see'd itself in DNS. From the other domain controller it see's itself and the exchange server DC but cannot access it.
I cannot access or map teh drives of each server.
From the Exchange Server Domain Controller: SYSTEM LOG
Source:w3svc
The server was unable to add the virtual root '/public' for the directory 'M:\rhotrading.com\Public Folders' due to the following error: The system cannot find the path specified. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at:
The server was unable to add the virtual root '/Exchange' for the directory 'M:\rhotrading.com\MBX' due to the following error: The system cannot find the path specified. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at:
The server was unable to add the virtual root '/Exadmin' for the directory '\\.\BackOfficeStorage' due to the following error: The system cannot find the path specified. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at:
Source:NNTPSVC
The server was unable to add the virtual root '/' for the directory '/Internet Newsgroups' due to the following error: The parameter is incorrect. The data is the error code.
The Microsoft NNTP Service 5.00.0984 Version: 5.0.2195.6972 has been started.
Source:Schannel
A fatal error occurred while creating an SSL server credential.
Source:Browser
The browser was unable to retrieve a list of servers from the browser master \\RHOSVR01 on the network \Device\NetBT_Tcpip_{CDCC6
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{CDCC6
APPLICATION LOG
Source:IISinfoCTRS
Unable to query the IIS Info service performance data. The error code returned by the service is data DWORD 0.
Source:MSMQ
The server cannot support automatic recognition of site and connected networks for clients.
Source:Perflib
The configuration information of the performance library "C:\WINNT\system32\ftpctrs
Source:perflib
The Open Procedure for service "ScanMail_Monitor" in DLL "C:\Program Files\Trend\Smex\SmxPerf.d
I BELIEVE THE BELOW IS BECAUSE I RENAMEd THE VPC32.exe file to another extention becasue I thought it was a virus.
Source:msiinstaller
Detection of product '{848AC794-8B81-440A-81AE-
Product: Symantec AntiVirus -- Error 1606.Could not access network location \\Rhosvr01\E\users\adminis
Source:MsExchangeDSAccess
Process MAD.EXE (PID=2148). All Global Catalog Servers in use are not responding:
Rhosvr01.rhotrading.com
Source:MSEchangeAL
Permanent failure reported by policy group provider for 'CN=System Policies,CN=Rho Trading,CN=Microsoft Exchange,CN=Services,CN=Co
Source: MSExhangeFBPublish
Error initializing session for virtual machine RHOSVR02. The error number is 0x80040111. Make sure Microsoft Exchange Store is running.
Source:MSExchangeSA
The Directory Service Referral interface failed to service a client request. RFRI is returning the error code:[0x3f0].
Source:POP3SVC
An error occurred while starting the Microsoft Exchange POP3 Service: server instance number 1 failed to start with error 0x80004005.
Then a message stating the POP3 service started successfully.
The Directory Service Referral interface failed to service a client request. RFRI is returning the error code:[0x3f0].
FILE REPLICATION SERVICE
Source NtFrs
The File Replication Service is having trouble enabling replication from RHOSVR01 to RHOSVR02 for c:\winnt\sysvol\domain using the DNS name Rhosvr01.rhotrading.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name Rhosvr01.rhotrading.com from this computer.
[2] FRS is not running on Rhosvr01.rhotrading.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Also when attempting to go to DNS the exchange server only see'd itself in DNS. From the other domain controller it see's itself and the exchange server DC but cannot access it.
I cannot access or map teh drives of each server.
From the Exchange Server Domain Controller: SYSTEM LOG
Source:w3svc
The server was unable to add the virtual root '/public' for the directory 'M:\rhotrading.com\Public Folders' due to the following error: The system cannot find the path specified. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at:
The server was unable to add the virtual root '/Exchange' for the directory 'M:\rhotrading.com\MBX' due to the following error: The system cannot find the path specified. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at:
The server was unable to add the virtual root '/Exadmin' for the directory '\\.\BackOfficeStorage' due to the following error: The system cannot find the path specified. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at:
Source:NNTPSVC
The server was unable to add the virtual root '/' for the directory '/Internet Newsgroups' due to the following error: The parameter is incorrect. The data is the error code.
The Microsoft NNTP Service 5.00.0984 Version: 5.0.2195.6972 has been started.
Source:Schannel
A fatal error occurred while creating an SSL server credential.
Source:Browser
The browser was unable to retrieve a list of servers from the browser master \\RHOSVR01 on the network \Device\NetBT_Tcpip_{CDCC6
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{CDCC6
APPLICATION LOG
Source:IISinfoCTRS
Unable to query the IIS Info service performance data. The error code returned by the service is data DWORD 0.
Source:MSMQ
The server cannot support automatic recognition of site and connected networks for clients.
Source:Perflib
The configuration information of the performance library "C:\WINNT\system32\ftpctrs
Source:perflib
The Open Procedure for service "ScanMail_Monitor" in DLL "C:\Program Files\Trend\Smex\SmxPerf.d
I BELIEVE THE BELOW IS BECAUSE I RENAMEd THE VPC32.exe file to another extention becasue I thought it was a virus.
Source:msiinstaller
Detection of product '{848AC794-8B81-440A-81AE-
Product: Symantec AntiVirus -- Error 1606.Could not access network location \\Rhosvr01\E\users\adminis
Source:MsExchangeDSAccess
Process MAD.EXE (PID=2148). All Global Catalog Servers in use are not responding:
Rhosvr01.rhotrading.com
Source:MSEchangeAL
Permanent failure reported by policy group provider for 'CN=System Policies,CN=Rho Trading,CN=Microsoft Exchange,CN=Services,CN=Co
Source: MSExhangeFBPublish
Error initializing session for virtual machine RHOSVR02. The error number is 0x80040111. Make sure Microsoft Exchange Store is running.
Source:MSExchangeSA
The Directory Service Referral interface failed to service a client request. RFRI is returning the error code:[0x3f0].
Source:POP3SVC
An error occurred while starting the Microsoft Exchange POP3 Service: server instance number 1 failed to start with error 0x80004005.
Then a message stating the POP3 service started successfully.
The Directory Service Referral interface failed to service a client request. RFRI is returning the error code:[0x3f0].
FILE REPLICATION SERVICE
Source NtFrs
The File Replication Service is having trouble enabling replication from RHOSVR01 to RHOSVR02 for c:\winnt\sysvol\domain using the DNS name Rhosvr01.rhotrading.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name Rhosvr01.rhotrading.com from this computer.
[2] FRS is not running on Rhosvr01.rhotrading.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
ASKER
APPLICATION LOG
Source:MsExchangeMTA
A fatal error occurred reading a value from the directory. No MTA name was found. Contact Microsoft Technical Support. [MTA MAIN BASE 1 12] (16)
There is not enough Performance Monitor memory to display the MTA Connections information. Stop attached Performance Monitors and re-start the MTA. [BASE MAIN BASE 1] (14)
SYSTEM LOG
The Microsoft Exchange Information Store service terminated with service-specific error 0.
Source:MsExchangeMTA
A fatal error occurred reading a value from the directory. No MTA name was found. Contact Microsoft Technical Support. [MTA MAIN BASE 1 12] (16)
There is not enough Performance Monitor memory to display the MTA Connections information. Stop attached Performance Monitors and re-start the MTA. [BASE MAIN BASE 1] (14)
SYSTEM LOG
The Microsoft Exchange Information Store service terminated with service-specific error 0.
ASKER
OK,
Here is what I have learned so far.
I shut down the File server DC and then rebooted the Exchange server DC.
I then restarted the File server DC and was able to start all the Exhcange server processes??
Do you know of this type of behavior?
I will wait to see if you might be able to assist me further with this before closing this ticket. I am still not confident it is stable. Your insite into my event logs would be helpful.
Please let me know what you want for points or if the 500 will be sufficiant
Here is what I have learned so far.
I shut down the File server DC and then rebooted the Exchange server DC.
I then restarted the File server DC and was able to start all the Exhcange server processes??
Do you know of this type of behavior?
I will wait to see if you might be able to assist me further with this before closing this ticket. I am still not confident it is stable. Your insite into my event logs would be helpful.
Please let me know what you want for points or if the 500 will be sufficiant
Ok, so assuming that the Exchange server is looking at the internal DNS server ONLY on the TCP/IP properties, where is the GC/DC that it's looking for? Have you reapplied any exchange or windows service packs during this? How many DCs and GCs do you have?
ASKER
not sure I follow. We have two Domain Controllers. The two I have been speaking about.
We NAT tot eh outside world. The Exchange server has a DNS address with out Internet provider for external mail, OWA, and Internet access.
GC?
We NAT tot eh outside world. The Exchange server has a DNS address with out Internet provider for external mail, OWA, and Internet access.
GC?
GC=global catalog server
Which server is this? Rhosvr01.rhotrading.com
Are both DCs also GCs? Look on the DSAccess tab of the Exchange server props, in the ESM
Which server is this? Rhosvr01.rhotrading.com
Are both DCs also GCs? Look on the DSAccess tab of the Exchange server props, in the ESM
ASKER
OK, It seems to be an active directory problem.
I get a message that the Domain controller for Group policy operations is not available.
Failed to open the group policy object. You may not have appropriate rights when trying to go into domain controller security policy.
I did not see a tab for DSAccess on the Exchange server properties.
I am doing this from Rhosvr01 & Rhosvr02.
Presently Exchange is down again and File access is random at this time with some users gaining access to the File server and others not being able to connect.
I get a message that the Domain controller for Group policy operations is not available.
Failed to open the group policy object. You may not have appropriate rights when trying to go into domain controller security policy.
I did not see a tab for DSAccess on the Exchange server properties.
I am doing this from Rhosvr01 & Rhosvr02.
Presently Exchange is down again and File access is random at this time with some users gaining access to the File server and others not being able to connect.
Might be called Directory Access too...
ASKER
I have done a repair of the the Domain Group Policy objects.
It then all seems to be fine. Within 20 minutes it was corrept in some way again.
I did get into the Exchange system manager properties and am looking at the Directory access tab.
It shows two entries. Both are RHOSVR02
Site: Default-First-Site-Name for both
Domain : rhotrading.com for both
Type : Config(auto) for the first
Type : DC(auto) for teh second entry
LDAP port : 389 for both
It then all seems to be fine. Within 20 minutes it was corrept in some way again.
I did get into the Exchange system manager properties and am looking at the Directory access tab.
It shows two entries. Both are RHOSVR02
Site: Default-First-Site-Name for both
Domain : rhotrading.com for both
Type : Config(auto) for the first
Type : DC(auto) for teh second entry
LDAP port : 389 for both
That's a problem, there should be 3 entries. No entry for a GC?
ASKER
It now appears as though it worked for about another 20 minutes and then gives me an error Network connection to Policy storage has been lost. Attempt to reconnect now.
IP Sec Policy storage failed to open.
When attempting to reconnect it fails again and again.
IP Sec Policy storage failed to open.
When attempting to reconnect it fails again and again.
ASKER
Soory I did not see your last comment.
OK, so there should not be an entry for a GC and there should be a total of three entries within this Directory Tab.
Could you help me determine what they should be?
Im nowhere near an expert at this and im sure you figured that out already.
Thanks
OK, so there should not be an entry for a GC and there should be a total of three entries within this Directory Tab.
Could you help me determine what they should be?
Im nowhere near an expert at this and im sure you figured that out already.
Thanks
No, you MUST have an entry for the GC, and you don't. You need to add that under the GC area in the Directory Access tab. Are the exchange services running at this point?
ASKER
They are not. I can attempt to start them but they fail. At least some of them.
So the Global catalog entry should be what?
So the Global catalog entry should be what?
It should point to your local GC, whichever server that is. You tell me...and it should operate on port 3268, just in case you need to know.
ASKER
OK,
Well the GC servers has the Check box set for automatically discover servers and it does not find one.
AD sites and services shows me that the RHOSVR01 server is th be the Global catalog server.
Should I attempt to manually add this server to teh Directory access tab from within Exchange system manager?
Thanks
Well the GC servers has the Check box set for automatically discover servers and it does not find one.
AD sites and services shows me that the RHOSVR01 server is th be the Global catalog server.
Should I attempt to manually add this server to teh Directory access tab from within Exchange system manager?
Thanks
ASKER
OK, I did a manual add for the Global Catalog.
You are correct that it should be port 3268.
Trying a few things now.
You are correct that it should be port 3268.
Trying a few things now.
yes, I'd try to manually add it. Make sure that the Exchange server is looking at internal DNS servers only.
ASKER
DNS settings on the server point to the internal domain controllers.
The group policy is still available for more than an hour so Im feeling good about that.
But I attempted to start the Exchange services from RHOSVR02 and it faild on the same services. I am assuming I may need to restart the DC that I have added the values too.
Ill tell you whats going on with it.
Thanks
The group policy is still available for more than an hour so Im feeling good about that.
But I attempted to start the Exchange services from RHOSVR02 and it faild on the same services. I am assuming I may need to restart the DC that I have added the values too.
Ill tell you whats going on with it.
Thanks
ASKER
Rebooted the Exchange server and still cannot get the services to start.
Just a recapp.
The three entries under the directory access tab should be the following.
Two entries for RHOSVR02 (Exchange server) One for DC (Auto) and one for Conf (Auto)
Then one entry for the Global Catalog which is on RHOSVR01.
Thanks
Just a recapp.
The three entries under the directory access tab should be the following.
Two entries for RHOSVR02 (Exchange server) One for DC (Auto) and one for Conf (Auto)
Then one entry for the Global Catalog which is on RHOSVR01.
Thanks
ASKER
Im not splitting between every answer which it appears to force me to do.
I hope you guys/girls get the points.
I hope you guys/girls get the points.
A final note on this: never, EVER log onto the console except to do administrative functions. And then do NOT, EVER, do any websurfing other than to known legitimate sites (like microsoft.com to do research).
ASKER
I also rean Search & Destroy on this Exchange server after I started experiencing this porblem.
I run Norton antivirus and ran this on the existing viewable C: & D: Drives. No viruses or trojans detected.