Symantec Endpoint causes problems for Exchange 2007

The scenario is as follows:
You've setup your Windows 2008 Domain Controller and you went against all Microsoft conventions (oh no!) and you also used it to setup your DHCP / DNS / Network Share / Print Server and Antivirus Server on the very same Domain Controller.  

You then setup a member server with Windows 2008 R2 and installed Exchange 2007 Service Pack 3 (yes, this is the only combination that will work, otherwise you need to install Windows 2008 and a version of Exchange 2007 which will work with it - this is such a big issue - I got lucky and installed this one time a couple of weeks back but Microsoft did not release Exchange SP3 until June 22 2010).  

In any case, all is smooth and you setup your email server and now you want to install an antivirus solution - I went with Symantec Corporate Edition only to find out it no longer works (I had version 10).  So I went to Symantec Endpoint Protection - I had 11.0.2 which also did not work so i had to get 11.0.4 version. I got that installed it and it worked.

Then after a week the Exchange Server is having all sorts of errors but the main symptoms are that as it is supposed to renew its IP address from the DHCP server, it loses contact (anywhere between 3 to 7 hours) and then you have to restart your Exchange server for it to work again.  I tried looking for a solution for days -- searched the internet over and then amongst other things one of the engineers found this error:

    Event ID 1050 MSEx Runtime   Source MSExchange Extensibility

We searched the net and realised that basically the Network Threat part of the Symantec Endpoint was installed and was causing the issues between the Exchange 2007 and the Domain Controller/DHCP server!  Disable this and voila - all sorted - run dcdiag just to make sure that all runs (run it from the Exchange server - go to
    start, run, command prompt - dcdiag /s:<server name>
for instance
   dcdiag /
You should maybe get only 1 error (I can't remember the service but this is by default as it has to do with running a read only domain controller RODC - so nothing major if you are not running one. I think it was part of the adprep when you were preparing the domain for Windows 2008 and you had the option to run it).

So there you have it - another great thing from Symantec Endpoint Network Threat Protection - it affects Exchange 2007!  You can keep the anti-virus and anti-spyware running as they do not cause any issues!

Comments (1)

good article ! ,that is the reason system administrator need to share there knowledge

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.