ataylor1953
asked on
SMTP Service Terminates Unexpectedly - causes WWW, Exch Routing Engine to crash
With no prior events in the event log and no recent changes to the server we have suddenly encountered an unreliable SMTP server. Event ID: 7034, 7031 Service Terminated Unexpectedly.
We have successfully restarted the services and the system will run well for some 5 or 6 hours then will quit again. Once it quits, it quits repeatedly for some length of time and then begins to work again. We have isolated the problem to the Exchange Server 2003 (running on Windows 2003 Server).
We had suspected some kind of DOS attack. The server is behind a PIX501 and Nessus scans are negative for vulnerabilities. sc query yields: 1067 (0x42b)
Any assistance gladly accepted. thx
We have successfully restarted the services and the system will run well for some 5 or 6 hours then will quit again. Once it quits, it quits repeatedly for some length of time and then begins to work again. We have isolated the problem to the Exchange Server 2003 (running on Windows 2003 Server).
We had suspected some kind of DOS attack. The server is behind a PIX501 and Nessus scans are negative for vulnerabilities. sc query yields: 1067 (0x42b)
Any assistance gladly accepted. thx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you install Service Pack 1? The hotfix and a few transport related fixes was included in SP1 from what I understand ...
ASKER
Thank you BNettles73 and chumplet for your inciteful feedback!
I did install SP1 on Exchange. All other OS security patches are also installed.
Here is the good news, I solved the problem of the Exchange services shutting down. What follows is a long winded recounting of my misadventures.
Having read your responses and having looked again at the server, I decided to start my troubleshooting from the beginning.
Ultimately, I solved the problem with the aid of my teenage kids, who know nothing about computers. If you want to find out what the kids did last night, ask the question in several ways. Subtle differences in their answers will lead you to the truth.
I had my servicing technician on the phone, and asked him about ANY changes made to the server recently. Not much feedback. This guy is no kid and has lots of experience. "Well did you fix anything on the server during your last visit?" Not much feedback, just maintenance stuff. "Did you apply any patches on your last visit?" Nope, was the answer.
Finally, I asked the right question, "Did you do anything to the server, or anything physically attached to the server?" Yes, he did. He worked on the APC UPS. Oh, and yes he did remember that he installed a Java "upgrade" to get the APC UPS software to work. In the imortal words of Homer Simpson, "D'uh Oh!" Since the uninstallation of this Java "upgrade" we have had no shutdowns. I felt like a nitwit. But alas, it is sometimes not the "IF you asked the question" that gets you there. It is the "HOW you asked the question" that makes communication work.
Again, many thanks.
-ataylor53
I did install SP1 on Exchange. All other OS security patches are also installed.
Here is the good news, I solved the problem of the Exchange services shutting down. What follows is a long winded recounting of my misadventures.
Having read your responses and having looked again at the server, I decided to start my troubleshooting from the beginning.
Ultimately, I solved the problem with the aid of my teenage kids, who know nothing about computers. If you want to find out what the kids did last night, ask the question in several ways. Subtle differences in their answers will lead you to the truth.
I had my servicing technician on the phone, and asked him about ANY changes made to the server recently. Not much feedback. This guy is no kid and has lots of experience. "Well did you fix anything on the server during your last visit?" Not much feedback, just maintenance stuff. "Did you apply any patches on your last visit?" Nope, was the answer.
Finally, I asked the right question, "Did you do anything to the server, or anything physically attached to the server?" Yes, he did. He worked on the APC UPS. Oh, and yes he did remember that he installed a Java "upgrade" to get the APC UPS software to work. In the imortal words of Homer Simpson, "D'uh Oh!" Since the uninstallation of this Java "upgrade" we have had no shutdowns. I felt like a nitwit. But alas, it is sometimes not the "IF you asked the question" that gets you there. It is the "HOW you asked the question" that makes communication work.
Again, many thanks.
-ataylor53
Here's hoping... :)
Chumplet