Solved

Exchange 2003 w SP2 not functioning due to DEP error messages, also event ID 7004 and 7010

Posted on 2007-04-03
15
1,396 Views
Last Modified: 2013-12-04
I'm on a Windows 2003 server with SP2,  Exchange 2003 standard w SP2, Symantec Enterprise and GFI Mail essentials. Today we started having problems with the server not sending or receiving email. When I logged onto the server the DEP (Data Execution Protection). I upgraded the server to W2K3 SP2 in an attempt to resolve the issue. However, as soon as rebooted and logged back in I started receiving error messages that the IIS worker process failed to start. The DEP settings are currently set to on for all programs and services except those I select. The following are selected: autdlsvc, IIS worker process, Internet Information Services.
Not long after the restart the exchange went down again with the error that the Exchange system manager failed to retrievce queues for the SMTP Virtual Server (error code= 0x800706D9). I've also checked the event logs, and I've two different event IDs that seem to relate to my current problem. After looking into those events, I updated the NIC drivers to the most current verision, ran diagnostics on the nics without errors, and rebooted again. The same issues occurred again. Any help would be greatly appreciated. Thanks.
0
Comment
Question by:bvcorson
15 Comments
 

Author Comment

by:bvcorson
ID: 18846918
This same issue is also occurring at several other client sites with some variations. The constants have been IIS worker process error messages, and email problems.
0
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18847435
Did anything else change before you upgraded to SP2?  No recent driver changes, anything at all?

Well.. it seems apparent that the SP2 install seems to have messed up IIS.  So, now you have 2 problems...

Have you tried removing SP2 and refocusing on the initial issue?
0
 

Author Comment

by:bvcorson
ID: 18848020
The problem with IIS was prior to the SP2 install. The initial DEP message was blocking IIS, then after I modified DEP, I started getting the IIS worker process error. This is going on on another clients 2003 server with SP1 as well. Other than these items, there haven't been any recent driver changes or patches installed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848036
You might want to try this:

http://www.myagent.dk/2006/06/03/iis-6-worker-process-is-evil/

The solution: in your boot.ini put "/noexecute=AlwaysOff"
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848045
See also:

http://www.tek-tips.com/viewthread.cfm?qid=1333388

DEP is most useful on systems that web browsing is run on and on which 3rd party apps are regularly installed. If your system is respected as a server and a DC, I would trade DEP for IIS stability by disabling DEP.

To do this:

Get Properties on My Computer -> Advanced -> Startup & recovery -> Setting -> Edit and change the /NoExecute setting to /NoExecute=AlwaysOff

The change will apply after a reboot.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848059
On tek-tips they blame IE 7 for the culprit:

"IE7 was the culprit. I uninstalled it and ever since I had no trouble."

Tolomir
0
 

Author Comment

by:bvcorson
ID: 18848065
I think that this will probably work, but then aren't I opening up the server to malicious programs taking advantage of turning the service off.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 27

Expert Comment

by:Tolomir
ID: 18848089
No, since you know what programs are installed on the server.

Don't you?

Tolomir
0
 

Author Comment

by:bvcorson
ID: 18848093
I'll give it a shot.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848102
DEP is no general intrusion prevention. One has to install or execute the intruder.

It's rather designed to block attempts of programs to get higher permissions than windoes/the user intends.

Please take a look at http://support.microsoft.com/kb/875352 for details.

As it seems some program maybe really IE 7 is triggering DEP. You might want to deinstall the browser and check again.

Tolomir  
0
 

Author Comment

by:bvcorson
ID: 18848120
IE7 was never installed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848189
Take a look at:

http://support.microsoft.com/kb/843106

How to troubleshoot the "504 need to authenticate first" SMTP protocol error

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7004

Date: 1/13/2004
Time: 5:23:43 PM
User: N/A
Computer: COMPUTERNAME
Description: This is an SMTP protocol error log for virtual server ID 1, connection #29. The remote host "E2k3server1.contoso.com", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2336 3 ". This will probably cause the connection to fail.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 1/13/2004
Time: 5:43:49 PM
User: N/A Computer: COMPUTERNAME
Description: This is an SMTP protocol log for virtual server ID 1, connection #30. The client at "6.5.2.4" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 1092 2". This will probably cause the connection to fail. These events indicate that the XEXCH50 protocol sink fired, but the exchange of the blobs failed between the servers listed in the events.


Does that fit for you? Check the link for a possible solution.

Tolomir
0
 
LVL 1

Accepted Solution

by:
twfrost earned 500 total points
ID: 19154683
I think I have the fix - Upgrade your GFI Mail Essentials version 12 to the latest 2007 build.  Once I reinstalled mine that seemed to fix the issue.

Here are my specs.
Windows 2003 Server Std sp1 -when issue started - upgraded to SP2
Exchange Server 2003 Std SP2
GFI Mail Essentials 12
Symantec Mail Security

I previously tried running Windows 2003 SP2, ran AV and MRT scans, Stopped the DEP using /NoExecute/AlwaysOff switch in boot.ini, Uninstalled IE7.  None of these stopped the IIS (inetinfo.exe) from stopping and restarting and thus stopping and starting my SMTP service for Exchange.

Terry
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 19708193

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT: twfrost {19154683}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Chris-Dent
Experts Exchange Cleanup Volunteer
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
The purpose of this video is to demonstrate how to set up an account with Mailchimp. This will be demonstrated using a Windows 8 PC. Tools Used are: Mailchimp.com Go to Mailchimp.com : Enter an Email, Username, and Password. Click Create My Acco…
This Micro Tutorial will demonstrate the easy use of Gmail embedding images in your email so the recipient of your email can view them in context.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now