Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2003 w SP2 not functioning due to DEP error messages, also event ID 7004 and 7010

Posted on 2007-04-03
15
Medium Priority
?
1,403 Views
Last Modified: 2013-12-04
I'm on a Windows 2003 server with SP2,  Exchange 2003 standard w SP2, Symantec Enterprise and GFI Mail essentials. Today we started having problems with the server not sending or receiving email. When I logged onto the server the DEP (Data Execution Protection). I upgraded the server to W2K3 SP2 in an attempt to resolve the issue. However, as soon as rebooted and logged back in I started receiving error messages that the IIS worker process failed to start. The DEP settings are currently set to on for all programs and services except those I select. The following are selected: autdlsvc, IIS worker process, Internet Information Services.
Not long after the restart the exchange went down again with the error that the Exchange system manager failed to retrievce queues for the SMTP Virtual Server (error code= 0x800706D9). I've also checked the event logs, and I've two different event IDs that seem to relate to my current problem. After looking into those events, I updated the NIC drivers to the most current verision, ran diagnostics on the nics without errors, and rebooted again. The same issues occurred again. Any help would be greatly appreciated. Thanks.
0
Comment
Question by:bvcorson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 

Author Comment

by:bvcorson
ID: 18846918
This same issue is also occurring at several other client sites with some variations. The constants have been IIS worker process error messages, and email problems.
0
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18847435
Did anything else change before you upgraded to SP2?  No recent driver changes, anything at all?

Well.. it seems apparent that the SP2 install seems to have messed up IIS.  So, now you have 2 problems...

Have you tried removing SP2 and refocusing on the initial issue?
0
 

Author Comment

by:bvcorson
ID: 18848020
The problem with IIS was prior to the SP2 install. The initial DEP message was blocking IIS, then after I modified DEP, I started getting the IIS worker process error. This is going on on another clients 2003 server with SP1 as well. Other than these items, there haven't been any recent driver changes or patches installed.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 27

Expert Comment

by:Tolomir
ID: 18848036
You might want to try this:

http://www.myagent.dk/2006/06/03/iis-6-worker-process-is-evil/

The solution: in your boot.ini put "/noexecute=AlwaysOff"
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848045
See also:

http://www.tek-tips.com/viewthread.cfm?qid=1333388

DEP is most useful on systems that web browsing is run on and on which 3rd party apps are regularly installed. If your system is respected as a server and a DC, I would trade DEP for IIS stability by disabling DEP.

To do this:

Get Properties on My Computer -> Advanced -> Startup & recovery -> Setting -> Edit and change the /NoExecute setting to /NoExecute=AlwaysOff

The change will apply after a reboot.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848059
On tek-tips they blame IE 7 for the culprit:

"IE7 was the culprit. I uninstalled it and ever since I had no trouble."

Tolomir
0
 

Author Comment

by:bvcorson
ID: 18848065
I think that this will probably work, but then aren't I opening up the server to malicious programs taking advantage of turning the service off.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848089
No, since you know what programs are installed on the server.

Don't you?

Tolomir
0
 

Author Comment

by:bvcorson
ID: 18848093
I'll give it a shot.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848102
DEP is no general intrusion prevention. One has to install or execute the intruder.

It's rather designed to block attempts of programs to get higher permissions than windoes/the user intends.

Please take a look at http://support.microsoft.com/kb/875352 for details.

As it seems some program maybe really IE 7 is triggering DEP. You might want to deinstall the browser and check again.

Tolomir  
0
 

Author Comment

by:bvcorson
ID: 18848120
IE7 was never installed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848189
Take a look at:

http://support.microsoft.com/kb/843106

How to troubleshoot the "504 need to authenticate first" SMTP protocol error

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7004

Date: 1/13/2004
Time: 5:23:43 PM
User: N/A
Computer: COMPUTERNAME
Description: This is an SMTP protocol error log for virtual server ID 1, connection #29. The remote host "E2k3server1.contoso.com", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2336 3 ". This will probably cause the connection to fail.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 1/13/2004
Time: 5:43:49 PM
User: N/A Computer: COMPUTERNAME
Description: This is an SMTP protocol log for virtual server ID 1, connection #30. The client at "6.5.2.4" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 1092 2". This will probably cause the connection to fail. These events indicate that the XEXCH50 protocol sink fired, but the exchange of the blobs failed between the servers listed in the events.


Does that fit for you? Check the link for a possible solution.

Tolomir
0
 
LVL 1

Accepted Solution

by:
twfrost earned 2000 total points
ID: 19154683
I think I have the fix - Upgrade your GFI Mail Essentials version 12 to the latest 2007 build.  Once I reinstalled mine that seemed to fix the issue.

Here are my specs.
Windows 2003 Server Std sp1 -when issue started - upgraded to SP2
Exchange Server 2003 Std SP2
GFI Mail Essentials 12
Symantec Mail Security

I previously tried running Windows 2003 SP2, ran AV and MRT scans, Stopped the DEP using /NoExecute/AlwaysOff switch in boot.ini, Uninstalled IE7.  None of these stopped the IIS (inetinfo.exe) from stopping and restarting and thus stopping and starting my SMTP service for Exchange.

Terry
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 19708193

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT: twfrost {19154683}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Chris-Dent
Experts Exchange Cleanup Volunteer
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question