Solved

Exchange 2003 w SP2 not functioning due to DEP error messages, also event ID 7004 and 7010

Posted on 2007-04-03
15
1,398 Views
Last Modified: 2013-12-04
I'm on a Windows 2003 server with SP2,  Exchange 2003 standard w SP2, Symantec Enterprise and GFI Mail essentials. Today we started having problems with the server not sending or receiving email. When I logged onto the server the DEP (Data Execution Protection). I upgraded the server to W2K3 SP2 in an attempt to resolve the issue. However, as soon as rebooted and logged back in I started receiving error messages that the IIS worker process failed to start. The DEP settings are currently set to on for all programs and services except those I select. The following are selected: autdlsvc, IIS worker process, Internet Information Services.
Not long after the restart the exchange went down again with the error that the Exchange system manager failed to retrievce queues for the SMTP Virtual Server (error code= 0x800706D9). I've also checked the event logs, and I've two different event IDs that seem to relate to my current problem. After looking into those events, I updated the NIC drivers to the most current verision, ran diagnostics on the nics without errors, and rebooted again. The same issues occurred again. Any help would be greatly appreciated. Thanks.
0
Comment
Question by:bvcorson
15 Comments
 

Author Comment

by:bvcorson
ID: 18846918
This same issue is also occurring at several other client sites with some variations. The constants have been IIS worker process error messages, and email problems.
0
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18847435
Did anything else change before you upgraded to SP2?  No recent driver changes, anything at all?

Well.. it seems apparent that the SP2 install seems to have messed up IIS.  So, now you have 2 problems...

Have you tried removing SP2 and refocusing on the initial issue?
0
 

Author Comment

by:bvcorson
ID: 18848020
The problem with IIS was prior to the SP2 install. The initial DEP message was blocking IIS, then after I modified DEP, I started getting the IIS worker process error. This is going on on another clients 2003 server with SP1 as well. Other than these items, there haven't been any recent driver changes or patches installed.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 27

Expert Comment

by:Tolomir
ID: 18848036
You might want to try this:

http://www.myagent.dk/2006/06/03/iis-6-worker-process-is-evil/

The solution: in your boot.ini put "/noexecute=AlwaysOff"
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848045
See also:

http://www.tek-tips.com/viewthread.cfm?qid=1333388

DEP is most useful on systems that web browsing is run on and on which 3rd party apps are regularly installed. If your system is respected as a server and a DC, I would trade DEP for IIS stability by disabling DEP.

To do this:

Get Properties on My Computer -> Advanced -> Startup & recovery -> Setting -> Edit and change the /NoExecute setting to /NoExecute=AlwaysOff

The change will apply after a reboot.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848059
On tek-tips they blame IE 7 for the culprit:

"IE7 was the culprit. I uninstalled it and ever since I had no trouble."

Tolomir
0
 

Author Comment

by:bvcorson
ID: 18848065
I think that this will probably work, but then aren't I opening up the server to malicious programs taking advantage of turning the service off.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848089
No, since you know what programs are installed on the server.

Don't you?

Tolomir
0
 

Author Comment

by:bvcorson
ID: 18848093
I'll give it a shot.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848102
DEP is no general intrusion prevention. One has to install or execute the intruder.

It's rather designed to block attempts of programs to get higher permissions than windoes/the user intends.

Please take a look at http://support.microsoft.com/kb/875352 for details.

As it seems some program maybe really IE 7 is triggering DEP. You might want to deinstall the browser and check again.

Tolomir  
0
 

Author Comment

by:bvcorson
ID: 18848120
IE7 was never installed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18848189
Take a look at:

http://support.microsoft.com/kb/843106

How to troubleshoot the "504 need to authenticate first" SMTP protocol error

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7004

Date: 1/13/2004
Time: 5:23:43 PM
User: N/A
Computer: COMPUTERNAME
Description: This is an SMTP protocol error log for virtual server ID 1, connection #29. The remote host "E2k3server1.contoso.com", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2336 3 ". This will probably cause the connection to fail.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 1/13/2004
Time: 5:43:49 PM
User: N/A Computer: COMPUTERNAME
Description: This is an SMTP protocol log for virtual server ID 1, connection #30. The client at "6.5.2.4" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 1092 2". This will probably cause the connection to fail. These events indicate that the XEXCH50 protocol sink fired, but the exchange of the blobs failed between the servers listed in the events.


Does that fit for you? Check the link for a possible solution.

Tolomir
0
 
LVL 1

Accepted Solution

by:
twfrost earned 500 total points
ID: 19154683
I think I have the fix - Upgrade your GFI Mail Essentials version 12 to the latest 2007 build.  Once I reinstalled mine that seemed to fix the issue.

Here are my specs.
Windows 2003 Server Std sp1 -when issue started - upgraded to SP2
Exchange Server 2003 Std SP2
GFI Mail Essentials 12
Symantec Mail Security

I previously tried running Windows 2003 SP2, ran AV and MRT scans, Stopped the DEP using /NoExecute/AlwaysOff switch in boot.ini, Uninstalled IE7.  None of these stopped the IIS (inetinfo.exe) from stopping and restarting and thus stopping and starting my SMTP service for Exchange.

Terry
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 19708193

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT: twfrost {19154683}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Chris-Dent
Experts Exchange Cleanup Volunteer
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question