Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1407
  • Last Modified:

Exchange 2003 w SP2 not functioning due to DEP error messages, also event ID 7004 and 7010

I'm on a Windows 2003 server with SP2,  Exchange 2003 standard w SP2, Symantec Enterprise and GFI Mail essentials. Today we started having problems with the server not sending or receiving email. When I logged onto the server the DEP (Data Execution Protection). I upgraded the server to W2K3 SP2 in an attempt to resolve the issue. However, as soon as rebooted and logged back in I started receiving error messages that the IIS worker process failed to start. The DEP settings are currently set to on for all programs and services except those I select. The following are selected: autdlsvc, IIS worker process, Internet Information Services.
Not long after the restart the exchange went down again with the error that the Exchange system manager failed to retrievce queues for the SMTP Virtual Server (error code= 0x800706D9). I've also checked the event logs, and I've two different event IDs that seem to relate to my current problem. After looking into those events, I updated the NIC drivers to the most current verision, ran diagnostics on the nics without errors, and rebooted again. The same issues occurred again. Any help would be greatly appreciated. Thanks.
0
bvcorson
Asked:
bvcorson
1 Solution
 
bvcorsonAuthor Commented:
This same issue is also occurring at several other client sites with some variations. The constants have been IIS worker process error messages, and email problems.
0
 
AnthonyP9618Commented:
Did anything else change before you upgraded to SP2?  No recent driver changes, anything at all?

Well.. it seems apparent that the SP2 install seems to have messed up IIS.  So, now you have 2 problems...

Have you tried removing SP2 and refocusing on the initial issue?
0
 
bvcorsonAuthor Commented:
The problem with IIS was prior to the SP2 install. The initial DEP message was blocking IIS, then after I modified DEP, I started getting the IIS worker process error. This is going on on another clients 2003 server with SP1 as well. Other than these items, there haven't been any recent driver changes or patches installed.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
TolomirAdministratorCommented:
You might want to try this:

http://www.myagent.dk/2006/06/03/iis-6-worker-process-is-evil/

The solution: in your boot.ini put "/noexecute=AlwaysOff"
0
 
TolomirAdministratorCommented:
See also:

http://www.tek-tips.com/viewthread.cfm?qid=1333388

DEP is most useful on systems that web browsing is run on and on which 3rd party apps are regularly installed. If your system is respected as a server and a DC, I would trade DEP for IIS stability by disabling DEP.

To do this:

Get Properties on My Computer -> Advanced -> Startup & recovery -> Setting -> Edit and change the /NoExecute setting to /NoExecute=AlwaysOff

The change will apply after a reboot.
0
 
TolomirAdministratorCommented:
On tek-tips they blame IE 7 for the culprit:

"IE7 was the culprit. I uninstalled it and ever since I had no trouble."

Tolomir
0
 
bvcorsonAuthor Commented:
I think that this will probably work, but then aren't I opening up the server to malicious programs taking advantage of turning the service off.
0
 
TolomirAdministratorCommented:
No, since you know what programs are installed on the server.

Don't you?

Tolomir
0
 
bvcorsonAuthor Commented:
I'll give it a shot.
0
 
TolomirAdministratorCommented:
DEP is no general intrusion prevention. One has to install or execute the intruder.

It's rather designed to block attempts of programs to get higher permissions than windoes/the user intends.

Please take a look at http://support.microsoft.com/kb/875352 for details.

As it seems some program maybe really IE 7 is triggering DEP. You might want to deinstall the browser and check again.

Tolomir  
0
 
bvcorsonAuthor Commented:
IE7 was never installed.
0
 
TolomirAdministratorCommented:
Take a look at:

http://support.microsoft.com/kb/843106

How to troubleshoot the "504 need to authenticate first" SMTP protocol error

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7004

Date: 1/13/2004
Time: 5:23:43 PM
User: N/A
Computer: COMPUTERNAME
Description: This is an SMTP protocol error log for virtual server ID 1, connection #29. The remote host "E2k3server1.contoso.com", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2336 3 ". This will probably cause the connection to fail.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 1/13/2004
Time: 5:43:49 PM
User: N/A Computer: COMPUTERNAME
Description: This is an SMTP protocol log for virtual server ID 1, connection #30. The client at "6.5.2.4" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 1092 2". This will probably cause the connection to fail. These events indicate that the XEXCH50 protocol sink fired, but the exchange of the blobs failed between the servers listed in the events.


Does that fit for you? Check the link for a possible solution.

Tolomir
0
 
twfrostIT ConsultantCommented:
I think I have the fix - Upgrade your GFI Mail Essentials version 12 to the latest 2007 build.  Once I reinstalled mine that seemed to fix the issue.

Here are my specs.
Windows 2003 Server Std sp1 -when issue started - upgraded to SP2
Exchange Server 2003 Std SP2
GFI Mail Essentials 12
Symantec Mail Security

I previously tried running Windows 2003 SP2, ran AV and MRT scans, Stopped the DEP using /NoExecute/AlwaysOff switch in boot.ini, Uninstalled IE7.  None of these stopped the IIS (inetinfo.exe) from stopping and restarting and thus stopping and starting my SMTP service for Exchange.

Terry
0
 
Chris DentPowerShell DeveloperCommented:

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT: twfrost {19154683}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Chris-Dent
Experts Exchange Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now