[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can Exchange Server 2003 Service Pack 1 be loaded in safe mode?

Posted on 2007-10-19
9
Medium Priority
?
271 Views
Last Modified: 2013-11-22
I have exchange server loaded as a part of Small Business Server 2003.  I got a denial of service attack which created 700,000 entries in the c:/program files/exchsrvr/mailroot/vsi 1/badmail directory.  I shut down to safe mode to scan for malicious software with the Microsoft Malisious Software detection and removal tool and delete the records in the badmail directory.  I rebooted as administrator so that I could load exchange server 2003 service pack 1 which I understand can take care of the problem.  Problem is that I have the server disconnected from the web and all other machines and the folder is filling up again.  Is this because it had buffered the information before the shutdown or is there still some malicious software out there?  Can I shut down to single user mode and load the sp1?
0
Comment
Question by:utahspc
  • 5
  • 4
9 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20110661
You cannot install the service pack in safe mode.
Why are you planning to install Exchange 2003 SP1 and not Exchange 2002 SP2? I would skip the service pack and move straight to SP2.

Another thing that you may want to do is simply stop and disable the Exchange based services. Then restart the server. Change the services back to Automatic but do not start them. Then install the service pack. They will be restarted and the messages processed.
However if you have had an NDR attack then it can take a while for Exchange to process the messages.
Are you also installing the Windows service pack? If so then you should be looking to enable recipient filtering and the tar pit.
http://www.amset.info/exchange/filter-unknown.asp

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
 

Author Comment

by:utahspc
ID: 20110781
So will Service Pack 2 include all of service pack 1?  I went in and stopped all of the exchange related services and it is still creating emails.  Is that a problem with the answer you provided?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20110876
Did you stop the IIS Services as well? Those are Exchange related. SMTP will continue to process the messages.

Microsoft service packs have been cumulative since NT4, you do not need to install SP1 and then SP2 except in very specific circumstances when using multiple machines.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 

Author Comment

by:utahspc
ID: 20110979
You are correct.  It seems to be the SMTP service that is running amock.
0
 

Author Comment

by:utahspc
ID: 20111217
Thanks for the last tip.  SMTP was the issue.  I have now disabled the services and rebooted.  I will set them to automatic and load SP2.  When I am finished and the services start, then I assume the system will still need to finish processing through the rest of the emails.  Anything else I should knwo before I start the loading of SP2?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20111309
The service pack goes straight in. Have you updated the rest of the system? Windows, SBS etc? There is a procedure to go through with updating an SBS Server, it is documented on Microsoft's web site. However where it says to install SP1 you can install SP2.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
 

Author Comment

by:utahspc
ID: 20111437
I hate to be stupid, but after downloading SP2 and unzipping it how do you install it?  I do not see any kind of executable?
0
 

Author Comment

by:utahspc
ID: 20112195
I an't believe the fix was this easy.  After loading SP2 it also did something with the smtp queue so that the 800,000 emails quit processing
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20112470
Have you updated Windows as well? You should make the changes I outlined in my article linked to above to ensure that you don't have problems in the future.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question