asked on

Can Exchange Server 2003 Service Pack 1 be loaded in safe mode?

I have exchange server loaded as a part of Small Business Server 2003. I got a denial of service attack which created 700,000 entries in the c:/program files/exchsrvr/mailroot/vsi 1/badmail directory. I shut down to safe mode to scan for malicious software with the Microsoft Malisious Software detection and removal tool and delete the records in the badmail directory. I rebooted as administrator so that I could load exchange server 2003 service pack 1 which I understand can take care of the problem. Problem is that I have the server disconnected from the web and all other machines and the folder is filling up again. Is this because it had buffered the information before the shutdown or is there still some malicious software out there? Can I shut down to single user mode and load the sp1?

Sembee

You cannot install the service pack in safe mode.
Why are you planning to install Exchange 2003 SP1 and not Exchange 2002 SP2? I would skip the service pack and move straight to SP2.

Another thing that you may want to do is simply stop and disable the Exchange based services. Then restart the server. Change the services back to Automatic but do not start them. Then install the service pack. They will be restarted and the messages processed.
However if you have had an NDR attack then it can take a while for Exchange to process the messages.
Are you also installing the Windows service pack? If so then you should be looking to enable recipient filtering and the tar pit.
http://www.amset.info/exchange/filter-unknown.asp

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.

utahspc

ASKER

So will Service Pack 2 include all of service pack 1? I went in and stopped all of the exchange related services and it is still creating emails. Is that a problem with the answer you provided?

Sembee

Did you stop the IIS Services as well? Those are Exchange related. SMTP will continue to process the messages.

Microsoft service packs have been cumulative since NT4, you do not need to install SP1 and then SP2 except in very specific circumstances when using multiple machines.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.

utahspc

ASKER

You are correct. It seems to be the SMTP service that is running amock.

utahspc

ASKER

Thanks for the last tip. SMTP was the issue. I have now disabled the services and rebooted. I will set them to automatic and load SP2. When I am finished and the services start, then I assume the system will still need to finish processing through the rest of the emails. Anything else I should knwo before I start the loading of SP2?

ASKER CERTIFIED SOLUTION

Sembee

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

utahspc

ASKER

I hate to be stupid, but after downloading SP2 and unzipping it how do you install it? I do not see any kind of executable?

utahspc

ASKER

I an't believe the fix was this easy. After loading SP2 it also did something with the smtp queue so that the 800,000 emails quit processing

Sembee

Have you updated Windows as well? You should make the changes I outlined in my article linked to above to ensure that you don't have problems in the future.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.