cymrich
asked on
Antigen 9.1 SP1 error TION: Smtp sink status 3, method returned 0x80004005.
I keep getting frequent eventID 4008 from AntigenSMTPSink that all say:
TION: Smtp sink status 3, method returned 0x80004005.
I can't find any relevant info other than 1 person's suggestion to run antutil /disable then /enable... I've done that and I'm still getting these errors. The spam filter/antivirus is working, but it certainly isn't working as well as it should. I suspect these errors are at least partly why.
Also, the updates for some of the engines almost always timeout... the kaspersky ones in particular have problems and haven't successfully updated in so long all the update info is blank.
TION: Smtp sink status 3, method returned 0x80004005.
I can't find any relevant info other than 1 person's suggestion to run antutil /disable then /enable... I've done that and I'm still getting these errors. The spam filter/antivirus is working, but it certainly isn't working as well as it should. I suspect these errors are at least partly why.
Also, the updates for some of the engines almost always timeout... the kaspersky ones in particular have problems and haven't successfully updated in so long all the update info is blank.
Do you have latest Hotfix Rollup installed? are you getting any error or warning in event viewer?
ASKER
my original post has the error I am receiving... I have SP1 installed and supposedly once you have that you receive updates through windows updates. I've checked for updates there and there are none.
This will occur when Antigen is unable to access message objects in the SMTP Queue. This may indicate a temporary resource problem on the system.
Recycle the Antigen services
Stop all Antigen services > Wait for all services to completely shut down > Use Task Manager to make > sure that no Antigen processes are still running > Start all Antigen services.
Run Restart-Service MSExchangeTransport
Or if possible reboot the server.
If the issue persists then :
Provide Get-TransportAgent command result.
Also in server event log do you have any error or warning related to the transport service?
What is the Exchange rollup update you have on server?
Recycle the Antigen services
Stop all Antigen services > Wait for all services to completely shut down > Use Task Manager to make > sure that no Antigen processes are still running > Start all Antigen services.
Run Restart-Service MSExchangeTransport
Or if possible reboot the server.
If the issue persists then :
Provide Get-TransportAgent command result.
Also in server event log do you have any error or warning related to the transport service?
What is the Exchange rollup update you have on server?
ASKER
The services were all shutdown and restarted a few times recently... although I have not done a full reboot yet.
These commands you are mentioning look like Exchange 2007 commands... Unfortunately I am using Exchange 2003 SP2. Unless I am mistaken Antigen is for 03 and before only, and Forefront would be used with 07. Is there an equivalent to these command for 03? I went ahead and tried them from a command prompt just in case and they are not recognized.
These commands you are mentioning look like Exchange 2007 commands... Unfortunately I am using Exchange 2003 SP2. Unless I am mistaken Antigen is for 03 and before only, and Forefront would be used with 07. Is there an equivalent to these command for 03? I went ahead and tried them from a command prompt just in case and they are not recognized.
ASKER
forgot to add... the only transport errors I see in the event logs are NDRs and errors from IMF saying it can't filter a messge.... ID #s 3030 for the NDRs and 7515 for the IMF
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think I might have figured this out. It seems somehow it lost the license agreement information. When I looked under product license it showed XXXXXXXXX for the agreement number and 10/4/11 as the expiration. I knew that the expiration was wrong and it should have been 7/31/11. After inputting the agreement number again and then doing the updates it appears to be in working order once again.
The link you provided for the update time out was very helpful. I had found something similar for forefront when I searched google about it, but when looking for an antigen key to edit instead of a forefront one, I forgot to keep in mind that it used to belong to Sybari. It seemed at first that every time I upped the download timeout it would simply download slower... but then I finally just set it to 1 hour and I was able to update everything that had been timing out. at at 10 minutes it made it to 60% or so, at 20 minutes it made it to 50% or so... our connection is not that slow or unstable so this strikes me as odd.
After looking at the event logs again I realize I didn't notice that the 4008 events had indeed stopped the night I ran the antutil /disable and /enable. They had not stopped right when I did it but the last ones were roughly an hour later. so that at least was successful, but I'm not sure how the license agreement information was lost.
I'm going to keep an eye on this until next week before officially calling it fixed.
The link you provided for the update time out was very helpful. I had found something similar for forefront when I searched google about it, but when looking for an antigen key to edit instead of a forefront one, I forgot to keep in mind that it used to belong to Sybari. It seemed at first that every time I upped the download timeout it would simply download slower... but then I finally just set it to 1 hour and I was able to update everything that had been timing out. at at 10 minutes it made it to 60% or so, at 20 minutes it made it to 50% or so... our connection is not that slow or unstable so this strikes me as odd.
After looking at the event logs again I realize I didn't notice that the 4008 events had indeed stopped the night I ran the antutil /disable and /enable. They had not stopped right when I did it but the last ones were roughly an hour later. so that at least was successful, but I'm not sure how the license agreement information was lost.
I'm going to keep an eye on this until next week before officially calling it fixed.
Hmm.. Green light.... :-)
ASKER
any suggestions?