universalmac
asked on
Exchange Failure after security updates
Windows auto-update installed the following updates, after which point exchange mail flow has stopped completely - no mail in and no mail out.
Windows Server 2003 Security Update for Windows Server 2003 (KB971633) Saturday, July 18, 2009 Automatic Updates
Windows Server 2003 Security Update for Windows Server 2003 (KB961371) Saturday, July 18, 2009 Automatic Updates
Windows Server 2003 Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB973346)
Anyone aware of any links between these updates and exchange problems?
Here's what the error log says from the time of the update installation:
LDAP Bind was unsuccessful
Directory returned error:[0x34] Unavailable.
Process MAD.EXE (PID=4504). All Domain Controller Servers in use are not responding:
The Win32 API call 'DsGetDCNameW' returned error code [0x862] The specified component could not be found in the configuration information. The service could not be initialized. Make sure that the operating system was installed properly.
Plugin Licensing Notifications reports exception.
ADA: Authentication failed.
Additional info: The RPC server is too busy to complete this operation.
MS DTC has detected that a DC Promotion has happened since the last time the MS DTC service was started.
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\
No Callstack,
CmdLine: C:\WINDOWS\system32\msdtc.
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1
Windows Server 2003 Security Update for Windows Server 2003 (KB971633) Saturday, July 18, 2009 Automatic Updates
Windows Server 2003 Security Update for Windows Server 2003 (KB961371) Saturday, July 18, 2009 Automatic Updates
Windows Server 2003 Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB973346)
Anyone aware of any links between these updates and exchange problems?
Here's what the error log says from the time of the update installation:
LDAP Bind was unsuccessful
Directory returned error:[0x34] Unavailable.
Process MAD.EXE (PID=4504). All Domain Controller Servers in use are not responding:
The Win32 API call 'DsGetDCNameW' returned error code [0x862] The specified component could not be found in the configuration information. The service could not be initialized. Make sure that the operating system was installed properly.
Plugin Licensing Notifications reports exception.
ADA: Authentication failed.
Additional info: The RPC server is too busy to complete this operation.
MS DTC has detected that a DC Promotion has happened since the last time the MS DTC service was started.
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\
No Callstack,
CmdLine: C:\WINDOWS\system32\msdtc.
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SBS Best practices report shows a few things:
1. we have two network cards that are teamed - this makes it look like there are three network cards, which is unsupported. for simplicity, I'll drop the team and just run with the two seperate nics with two different IP's. Rebooting now to see if that helps.
1. we have two network cards that are teamed - this makes it look like there are three network cards, which is unsupported. for simplicity, I'll drop the team and just run with the two seperate nics with two different IP's. Rebooting now to see if that helps.
ASKER
Getting pretty desperate here and running out of options - a full reinstall is the last resort but I'm running out of options, and things have been down for too long already.
Any other suggestions for fixing this?
Any other suggestions for fixing this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alright, I managed to figure it out. There was GFI mail security installed, and even though we didn't use it's virus scanning engine there was some licensing dispute with gfi and there antivirus vendor which caused mailflow to stop - even for people not using the service.
Here's the knowledgebase from GFI on the issue:
http://kbase.gfi.com/showarticle.asp?id=KBID003557&adv=937&loc=47
http://kbase.gfi.com/showarticle.asp?id=KBID003263
Updating to the latest version, disabling antiviruscompletely, or uninstalling the software resolved the problem.
I was able to re-add the messages to the exchange que afterwards and no mail was lost.
Thanks for the help!
Here's the knowledgebase from GFI on the issue:
http://kbase.gfi.com/showarticle.asp?id=KBID003557&adv=937&loc=47
http://kbase.gfi.com/showarticle.asp?id=KBID003263
Updating to the latest version, disabling antiviruscompletely, or uninstalling the software resolved the problem.
I was able to re-add the messages to the exchange que afterwards and no mail was lost.
Thanks for the help!
Strange thing.
Yesterday I had a problem with client's computer (old Dell with Win XP SP3). Klient downloaded some security updates and switched off computer. Next day computer haven't booted up giving error about missing or corrupted file: hal.dll. I booted up from other software and checked that hal.dll is intact and OK. But what was strange boot.ini disappeared.
Later I booted up using recovery console, recreated boot.ini and restarted computer without any problem. Removed IE8 (as last install) and restarted machine. Again I have got error message about hal.dll. Boot.ini was deleted once again!
I repeted procedure with creating boot.ini and booted machine. I tried to find what was downloaded recently. And that were 3 security updates: KB961371, KB971633, KB973346. After uninstaling them computer worked without any problem.
Strange is that in my client's computer that updates had different names than in your server. They were: 'security update for Windows XP'.
Maybe it is coincidence, but be aware....
Yesterday I had a problem with client's computer (old Dell with Win XP SP3). Klient downloaded some security updates and switched off computer. Next day computer haven't booted up giving error about missing or corrupted file: hal.dll. I booted up from other software and checked that hal.dll is intact and OK. But what was strange boot.ini disappeared.
Later I booted up using recovery console, recreated boot.ini and restarted computer without any problem. Removed IE8 (as last install) and restarted machine. Again I have got error message about hal.dll. Boot.ini was deleted once again!
I repeted procedure with creating boot.ini and booted machine. I tried to find what was downloaded recently. And that were 3 security updates: KB961371, KB971633, KB973346. After uninstaling them computer worked without any problem.
Strange is that in my client's computer that updates had different names than in your server. They were: 'security update for Windows XP'.
Maybe it is coincidence, but be aware....
ASKER
Thanks for the tip, crazy stuff. I'm glad my solution ended up being more simple.
ASKER
No changes to this server short of updates in the past several months, however it hasn't been rebooted in a while either - the software updates trigged a auto-reboot which could have been the catalyst for the problem. I.E., something changed previously that didn't take effect until the reboot.