Exchange Failure after security updates

universalmac
universalmac used Ask the Experts™
on
Windows auto-update installed the following updates, after which point exchange mail flow has stopped completely - no mail in and no mail out.

Windows Server 2003 Security Update for Windows Server 2003 (KB971633)  Saturday, July 18, 2009 Automatic Updates  
Windows Server 2003 Security Update for Windows Server 2003 (KB961371)  Saturday, July 18, 2009 Automatic Updates  
Windows Server 2003 Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB973346)

Anyone aware of any links between these updates and exchange problems?

Here's what the error log says from the time of the update installation:

LDAP Bind was unsuccessful
Directory returned error:[0x34] Unavailable.    

Process MAD.EXE (PID=4504). All Domain Controller Servers in use are not responding:

The Win32 API call 'DsGetDCNameW' returned error code [0x862] The specified component could not be found in the configuration information.  The service could not be initialized.  Make sure that the operating system was installed properly.

Plugin Licensing Notifications reports exception.
ADA: Authentication failed.
Additional info: The RPC server is too busy to complete this operation.

MS DTC has detected that a DC Promotion has happened since the last time the MS DTC service was started.

MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1460
No Callstack,
 CmdLine: C:\WINDOWS\system32\msdtc.exe

MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
There was nothing in the updates that should have upset Exchange.
Is this SBS or full product? Your tags say Small Business, but it is always best to check.

The errors point to a problem with domain controller configuration. Ensure that DNS is setup correctly, pointing to the domain controller only. You could also get the SBS Best Practises tool from Microsoft and run that to ensure that nothing else is flagged.

Simon.

Author

Commented:
Yes, it is small business server 2003.

No changes to this server short of updates in the past several months, however it hasn't been rebooted in a while either - the software updates trigged a auto-reboot which could have been the catalyst for the problem.  I.E., something changed previously that didn't take effect until the reboot.

Author

Commented:
SBS Best practices report shows a few things:

1. we have two network cards that are teamed - this makes it look like there are three network cards, which is unsupported.  for simplicity, I'll drop the team and just run with the two seperate nics with two different IP's.  Rebooting now to see if that helps.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Getting pretty desperate here and running out of options - a full reinstall is the last resort but I'm running out of options, and things have been down for too long already.

Any other suggestions for fixing this?
After adjusting the IP configuration and dropping teaming, the server runs a lot cleaner - most of the errors at reboot are gone.  However, still no mail flow.

Here's the only two errors in sbs best practices:

The path of the client programs folder for the ClientAppsRoot registry key is not the same as the path of the ClientApps shared folder. For information on setting the path for this registry key, see "How to move the client programs folder to another location in Windows Small Business Server 2003" at http://go.microsoft.com/fwlink/?LinkId=95294.

Task Offloading is enabled and should be disabled on Windows Small Business Server 2003. Change the value of the DisableTaskOffload registry key to 1. For detailed instructions,  see the Knowledge Base article "You experience intermittent communication failure between computers that are running Windows XP or Windows Server 2003" at http://go.microsoft.com/fwlink/?LinkId=95149. If the DisableTaskOffload registry key does not exist, then manually create this registry key and set its value to 1.

Author

Commented:
Alright, I managed to figure it out.  There was GFI mail security installed, and even though we didn't use it's virus scanning engine there was some licensing dispute with gfi and there antivirus vendor which caused mailflow to stop - even for people not using the service.

Here's the knowledgebase from GFI on the issue:

http://kbase.gfi.com/showarticle.asp?id=KBID003557&adv=937&loc=47
http://kbase.gfi.com/showarticle.asp?id=KBID003263

Updating to the latest version, disabling antiviruscompletely, or uninstalling the software resolved the problem.

I was able to re-add the messages to the exchange que afterwards and no mail was lost.

Thanks for the help!
Strange thing.

Yesterday I had a problem with client's computer (old Dell with Win XP SP3). Klient downloaded some security updates and switched off computer. Next day computer haven't booted up giving error about missing or corrupted file: hal.dll. I booted up from other software and checked that hal.dll is intact and OK. But what was strange boot.ini disappeared.
Later I booted up using recovery console, recreated boot.ini and restarted computer without any problem. Removed IE8 (as last install) and restarted machine. Again I have got error message about hal.dll. Boot.ini was deleted once again!
I repeted procedure with creating boot.ini and booted machine. I tried to find what was downloaded recently. And that were 3 security updates: KB961371, KB971633, KB973346. After uninstaling them computer worked without any problem.

Strange is that in my client's computer that updates had different names than in your server. They were: 'security update for Windows XP'.

Maybe it is coincidence, but be aware....

Author

Commented:
Thanks for the tip, crazy stuff. I'm glad my solution ended up being more simple.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial