Exchange stops accepting mail.

I installed exchange 2007 on 2003 server running as a virtual machine on 2008 hyper-v. There is Symantec email product and endpoint protection installed on the server.  This is the only exchange server.
It seemed stable at first but now keeps hanging somewhere and won’t accept email.
There are several events in the system log:
Event id: 7039
Source: Service control manager
A service process other than the one launched by the Service Control Manager connected when starting the Microsoft Exchange Anti-spam Update service.  The Service Control Manager launched process 2596 and process 3640 connected instead.

Event ID: 7039
Source: Service control manager
A service process other than the one launched by the Service Control Manager connected when starting the Microsoft Exchange EdgeSync service.  The Service Control Manager launched process 4012 and process 2596 connected instead.
Event ID: 7039
Source: Service control manager
A service process other than the one launched by the Service Control Manager connected when starting the Microsoft Exchange File Distribution service.  The Service Control Manager launched process 4192 and process 4012 connected instead.
Event ID: 7031
Source: Service control manager
The Microsoft Exchange File Distribution service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
Event ID: 7039
Source: Service control manager
A service process other than the one launched by the Service Control Manager connected when starting the Symantec Management Client service.  The Service Control Manager launched process 6164 and process 6372 connected instead.
Event ID: 7039
Source: Service control manager
A service process other than the one launched by the Service Control Manager connected when starting the Symantec Management Client service.  The Service Control Manager launched process 6484 and process 6164 connected instead.
Event ID: 7031
Source: Service control manager
The Symantec Management Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


There are several events in the application log:
Event ID: 512
Source: Brightmail
The description for Event ID ( 514 ) in Source ( Brightmail ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: [Brightmail] (ERROR:3640.4008): [12003] Config file not found in registry.
.
Event ID: 512
Source: Brightmail
The description for Event ID ( 514 ) in Source ( Brightmail ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: [Brightmail] (ERROR:6372.6388): [12003] Config file not found in registry.
.
Event ID: 0
Source: SmcService
The description for Event ID ( 0 ) in Source ( SmcService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: SmcService error: 1056, StartServiceCtrlDispatcher failed..
Event ID: 6004
Source: MSExchange Common
MessageTrackingLogs: Failed to write logs because of the error: Access to the path 'D:\Exchange Data\Logs\MessageTracking\MSGTRK20120828-1.LOG' is denied..
NOTE: it is writing to this directory. The security is system, network service, domain admins FULL
amcotechAsked:
Who is Participating?
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
So you have 2 NIC's with different config for Gateway ?
Is the Binding order as you want them to be used ?
Any specific reason you have 2 Nic with different configs

- Rancy
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
What is Brightmail ?
Any events for "Transport" i would be interested in it.
Hope AV isnt scanning Exchange files and DB ?
Disable AV sync - DisableAVStamping
HKEY_Local_Machine\System\CurrentControlSet\Services\MSExchangeIS\VirusScan
The value would be set to 1 change that to 0


- Rancy
0
 
mdennis22Commented:
I would start by identifying the processes that are mentioned in the event logs.  It may be difficult to do this because it appears that some services are restarting, based on the above information.  Check to make sure that the processes that are trying to be launched are not already running.  Meaning that they were launched outside of the services.msc applet.  

Also, try un-installing and re-installing the Symantec product taking time to verify that all mail is flowing before you re-install the protection.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
amcotechAuthor Commented:
Brightmail is symantec's email scanner
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
What if you simply stop the AV when the issue occurs ?
What if you restart Transport service ?

Please do check my earlier suggestions and try to work on them :)

- Rancy
0
 
ninjatekCommented:
I'm not familiar with the Brightmail product, but we have a few clients using Symantec Mail Security for Microsoft Exchange that have recently experienced this 'black-hole' effect.

When the problem occurs you can try stop the services and related processes. If this restores mail-flow, then you should completely uninstall and reinstall the latest version of the app.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
How to Troubleshoot Black Hole Router Issues
http://support.microsoft.com/kb/314825

- Rancy
0
 
Simon Butler (Sembee)ConsultantCommented:
Time for my oldest Exchange advice.
Been posting this for seven years and it hasn't let me down yet.

When there is a problem with Exchange where a Symantec product is installed, the problem is the Symantec product.

I suggest you remove the Symantec product completely, reboot and find your problems go away. If you insist on using it then reinstall the latest build. Don't install what you had originally and then update.

Disabling the product is not enough, that doesn't remove the hooks, all it does is effectively put a blindfold over the product.

Simon.
0
 
ninjatekCommented:
Agreed with Simon's post - I've had numerous issues with the Symantec Mail-Scanning apps. Most of the time disabling it completely (Disable Services and Kill ALL Processes) does restore mail flow, but the only sure-fire way is to completely uninstall and if required reinstall the latest version.

Actually doing this right now :-)

-Ninjatek
0
 
amcotechAuthor Commented:
I had 2 NICs in the machines so routing was changing.  This is an issue with 2003, I have not been able to solve.  2 gateways was the issue.
0
 
Simon Butler (Sembee)ConsultantCommented:
Dual homing Exchange with different gateways is not recommended. It will confuse Exchange. Using two networks is the job of a router, not a server.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.