Solved

SBS2011 Exchange quits processing mail every 6-7 days

Posted on 2014-01-08
5
375 Views
Last Modified: 2014-03-16
SBS2011 server w/ AD, Exchange 2010, DNS Server. All clients use Outlook Anywhere. HP Proliant ML350-G6/16MB.

About a week apart the system required restart twice with the same issue...The majority complaint is Exchange is not processing mail. Can still login to system, TCP working (ping router, remote desktop okay etc) IE gets 404 errors. Exchange Management Console cannot initialize and connect to Exchange.

Looking at error events, DNS server appears to be a common suspect. Around the same time as the problem, DNS Logs event ID 404 followed by ID 408 and these two events repeat about 8 times (in same second) before system resources stop.

DNS Event ID 404 described below: (I can't find a description of ID 408)
"DNS_EVENT_CANNOT_BIND_TCP_SOCKET
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0. The event data is the error code. An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use. Free memory or other system resources
Restart the DNS server or reboot the computer."

This system has been running fine for over 2 years. Required a restart 12/31/2013 and again on 1/7/2014. I haven't had a chance to look into this, but Windows Update was run on 12/23/2013, about a week before the first symptom appeared in which about 40 updates (important) completed successfully.

Thanks in advance for any help on this....
0
Comment
Question by:royatnts
  • 3
  • 2
5 Comments
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 39767084
How much RAM is in use when the issue occurs?
How much RAM is store.exe using when the issue occurs?
Are there any other errors in the Application log IIS related or otherwise?
0
 

Author Comment

by:royatnts
ID: 39769734
Hello Jeremy,
To answer your questions,

>How much RAM is in use when the issue occurs? The last occurred on 1/7/14 and 12/31/13. How can I tell how much ram was in use at that time?
>How much RAM is store.exe using when the issue occurs? Same as above.

In general the system RAM is at around 85% of 16MB RAM all of the time. By design, Exchange will take 100% of a unused RAM, but I have tuned this down (by KB article help) when  the system was installed 2 yrs ago, so as to provide a reserve for other server roles. Under normal conditions Store.exe utilizes about 2.25GB.

>Are there any other errors in the Application log IIS related or otherwise?  Yes. I did find this in the App Log "ADWS". A bunch of these EventID:1206 errors are logged at time of issue both times: (I blocked the actual computer name w/???)
Log Name:      Active Directory Web Services
Source:        ADWS
Date:          1/7/2014 6:22:57 PM
Event ID:      1206
Task Category: ADWS Instance Events
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SPA???.local
Description:
Active Directory Web Services was unable to determine if the computer is a global catalog server.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ADWS" />
    <EventID Qualifiers="49152">1206</EventID>
    <Level>2</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-07T23:22:57.000000000Z" />
    <EventRecordID>499</EventRecordID>
    <Channel>Active Directory Web Services</Channel>
    <Computer>SPA???.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

Thanks for the help on this... BTW, I decided to get current updates for the BPAs and scan the server roles to see if they produce any clues.
0
 

Author Comment

by:royatnts
ID: 39777148
Hello.
Waiting for your reply to my comments....
0
 
LVL 18

Accepted Solution

by:
Jeremy Weisinger earned 500 total points
ID: 39778414
You can view the process RAM usage using Task Manager.

A general health check would be good.
Run the SBS BPA and address issues: http://technet.microsoft.com/en-us/library/gg508357.aspx
Run the Exchange BPA and address issues: http://technet.microsoft.com/en-us/library/aa997090(EXCHG.80).aspx
Run dcdiag and address any issues
Make sure server power setting is set to High Performance

You may want to consider removing the memory limitations (or adjusting them) for the Exchange server. On a server running the Mailbox + any additional roles, it will, by default, allocate up to half the installed RAM to the store cache. I assume you just limited the store cache. With 16GB I would let it go to at least 4GB of RAM for the store cache.
0
 

Author Comment

by:royatnts
ID: 39781213
Sorry. I thought you wanted the process RAM usage from a past tense prospective.

General info - This SBS2011 server was installed on a client site with a migration from SBS2003. The migration was not completed clean as I discovered later that many services & settings on the 2003 server were non-default (removed or modified) and thus some unwanted AD objects got migrated.

Server Rolls:
AD CS
AD DS
Application Server
DHCP Server
DNS Server
File Services
Network Policy & Access Services
Remote Desktop Services
Web Server (IIS)
WSUS was installed, then removed (not worth the extra management)

Applications Installed:
Exchanger Server 2010 (integrated in SBS2011)
SharePoint 2010 (integrated in sbs20110)
Microsoft SQL 2008
Microsoft SQL 2008 R2
QuickBooks Enterprise Solutions
Kaspersky Security 8.0 for Microsoft Exchange Server



SBS BPA issues (9 Warnings):
1.DCOM errors-cannot connect to a computer <name>. Happens to be the non-existent DC SBS2003 server.  I found and removed this object in the AD Users, Exchange System object list.
2-5. Four Authentication warnings for the IIS App Pools for Exchange (OWA, Sync, Services, ECP, OWA calendar, PowerShell) recommendation to change authentication from "Local System" to "AppPoolIdentity" (who is that?) So I changed them as instructed. It didn't take long for users to notify me of emails no longer working on their mobile devices.... I'm not a fan of these BPAs. Had to reverse those settings.
6. Default Web Site's log over 1gb in size....I Purged those log files, okay now.
7. Warning for IE Enhanced Security Config.
8. Latest update rollup not installed. I don't do Auto Updates on a server. (Updates were manually done recently)
9. There are empty Server containers in AD. (I looked but couldn't find these)

Exchange BPA Report (12 Items-Warnings)
1. Warning in AD Forest- "Write DACL inherit (Group)"
2. Info in Organization (Domain) -"Junk Store threshold not configured"
3. Warning in Exchange Administrative Group -"Circular logging enabled"
4-5. Warning in Server: <Name> - "Net interface driver over 2 years old"
6-7. Warning in Server: <Name> - "Storage driver over 2 years old"
8. Warning in Server: <Name> - "SSL is enabled on IIS Root directory"
9. Warning in Server: <Name> - "Temporary file path optimization" (for TEMP file)
10. Warning in Server: <Name> - "Temporary file path optimization" (for TMP file)
11. Info in Server: <Name> - "Single Global Catalog in topology"
12. Info in Server: <Name> - "Crash upload logging disabled"

Of the above 12 issues, the only ones that I see would effect system performance is the two Temp folders in the system environment variables (both currently on the %system root%). Is it safe to just change the paths of these folders to another drive?

DCDiag produced these errors: (only one DC & DNS, so why are we trying to replicate DNS zones?)
Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
          Replicating Directory Changes In Filtered Set access rights for the naming context:
         DC=ForestDnsZones,DC=<Domain>,DC=local
 
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
          Replicating Directory Changes In Filtered Set access rights for the naming context:
         DC=DomainDnsZones,DC=<Domain>,DC=local

Server Power settings are now set to High Performance.

In regard to adjusting the Exchange Store Cache. We have about 12 user mailboxes, 6 of which are heavy users. I have the following limits set (setup 2 years ago):
MsExchESEParamCacheSizeMax: 131072  (this equals 4GB)
MsExchESEParamCacheSizeMin:  65636 (this equals 2GB)

Other info in regard to performance:
All System Drives have plenty of free space remaining. Three system partitions are setup on one RAID5.

SharePoint - We have never used this , so all SharePoint Services are disabled.

SQL - (Largest if not 2nd largest RAM consumer) Can't open the SQL Management Studio. Used to, but now it won't connect to the server. There are 3-4 sqlservr.exe process running all the times and I don't know if they are necessary in order to free up some system resources. SQL 2008 is installed and SQL 2008 R2 is installed as well. Not sure how this happened (suspect during trial install of Kaspersky Endpoint Security for Enterprise Servers). I would like to remove all of SQL and start over, but don't know if this practice would be safe on a production server, especially as tightly linked this SBS is to all of its apps. This server never liked to be adjusted/tweaked/Config...One thing would effect another.

DHCP BPA - Found Dynamic Integration turned off. Turned this on and setup credentials for admin account.

Server NIC Advanced settings - Found "Flow Control Disabled". I enabled this. For TX & Rvc buffers set to 200..Should this be set higher? BTW, the site network switch is Gig Ethernet on all ports for all clients, servers, routers etc..

Domain Functional Level - Found this to be "Windows Server 2003" !!!  Is it safe to raise it to 2008? What would be the need if this is the only DC?

I really appreciate all your advice.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now