asked on
SBS2011 Exchange quits processing mail every 6-7 days
SBS2011 server w/ AD, Exchange 2010, DNS Server. All clients use Outlook Anywhere. HP Proliant ML350-G6/16MB.
About a week apart the system required restart twice with the same issue...The majority complaint is Exchange is not processing mail. Can still login to system, TCP working (ping router, remote desktop okay etc) IE gets 404 errors. Exchange Management Console cannot initialize and connect to Exchange.
Looking at error events, DNS server appears to be a common suspect. Around the same time as the problem, DNS Logs event ID 404 followed by ID 408 and these two events repeat about 8 times (in same second) before system resources stop.
DNS Event ID 404 described below: (I can't find a description of ID 408)
"DNS_EVENT_CANNOT_BIND_TCP
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0. The event data is the error code. An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use. Free memory or other system resources
Restart the DNS server or reboot the computer."
This system has been running fine for over 2 years. Required a restart 12/31/2013 and again on 1/7/2014. I haven't had a chance to look into this, but Windows Update was run on 12/23/2013, about a week before the first symptom appeared in which about 40 updates (important) completed successfully.
Thanks in advance for any help on this....
About a week apart the system required restart twice with the same issue...The majority complaint is Exchange is not processing mail. Can still login to system, TCP working (ping router, remote desktop okay etc) IE gets 404 errors. Exchange Management Console cannot initialize and connect to Exchange.
Looking at error events, DNS server appears to be a common suspect. Around the same time as the problem, DNS Logs event ID 404 followed by ID 408 and these two events repeat about 8 times (in same second) before system resources stop.
DNS Event ID 404 described below: (I can't find a description of ID 408)
"DNS_EVENT_CANNOT_BIND_TCP
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0. The event data is the error code. An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use. Free memory or other system resources
Restart the DNS server or reboot the computer."
This system has been running fine for over 2 years. Required a restart 12/31/2013 and again on 1/7/2014. I haven't had a chance to look into this, but Windows Update was run on 12/23/2013, about a week before the first symptom appeared in which about 40 updates (important) completed successfully.
Thanks in advance for any help on this....
Microsoft Legacy OSMicrosoft Server OSWindows Server 2008
Last Comment
royatnts
ASKER
Hello Jeremy,
To answer your questions,
>How much RAM is in use when the issue occurs? The last occurred on 1/7/14 and 12/31/13. How can I tell how much ram was in use at that time?
>How much RAM is store.exe using when the issue occurs? Same as above.
In general the system RAM is at around 85% of 16MB RAM all of the time. By design, Exchange will take 100% of a unused RAM, but I have tuned this down (by KB article help) when the system was installed 2 yrs ago, so as to provide a reserve for other server roles. Under normal conditions Store.exe utilizes about 2.25GB.
>Are there any other errors in the Application log IIS related or otherwise? Yes. I did find this in the App Log "ADWS". A bunch of these EventID:1206 errors are logged at time of issue both times: (I blocked the actual computer name w/???)
Log Name: Active Directory Web Services
Source: ADWS
Date: 1/7/2014 6:22:57 PM
Event ID: 1206
Task Category: ADWS Instance Events
Level: Error
Keywords: Classic
User: N/A
Computer: SPA???.local
Description:
Active Directory Web Services was unable to determine if the computer is a global catalog server.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ADWS" />
<EventID Qualifiers="49152">1206</E
<Level>2</Level>
<Task>3</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2014-01-07T23:
<EventRecordID>499</EventR
<Channel>Active Directory Web Services</Channel>
<Computer>SPA???.local</Co
<Security />
</System>
<EventData>
</EventData>
</Event>
Thanks for the help on this... BTW, I decided to get current updates for the BPAs and scan the server roles to see if they produce any clues.
To answer your questions,
>How much RAM is in use when the issue occurs? The last occurred on 1/7/14 and 12/31/13. How can I tell how much ram was in use at that time?
>How much RAM is store.exe using when the issue occurs? Same as above.
In general the system RAM is at around 85% of 16MB RAM all of the time. By design, Exchange will take 100% of a unused RAM, but I have tuned this down (by KB article help) when the system was installed 2 yrs ago, so as to provide a reserve for other server roles. Under normal conditions Store.exe utilizes about 2.25GB.
>Are there any other errors in the Application log IIS related or otherwise? Yes. I did find this in the App Log "ADWS". A bunch of these EventID:1206 errors are logged at time of issue both times: (I blocked the actual computer name w/???)
Log Name: Active Directory Web Services
Source: ADWS
Date: 1/7/2014 6:22:57 PM
Event ID: 1206
Task Category: ADWS Instance Events
Level: Error
Keywords: Classic
User: N/A
Computer: SPA???.local
Description:
Active Directory Web Services was unable to determine if the computer is a global catalog server.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ADWS" />
<EventID Qualifiers="49152">1206</E
<Level>2</Level>
<Task>3</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2014-01-07T23:
<EventRecordID>499</EventR
<Channel>Active Directory Web Services</Channel>
<Computer>SPA???.local</Co
<Security />
</System>
<EventData>
</EventData>
</Event>
Thanks for the help on this... BTW, I decided to get current updates for the BPAs and scan the server roles to see if they produce any clues.
ASKER
Hello.
Waiting for your reply to my comments....
Waiting for your reply to my comments....
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Sorry. I thought you wanted the process RAM usage from a past tense prospective.
General info - This SBS2011 server was installed on a client site with a migration from SBS2003. The migration was not completed clean as I discovered later that many services & settings on the 2003 server were non-default (removed or modified) and thus some unwanted AD objects got migrated.
Server Rolls:
AD CS
AD DS
Application Server
DHCP Server
DNS Server
File Services
Network Policy & Access Services
Remote Desktop Services
Web Server (IIS)
WSUS was installed, then removed (not worth the extra management)
Applications Installed:
Exchanger Server 2010 (integrated in SBS2011)
SharePoint 2010 (integrated in sbs20110)
Microsoft SQL 2008
Microsoft SQL 2008 R2
QuickBooks Enterprise Solutions
Kaspersky Security 8.0 for Microsoft Exchange Server
SBS BPA issues (9 Warnings):
1.DCOM errors-cannot connect to a computer <name>. Happens to be the non-existent DC SBS2003 server. I found and removed this object in the AD Users, Exchange System object list.
2-5. Four Authentication warnings for the IIS App Pools for Exchange (OWA, Sync, Services, ECP, OWA calendar, PowerShell) recommendation to change authentication from "Local System" to "AppPoolIdentity" (who is that?) So I changed them as instructed. It didn't take long for users to notify me of emails no longer working on their mobile devices.... I'm not a fan of these BPAs. Had to reverse those settings.
6. Default Web Site's log over 1gb in size....I Purged those log files, okay now.
7. Warning for IE Enhanced Security Config.
8. Latest update rollup not installed. I don't do Auto Updates on a server. (Updates were manually done recently)
9. There are empty Server containers in AD. (I looked but couldn't find these)
Exchange BPA Report (12 Items-Warnings)
1. Warning in AD Forest- "Write DACL inherit (Group)"
2. Info in Organization (Domain) -"Junk Store threshold not configured"
3. Warning in Exchange Administrative Group -"Circular logging enabled"
4-5. Warning in Server: <Name> - "Net interface driver over 2 years old"
6-7. Warning in Server: <Name> - "Storage driver over 2 years old"
8. Warning in Server: <Name> - "SSL is enabled on IIS Root directory"
9. Warning in Server: <Name> - "Temporary file path optimization" (for TEMP file)
10. Warning in Server: <Name> - "Temporary file path optimization" (for TMP file)
11. Info in Server: <Name> - "Single Global Catalog in topology"
12. Info in Server: <Name> - "Crash upload logging disabled"
Of the above 12 issues, the only ones that I see would effect system performance is the two Temp folders in the system environment variables (both currently on the %system root%). Is it safe to just change the paths of these folders to another drive?
DCDiag produced these errors: (only one DC & DNS, so why are we trying to replicate DNS zones?)
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=ForestDnsZones,DC=<Doma
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=DomainDnsZones,DC=<Doma
Server Power settings are now set to High Performance.
In regard to adjusting the Exchange Store Cache. We have about 12 user mailboxes, 6 of which are heavy users. I have the following limits set (setup 2 years ago):
MsExchESEParamCacheSizeMax
MsExchESEParamCacheSizeMin
Other info in regard to performance:
All System Drives have plenty of free space remaining. Three system partitions are setup on one RAID5.
SharePoint - We have never used this , so all SharePoint Services are disabled.
SQL - (Largest if not 2nd largest RAM consumer) Can't open the SQL Management Studio. Used to, but now it won't connect to the server. There are 3-4 sqlservr.exe process running all the times and I don't know if they are necessary in order to free up some system resources. SQL 2008 is installed and SQL 2008 R2 is installed as well. Not sure how this happened (suspect during trial install of Kaspersky Endpoint Security for Enterprise Servers). I would like to remove all of SQL and start over, but don't know if this practice would be safe on a production server, especially as tightly linked this SBS is to all of its apps. This server never liked to be adjusted/tweaked/Config...
DHCP BPA - Found Dynamic Integration turned off. Turned this on and setup credentials for admin account.
Server NIC Advanced settings - Found "Flow Control Disabled". I enabled this. For TX & Rvc buffers set to 200..Should this be set higher? BTW, the site network switch is Gig Ethernet on all ports for all clients, servers, routers etc..
Domain Functional Level - Found this to be "Windows Server 2003" !!! Is it safe to raise it to 2008? What would be the need if this is the only DC?
I really appreciate all your advice.
General info - This SBS2011 server was installed on a client site with a migration from SBS2003. The migration was not completed clean as I discovered later that many services & settings on the 2003 server were non-default (removed or modified) and thus some unwanted AD objects got migrated.
Server Rolls:
AD CS
AD DS
Application Server
DHCP Server
DNS Server
File Services
Network Policy & Access Services
Remote Desktop Services
Web Server (IIS)
WSUS was installed, then removed (not worth the extra management)
Applications Installed:
Exchanger Server 2010 (integrated in SBS2011)
SharePoint 2010 (integrated in sbs20110)
Microsoft SQL 2008
Microsoft SQL 2008 R2
QuickBooks Enterprise Solutions
Kaspersky Security 8.0 for Microsoft Exchange Server
SBS BPA issues (9 Warnings):
1.DCOM errors-cannot connect to a computer <name>. Happens to be the non-existent DC SBS2003 server. I found and removed this object in the AD Users, Exchange System object list.
2-5. Four Authentication warnings for the IIS App Pools for Exchange (OWA, Sync, Services, ECP, OWA calendar, PowerShell) recommendation to change authentication from "Local System" to "AppPoolIdentity" (who is that?) So I changed them as instructed. It didn't take long for users to notify me of emails no longer working on their mobile devices.... I'm not a fan of these BPAs. Had to reverse those settings.
6. Default Web Site's log over 1gb in size....I Purged those log files, okay now.
7. Warning for IE Enhanced Security Config.
8. Latest update rollup not installed. I don't do Auto Updates on a server. (Updates were manually done recently)
9. There are empty Server containers in AD. (I looked but couldn't find these)
Exchange BPA Report (12 Items-Warnings)
1. Warning in AD Forest- "Write DACL inherit (Group)"
2. Info in Organization (Domain) -"Junk Store threshold not configured"
3. Warning in Exchange Administrative Group -"Circular logging enabled"
4-5. Warning in Server: <Name> - "Net interface driver over 2 years old"
6-7. Warning in Server: <Name> - "Storage driver over 2 years old"
8. Warning in Server: <Name> - "SSL is enabled on IIS Root directory"
9. Warning in Server: <Name> - "Temporary file path optimization" (for TEMP file)
10. Warning in Server: <Name> - "Temporary file path optimization" (for TMP file)
11. Info in Server: <Name> - "Single Global Catalog in topology"
12. Info in Server: <Name> - "Crash upload logging disabled"
Of the above 12 issues, the only ones that I see would effect system performance is the two Temp folders in the system environment variables (both currently on the %system root%). Is it safe to just change the paths of these folders to another drive?
DCDiag produced these errors: (only one DC & DNS, so why are we trying to replicate DNS zones?)
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=ForestDnsZones,DC=<Doma
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=DomainDnsZones,DC=<Doma
Server Power settings are now set to High Performance.
In regard to adjusting the Exchange Store Cache. We have about 12 user mailboxes, 6 of which are heavy users. I have the following limits set (setup 2 years ago):
MsExchESEParamCacheSizeMax
MsExchESEParamCacheSizeMin
Other info in regard to performance:
All System Drives have plenty of free space remaining. Three system partitions are setup on one RAID5.
SharePoint - We have never used this , so all SharePoint Services are disabled.
SQL - (Largest if not 2nd largest RAM consumer) Can't open the SQL Management Studio. Used to, but now it won't connect to the server. There are 3-4 sqlservr.exe process running all the times and I don't know if they are necessary in order to free up some system resources. SQL 2008 is installed and SQL 2008 R2 is installed as well. Not sure how this happened (suspect during trial install of Kaspersky Endpoint Security for Enterprise Servers). I would like to remove all of SQL and start over, but don't know if this practice would be safe on a production server, especially as tightly linked this SBS is to all of its apps. This server never liked to be adjusted/tweaked/Config...
DHCP BPA - Found Dynamic Integration turned off. Turned this on and setup credentials for admin account.
Server NIC Advanced settings - Found "Flow Control Disabled". I enabled this. For TX & Rvc buffers set to 200..Should this be set higher? BTW, the site network switch is Gig Ethernet on all ports for all clients, servers, routers etc..
Domain Functional Level - Found this to be "Windows Server 2003" !!! Is it safe to raise it to 2008? What would be the need if this is the only DC?
I really appreciate all your advice.
How much RAM is store.exe using when the issue occurs?
Are there any other errors in the Application log IIS related or otherwise?