Solved

Exchange 2007 Store.exe crashes with Event IDs 4999, 1000 and 7031

Posted on 2014-03-05
8
1,392 Views
Last Modified: 2014-03-31
Exchange 2007 SP3 is installed on Windows 2008-R2.
Last week, after TrendMicro AV update, we have started seeing these Errors:

Source:        MSExchange Common
Event ID:      4999
Description: Watson report about to be sent to dw20.exe for process id: 5100, with parameters: E12N, c-

Source:        Application Error
Event ID:      1000
Description: Faulting application name: store.exe, version: 8.3.330.0, time stamp: 0x5208b2fb. Faulting module name: MSVCR80.dll, version: 8.0.50727.6229, time stamp: 0x4ec3407e

Log Name:      System
Source:        Service Control Manager
Event ID:      7031
Description: The Microsoft Exchange Information Store service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

We suspected that TrendMicro must have done something and found that Exclusions were gone in OfficeScan client configuration. We have restored all of them, have rebooted the server, but the problem remains.

There is a small possibility that a few mailboxes may have been migrated in around that time. Windows updates also were installed last week.

Thanks for any insight you can provide.
0
Comment
Question by:Akulsh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 125 total points
ID: 39908483
I would blame Trend on this one. Have you recreated exceptions for your Database paths, Log paths and all your Transport Queues? I usually do the whole Exchange Installation path as well.
0
 
LVL 5

Accepted Solution

by:
Arjun Vyavahare earned 250 total points
ID: 39908669
Hi,

If event id: 7031 is getting occurred continuously then i would recommend you to please uninstall Trend Micro antivirus and use Microsoft Security Essential Antivirus for next 2 working days and monitor exchange event logs, and if non of these events are getting generated then suggest you to open case with Trend Micro support case on this issue.

Regards,
Arjun
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39908915
Instead of guessing, you can just disable temporary the TrendMicro Transport Agents.

Use get-transportagent to list the installed agents and then disable-agent <agentname> to disable the TrendMicro agents.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:Akulsh
ID: 39908949
Diggisaur and Arjun,

Thank you both for responding. As I mentioned in the original post, I have specified Exclusions in OfficeScan. They are per documentation of Microsoft and TrendMicro. Here is the final Exlusion list (server has Client Access, Hub Transport and Mailbox roles; databases on E: and logs on F:)

C:\inetpub\logs
C:\Windows\System32\Inetsrv
C:\Windows\TEMP

C:\Exchange Server\ClientAccess
C:\Exchange Server\TransportRoles\Logs
C:\Exchange Server\TransportRoles\Pickup
C:\Exchange Server\TransportRoles\Replay
C:\Exchange Server\TransportRoles\Data
C:\Exchange Server\Working

C:\Exchange Server\Logging
C:\Exchange Server\Mailbox
E:\Exchange Server\Mailbox
F:\Exchange Server\Mailbox

C:\Program Files\Trend Micro\Smex

1. Should not these paths be enough?
2. I was thinking of stopping all OfficeScan services for a day. It should not be too risky, right?
3. On installing Microsoft Security Essential Antivirus, do we have to setup Exclusions or is it smart enough to not go where it is not supposed to?
4. How about using this MSE AV, instead of OfficeScan, on this server for good?

Thanks again.

Jay
0
 
LVL 5

Expert Comment

by:Arjun Vyavahare
ID: 39909191
If you install Microsoft Security Essential, then you don't need to set any exclusions which you have specified.

I know that removing antivirus is risky, thatswhy recommending to install Security Essential for 2 days, if it works properly then proceed to open case with Trend Micro support.

Regards,
Arjun
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 125 total points
ID: 39911818
Last time I checked, the free Microsoft Security Essential Antivirus wouldn't install on servers.

Disabling AV products on an Exchange server doesn't always provide the right results because the links in to the product are still there. Removing the product and rebooting is required.

You may find that removing the product, rebooting then installing the latest build from Trend resolves the issue, as the update may well have simply damaged the original installation.

Simon.
0
 
LVL 3

Author Comment

by:Akulsh
ID: 39912094
Sembee,

I also used to think that MSE AV is for workstations only. However, this MSDN link specifically says: Download Microsoft Security Essentials For Windows Server 2008 R2.

I did ask in my previous post if such MSE can be used as permanent replacement on servers for AV softwares like OfficeScan BUT no one has responded.

About your second statement -- links are there and server needs to be rebooted -- we had similar experience only today when the person in-charge just uninstalled the AV and problem continued. But then I stopped and disabled both OfficeScan services and this did the trick. We will reboot in off-hours.

Finally, about your last suggestion, I had already done this -- including pre and post reboots -- before starting this thread. It did not help one bit. The latest build of TrendMciro's OfficeScan (10.6 SP3) is the problem on this Exch 2007 server, even though this build is not all that new.

Ajay K
0
 
LVL 3

Author Comment

by:Akulsh
ID: 39921476
Looks like no one wants to say that MSE can be used as a permanent AV solution, since its use on servers is not official.

In any case, we still have Store.exe termination instances after removing OfficeScan, though much fewer. Now I have added Exclusions of folders in MSE  -- was told that it is not necessary -- and hopefully things will improve further.

A question: I don't see any service related to MSE. Where is it? Any other way to restart this program? Thanks.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question