Solved

Exchange 2007 Store.exe crashes with Event IDs 4999, 1000 and 7031

Posted on 2014-03-05
8
1,318 Views
Last Modified: 2014-03-31
Exchange 2007 SP3 is installed on Windows 2008-R2.
Last week, after TrendMicro AV update, we have started seeing these Errors:

Source:        MSExchange Common
Event ID:      4999
Description: Watson report about to be sent to dw20.exe for process id: 5100, with parameters: E12N, c-

Source:        Application Error
Event ID:      1000
Description: Faulting application name: store.exe, version: 8.3.330.0, time stamp: 0x5208b2fb. Faulting module name: MSVCR80.dll, version: 8.0.50727.6229, time stamp: 0x4ec3407e

Log Name:      System
Source:        Service Control Manager
Event ID:      7031
Description: The Microsoft Exchange Information Store service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

We suspected that TrendMicro must have done something and found that Exclusions were gone in OfficeScan client configuration. We have restored all of them, have rebooted the server, but the problem remains.

There is a small possibility that a few mailboxes may have been migrated in around that time. Windows updates also were installed last week.

Thanks for any insight you can provide.
0
Comment
Question by:Akulsh
8 Comments
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 125 total points
ID: 39908483
I would blame Trend on this one. Have you recreated exceptions for your Database paths, Log paths and all your Transport Queues? I usually do the whole Exchange Installation path as well.
0
 
LVL 5

Accepted Solution

by:
arjunvyavahare earned 250 total points
ID: 39908669
Hi,

If event id: 7031 is getting occurred continuously then i would recommend you to please uninstall Trend Micro antivirus and use Microsoft Security Essential Antivirus for next 2 working days and monitor exchange event logs, and if non of these events are getting generated then suggest you to open case with Trend Micro support case on this issue.

Regards,
Arjun
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 39908915
Instead of guessing, you can just disable temporary the TrendMicro Transport Agents.

Use get-transportagent to list the installed agents and then disable-agent <agentname> to disable the TrendMicro agents.
0
 
LVL 3

Author Comment

by:Akulsh
ID: 39908949
Diggisaur and Arjun,

Thank you both for responding. As I mentioned in the original post, I have specified Exclusions in OfficeScan. They are per documentation of Microsoft and TrendMicro. Here is the final Exlusion list (server has Client Access, Hub Transport and Mailbox roles; databases on E: and logs on F:)

C:\inetpub\logs
C:\Windows\System32\Inetsrv
C:\Windows\TEMP

C:\Exchange Server\ClientAccess
C:\Exchange Server\TransportRoles\Logs
C:\Exchange Server\TransportRoles\Pickup
C:\Exchange Server\TransportRoles\Replay
C:\Exchange Server\TransportRoles\Data
C:\Exchange Server\Working

C:\Exchange Server\Logging
C:\Exchange Server\Mailbox
E:\Exchange Server\Mailbox
F:\Exchange Server\Mailbox

C:\Program Files\Trend Micro\Smex

1. Should not these paths be enough?
2. I was thinking of stopping all OfficeScan services for a day. It should not be too risky, right?
3. On installing Microsoft Security Essential Antivirus, do we have to setup Exclusions or is it smart enough to not go where it is not supposed to?
4. How about using this MSE AV, instead of OfficeScan, on this server for good?

Thanks again.

Jay
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 5

Expert Comment

by:arjunvyavahare
ID: 39909191
If you install Microsoft Security Essential, then you don't need to set any exclusions which you have specified.

I know that removing antivirus is risky, thatswhy recommending to install Security Essential for 2 days, if it works properly then proceed to open case with Trend Micro support.

Regards,
Arjun
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 125 total points
ID: 39911818
Last time I checked, the free Microsoft Security Essential Antivirus wouldn't install on servers.

Disabling AV products on an Exchange server doesn't always provide the right results because the links in to the product are still there. Removing the product and rebooting is required.

You may find that removing the product, rebooting then installing the latest build from Trend resolves the issue, as the update may well have simply damaged the original installation.

Simon.
0
 
LVL 3

Author Comment

by:Akulsh
ID: 39912094
Sembee,

I also used to think that MSE AV is for workstations only. However, this MSDN link specifically says: Download Microsoft Security Essentials For Windows Server 2008 R2.

I did ask in my previous post if such MSE can be used as permanent replacement on servers for AV softwares like OfficeScan BUT no one has responded.

About your second statement -- links are there and server needs to be rebooted -- we had similar experience only today when the person in-charge just uninstalled the AV and problem continued. But then I stopped and disabled both OfficeScan services and this did the trick. We will reboot in off-hours.

Finally, about your last suggestion, I had already done this -- including pre and post reboots -- before starting this thread. It did not help one bit. The latest build of TrendMciro's OfficeScan (10.6 SP3) is the problem on this Exch 2007 server, even though this build is not all that new.

Ajay K
0
 
LVL 3

Author Comment

by:Akulsh
ID: 39921476
Looks like no one wants to say that MSE can be used as a permanent AV solution, since its use on servers is not official.

In any case, we still have Store.exe termination instances after removing OfficeScan, though much fewer. Now I have added Exclusions of folders in MSE  -- was told that it is not necessary -- and hopefully things will improve further.

A question: I don't see any service related to MSE. Where is it? Any other way to restart this program? Thanks.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now