Small Business Server and Exchange

I can not get the Exchange services to start. I have run
the updates and am on SP3. The customer was hit with the
blaster worm this morning. I have cleaned it and can not
get back into exchange.

any suggestions?

I do not get a message when trying to load, other than to
say that it timed out.

thx

Terry

J
Tue Aug 12 15:39:10 CDT 2003

Terry


> I can not get the Exchange services to start.

Which service won't start?

Eric
Tue Aug 12 15:53:53 CDT 2003

I have the same exact problem on a client's server with
the identical incident being the cause. The blaster
virus. I've referenced and implemented all
fixes/workarounds in Q312859, Q327844, and Q314294.
Referencing the articles it appears that the problem is
either a security issue of some sort or Exchange 2000's
inability to reach the global catalog. The error code
when Exchange SA fails to start is 0x80040a01. As a side
note, last night when I was remoted in and installing SP4
to the Windows 2000 installation it came across several
files in the, as I recall, system32 directory that it
reported being in use. One such file was tftp.exe. Well
turned out the file was not actually in use but the
permissions for everyone had been changed to deny
access. SP4 came across roughly 5 or 6 files that had
been modified in that manner. I'm curious what other
files are used to start the ESA service and if there's a
possibility any of those have been set to deny access???
I know this reply doesn't answer the question but felt
I'd post more information to see if any of our MS guru's
might think of something. The search continues....

Eric




>-----Original Message-----
>I can not get the Exchange services to start. I have
run
>the updates and am on SP3. The customer was hit with
the
>blaster worm this morning. I have cleaned it and can
not
>get back into exchange.
>
>any suggestions?
>
>I do not get a message when trying to load, other than
to
>say that it timed out.
>
>thx
>
>Terry
>.
>

Marina
Tue Aug 12 16:25:33 CDT 2003

Which updates? Did you at least have the ms03-026 installed?

Marina

"terry" <terryfleming@abratlanta.com> schreef in bericht
news:01e301c36106$1c4fdd80$a501280a@phx.gbl...
> I can not get the Exchange services to start. I have run
> the updates and am on SP3. The customer was hit with the
> blaster worm this morning. I have cleaned it and can not
> get back into exchange.
>
> any suggestions?
>
> I do not get a message when trying to load, other than to
> say that it timed out.
>
> thx
>
> Terry

as
Tue Aug 12 18:10:05 CDT 2003

Having same problem. No sign or Blaster but still Exchange SA, MTA and store
will not start. Anyone have any ideas ?? Getting kind of desperate !


"Marina Roos" <marina@roos.nodontwantspam.nl.com> wrote in message
news:hXc_a.88894$506.84700@typhoon.bart.nl...
> Which updates? Did you at least have the ms03-026 installed?
>
> Marina
>
> "terry" <terryfleming@abratlanta.com> schreef in bericht
> news:01e301c36106$1c4fdd80$a501280a@phx.gbl...
> > I can not get the Exchange services to start. I have run
> > the updates and am on SP3. The customer was hit with the
> > blaster worm this morning. I have cleaned it and can not
> > get back into exchange.
> >
> > any suggestions?
> >
> > I do not get a message when trying to load, other than to
> > say that it timed out.
> >
> > thx
> >
> > Terry
>
>

jann
Tue Aug 12 18:02:52 CDT 2003

Tried turning of AV (if Trend) and seeing if that has any effect? Somehow
the file exclusions on ours had reset, and the effect was very long startup
time, with Exchange sometimes failing.

Having said that, I suffered my first Exchange db corruption ever last
week - had to do the repair utility trick.

HTH

as
Tue Aug 12 18:57:32 CDT 2003

Event ID 9152

Microsoft Exchange System Attendant reported an error '0xc1034a70' in its DS
Monitoring thread.



Event ID 1005

Unexpected error The RPC server is unavailable. Facility: Win32 ID no:
c00706ba Microsoft Exchange System Attendant occurred.



The RPC service is definately running.



Weird na ?

"Marina Roos" <marina@roos.nodontwantspam.nl.com> wrote in message
news:yKe_a.88899$506.84921@typhoon.bart.nl...
> Any errormessages in the eventlogs?
>
> Marina
>
> "as" <anjam@home> schreef in bericht
> news:utCsyPSYDHA.2352@TK2MSFTNGP12.phx.gbl...
> > Having same problem. No sign or Blaster but still Exchange SA, MTA and
> store
> > will not start. Anyone have any ideas ?? Getting kind of desperate !
> >
> >
> > "Marina Roos" <marina@roos.nodontwantspam.nl.com> wrote in message
> > news:hXc_a.88894$506.84700@typhoon.bart.nl...
> > > Which updates? Did you at least have the ms03-026 installed?
> > >
> > > Marina
> > >
> > > "terry" <terryfleming@abratlanta.com> schreef in bericht
> > > news:01e301c36106$1c4fdd80$a501280a@phx.gbl...
> > > > I can not get the Exchange services to start. I have run
> > > > the updates and am on SP3. The customer was hit with the
> > > > blaster worm this morning. I have cleaned it and can not
> > > > get back into exchange.
> > > >
> > > > any suggestions?
> > > >
> > > > I do not get a message when trying to load, other than to
> > > > say that it timed out.
> > > >
> > > > thx
> > > >
> > > > Terry
> > >
> > >
> >
> >
>
>

rayfong
Tue Aug 12 22:04:51 CDT 2003

Please make sure
1. You don't have firewall client installed at the server (Check Add/Remove
Program)
2. Binding is correct, internal nic is first.
3. File and Print Sharing for Microsoft Networks is unchecked in Network
Setting for the internal nic

2) NetBios over TCP/IP is checked for the internal nic under TCP/IP
Properties

3) NetBios TCP/IP Helper service is started.

Ray Fong
Microsoft SBS Product Support

This posting is provided "AS IS" with no warranties, and confers no rights.


>
>Event ID 9152
>
>Microsoft Exchange System Attendant reported an error '0xc1034a70' in its
DS
>Monitoring thread.
>
>
>
>Event ID 1005
>
>Unexpected error The RPC server is unavailable. Facility: Win32 ID no:
>c00706ba Microsoft Exchange System Attendant occurred.
>
>
>
>The RPC service is definately running.
>
>
>
>Weird na ?
>

Eric
Wed Aug 13 08:57:24 CDT 2003

Hey Ray. Glad to see you're still around the support
department. Probably don't remember me since you talk to
so many but you've helped me a couple of times in the
past on the phone. I checked what you suggested and I
did find that Netbios over TCP/IP was disabled. I
enabled it but it still does the same thing. Anything
else come to mind?

Eric

>-----Original Message-----
>Please make sure
>1. You don't have firewall client installed at the
server (Check Add/Remove
>Program)
>2. Binding is correct, internal nic is first.
>3. File and Print Sharing for Microsoft Networks is
unchecked in Network
>Setting for the internal nic
>
>2) NetBios over TCP/IP is checked for the internal nic
under TCP/IP
>Properties
>
>3) NetBios TCP/IP Helper service is started.
>
>Ray Fong
>Microsoft SBS Product Support
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>>
>>Event ID 9152
>>
>>Microsoft Exchange System Attendant reported an
error '0xc1034a70' in its
>DS
>>Monitoring thread.
>>
>>
>>
>>Event ID 1005
>>
>>Unexpected error The RPC server is unavailable.
Facility: Win32 ID no:
>>c00706ba Microsoft Exchange System Attendant occurred.
>>
>>
>>
>>The RPC service is definately running.
>>
>>
>>
>>Weird na ?
>>
>
>.
>

Eric
Wed Aug 13 20:49:27 CDT 2003

I ran setup.exe /domainprep already but I will repeat the
procedure with the additional steps that you outlined.
Thanx.

Eric

>-----Original Message-----
>Try rerun exchange forestprep and domainprep
(setup.exe /forestprep and
>setup.exe /domainprep). This will ensure all the AD
permissions are written
>correctly.
>Next, you may try run "DCdiag /v". Verify your AD
epecially all the FSMO
>role is located at the SBS. You can find DCdiag.exe from
the support tools.
>
>Ray Fong
>Microsoft SBS Product Support
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>>
>>Hey Ray. Glad to see you're still around the support
>>department. Probably don't remember me since you talk
to
>>so many but you've helped me a couple of times in the
>>past on the phone. I checked what you suggested and I
>>did find that Netbios over TCP/IP was disabled. I
>>enabled it but it still does the same thing. Anything
>>else come to mind?
>>
>>Eric
>>
>>
>
>.
>

Eric
Thu Aug 14 11:18:28 CDT 2003

Unfortunately that did not help. Everything looked
normal in DCDIAG and it passed all tests except for the
systemlog. Referencing article 316300 I have more
information after increasing the diagnostic level to
high. The result is as follows.

theservername.theirdomainname.com CDG 7 0 1 1 0 1 0

If I interpret the bits correctly it appears that
DSACCESS does not have the correct permissions to read
the SACL nTSecurityDescriptor against the directory
service. And the bit for NetLogon Check shows that
DSACCESS can reach (I think) the domain controller but
not the configuration domain controller nor the global
catalog???? The article lists the description of the 1,
2, and 4 bit in different order throughout the article so
I'm not sure how to equate that particuliar check. My
assumption is that the Exchange Installation is probably
ok. Every security right mentioned in other articles I
referenced are set correctly. I'm leaning towards
something being wrong with RPC, NETLOGON, or Active
Directory itself. I also ran netdiag and it reported
everything passed. An error recorded earlier after we
increased diagnostic logging reported "Process
INETINFO.EXE (PID=1084). Could not bind to DS server
theirserver.theirdomain.COM, error 52 at port 389. I
couldn't find anything about referencing error 52.
Another test I ran showed LDAP listening on port 389.

Any thoughts and suggestions?


>-----Original Message-----
>Try rerun exchange forestprep and domainprep
(setup.exe /forestprep and
>setup.exe /domainprep). This will ensure all the AD
permissions are written
>correctly.
>Next, you may try run "DCdiag /v". Verify your AD
epecially all the FSMO
>role is located at the SBS. You can find DCdiag.exe from
the support tools.
>
>Ray Fong
>Microsoft SBS Product Support
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>>
>>Hey Ray. Glad to see you're still around the support
>>department. Probably don't remember me since you talk
to
>>so many but you've helped me a couple of times in the
>>past on the phone. I checked what you suggested and I
>>did find that Netbios over TCP/IP was disabled. I
>>enabled it but it still does the same thing. Anything
>>else come to mind?
>>
>>Eric
>>
>>
>
>.
>

JudeFisher
Thu Aug 14 13:51:31 CDT 2003

I'm having exactly the same problem with a clean install that's never
been blaster infected.



"Eric Hodge" <eric@i4911.com> wrote in message news:<06c301c36206$4bd916b0$a501280a@phx.gbl>...
> I ran setup.exe /domainprep already but I will repeat the
> procedure with the additional steps that you outlined.
> Thanx.
>
> Eric
>
> >-----Original Message-----
> >Try rerun exchange forestprep and domainprep
> (setup.exe /forestprep and
> >setup.exe /domainprep). This will ensure all the AD
> permissions are written
> >correctly.
> >Next, you may try run "DCdiag /v". Verify your AD
> epecially all the FSMO
> >role is located at the SBS. You can find DCdiag.exe from
> the support tools.
> >
> >Ray Fong
> >Microsoft SBS Product Support
> >
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >
> >>
> >>Hey Ray. Glad to see you're still around the support
> >>department. Probably don't remember me since you talk
> to
> >>so many but you've helped me a couple of times in the
> >>past on the phone. I checked what you suggested and I
> >>did find that Netbios over TCP/IP was disabled. I
> >>enabled it but it still does the same thing. Anything
> >>else come to mind?
> >>
> >>Eric
> >>
> >>
> >
> >.
> >

Eric
Thu Aug 14 20:36:54 CDT 2003

I emailed you my notes of what I've identified so far
with my client's problem. No resolution yet though. Oh
Raymond????

>-----Original Message-----
>I'm having exactly the same problem with a clean install
that's never
>been blaster infected.
>
>
>
>"Eric Hodge" <eric@i4911.com> wrote in message
news:<06c301c36206$4bd916b0$a501280a@phx.gbl>...
>> I ran setup.exe /domainprep already but I will repeat
the
>> procedure with the additional steps that you
outlined.
>> Thanx.
>>
>> Eric
>>
>> >-----Original Message-----
>> >Try rerun exchange forestprep and domainprep
>> (setup.exe /forestprep and
>> >setup.exe /domainprep). This will ensure all the AD
>> permissions are written
>> >correctly.
>> >Next, you may try run "DCdiag /v". Verify your AD
>> epecially all the FSMO
>> >role is located at the SBS. You can find DCdiag.exe
from
>> the support tools.
>> >
>> >Ray Fong
>> >Microsoft SBS Product Support
>> >
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no rights.
>> >
>> >
>> >>
>> >>Hey Ray. Glad to see you're still around the
support
>> >>department. Probably don't remember me since you
talk
>> to
>> >>so many but you've helped me a couple of times in
the
>> >>past on the phone. I checked what you suggested and
I
>> >>did find that Netbios over TCP/IP was disabled. I
>> >>enabled it but it still does the same thing.
Anything
>> >>else come to mind?
>> >>
>> >>Eric
>> >>
>> >>
>> >
>> >.
>> >
>.
>

rayfong
Sat Aug 16 10:58:44 CDT 2003

I haven't got your files yet, you may want to zip it up and post back to
the newsgroup. The info would be helpful is "ipconfig/all, netdiag/v,
dcdiag/v"
Anyway, could you go to command prompt, run "netsh rpc show interface".
What do you have?
Next, run "netsh rpc reset", reboot.
After you logon again, run run "netsh rpc show interface". What do you have?

Ray Fong
Microsoft SBS Product Support

This posting is provided "AS IS" with no warranties, and confers no rights.


>
>I emailed you my notes of what I've identified so far
>with my client's problem. No resolution yet though. Oh
>Raymond????
>

tbecker
Wed Sep 03 15:32:40 CDT 2003

Any resolution to this issue? We have been having the exact same
problem and I have been reading newsgroups and TIDs till my eyes
bleed.






"Eric Hodge" <eric@i4911.com> wrote in message news:<024301c3627f$b2629680$a101280a@phx.gbl>...
> Unfortunately that did not help. Everything looked
> normal in DCDIAG and it passed all tests except for the
> systemlog. Referencing article 316300 I have more
> information after increasing the diagnostic level to
> high. The result is as follows.
>
> theservername.theirdomainname.com CDG 7 0 1 1 0 1 0
>
> If I interpret the bits correctly it appears that
> DSACCESS does not have the correct permissions to read
> the SACL nTSecurityDescriptor against the directory
> service. And the bit for NetLogon Check shows that
> DSACCESS can reach (I think) the domain controller but
> not the configuration domain controller nor the global
> catalog???? The article lists the description of the 1,
> 2, and 4 bit in different order throughout the article so
> I'm not sure how to equate that particuliar check. My
> assumption is that the Exchange Installation is probably
> ok. Every security right mentioned in other articles I
> referenced are set correctly. I'm leaning towards
> something being wrong with RPC, NETLOGON, or Active
> Directory itself. I also ran netdiag and it reported
> everything passed. An error recorded earlier after we
> increased diagnostic logging reported "Process
> INETINFO.EXE (PID=1084). Could not bind to DS server
> theirserver.theirdomain.COM, error 52 at port 389. I
> couldn't find anything about referencing error 52.
> Another test I ran showed LDAP listening on port 389.
>
> Any thoughts and suggestions?
>
>
> >-----Original Message-----
> >Try rerun exchange forestprep and domainprep
> (setup.exe /forestprep and
> >setup.exe /domainprep). This will ensure all the AD
> permissions are written
> >correctly.
> >Next, you may try run "DCdiag /v". Verify your AD
> epecially all the FSMO
> >role is located at the SBS. You can find DCdiag.exe from
> the support tools.
> >
> >Ray Fong
> >Microsoft SBS Product Support
> >
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >
> >>
> >>Hey Ray. Glad to see you're still around the support
> >>department. Probably don't remember me since you talk
> to
> >>so many but you've helped me a couple of times in the
> >>past on the phone. I checked what you suggested and I
> >>did find that Netbios over TCP/IP was disabled. I
> >>enabled it but it still does the same thing. Anything
> >>else come to mind?
> >>
> >>Eric
> >>
> >>
> >
> >.
> >

tbecker
Thu Sep 04 13:19:45 CDT 2003

Found and answer to my problem.

It was DNS, but on the Advanced tab under TCP/IP for the local
connection. (single nic config)

Internal Domain xcucc
Internet Domain xcucc.org

Under the advanced tab for DNS, the DNS suffix for this connection had
xcucc.org. Micro(expletive) in it's infinite wisdom, probably finally
complied with an RFC, and actually used that bit of info for what it
is intended, however that broke the ability for the DSaccess component
to see any of the services running on that nic, like DNS, LDAP, etc.
All I did was change the xcucc.org to xcucc, and the system attendant
fired right up and all was well. What a freaking nightmare. Spent 15
hours trying all sorts of different things. For it to be 4 little
characters on a seemingly insignificant field of the DNS config on the
NIC for the server....

Thanks to Eric (from earlier posts) for the help on this. He helped
out a lot.

Later.









tbecker@newvisionnet.com (Tbeck) wrote in message news:<17883d9c.0309031232.1b9e6e8c@posting.google.com>...
> Any resolution to this issue? We have been having the exact same
> problem and I have been reading newsgroups and TIDs till my eyes
> bleed.
>
>
>
>
>
>
> "Eric Hodge" <eric@i4911.com> wrote in message news:<024301c3627f$b2629680$a101280a@phx.gbl>...
> > Unfortunately that did not help. Everything looked
> > normal in DCDIAG and it passed all tests except for the
> > systemlog. Referencing article 316300 I have more
> > information after increasing the diagnostic level to
> > high. The result is as follows.
> >
> > theservername.theirdomainname.com CDG 7 0 1 1 0 1 0
> >
> > If I interpret the bits correctly it appears that
> > DSACCESS does not have the correct permissions to read
> > the SACL nTSecurityDescriptor against the directory
> > service. And the bit for NetLogon Check shows that
> > DSACCESS can reach (I think) the domain controller but
> > not the configuration domain controller nor the global
> > catalog???? The article lists the description of the 1,
> > 2, and 4 bit in different order throughout the article so
> > I'm not sure how to equate that particuliar check. My
> > assumption is that the Exchange Installation is probably
> > ok. Every security right mentioned in other articles I
> > referenced are set correctly. I'm leaning towards
> > something being wrong with RPC, NETLOGON, or Active
> > Directory itself. I also ran netdiag and it reported
> > everything passed. An error recorded earlier after we
> > increased diagnostic logging reported "Process
> > INETINFO.EXE (PID=1084). Could not bind to DS server
> > theirserver.theirdomain.COM, error 52 at port 389. I
> > couldn't find anything about referencing error 52.
> > Another test I ran showed LDAP listening on port 389.
> >
> > Any thoughts and suggestions?
> >
> >
> > >-----Original Message-----
> > >Try rerun exchange forestprep and domainprep
> (setup.exe /forestprep and
> > >setup.exe /domainprep). This will ensure all the AD
> permissions are written
> > >correctly.
> > >Next, you may try run "DCdiag /v". Verify your AD
> epecially all the FSMO
> > >role is located at the SBS. You can find DCdiag.exe from
> the support tools.
> > >
> > >Ray Fong
> > >Microsoft SBS Product Support
> > >
> > >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> > >
> > >
> > >>
> > >>Hey Ray. Glad to see you're still around the support
> > >>department. Probably don't remember me since you talk
> to
> > >>so many but you've helped me a couple of times in the
> > >>past on the phone. I checked what you suggested and I
> > >>did find that Netbios over TCP/IP was disabled. I
> > >>enabled it but it still does the same thing. Anything
> > >>else come to mind?
> > >>
> > >>Eric
> > >>
> > >>
> > >
> > >.
> > >