Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange 2003 / GroupShield 6.02 Arrrrgh 1

Status
Not open for further replies.
anawrocki

anawrocki

MIS
Nov 6, 2002
425
US
I have two identical mail servers that both are Exchange 2003 SP1 and Groupshield 6.02. They have a moderate to high load but the hardware is solid. Dual 3.2 GHz Xeons and 6 GB of RAM. Windows 2003 Enterprise / Exchange 2003 Enterprise.

Generally performance has been very good however lately with absolutly no warning the servers drop and reboot. Has anyone else seen this?

I have tried lots of things to remedy situation and like just about everyone, I always suspect Group Shield. The latest thing I have tried is disabling the Transport Scanner in GS (YES THESE ARE BACKEND SERVERS) e-mail is being scanned on a seperate relay.

Any help would be appreciated
 
Sort by date Sort by votes
Is Dr. Watson collecting any information? Anything in the eventlogs right befor the reboots? I know that McAfee has a few things in their KB about possible causes for exception errors, and some of them say that you have to get a hotfix from them.

ShackDaddy
 
Upvote 0 Downvote
No Blue Screens, No Dr. Watson Errors, nada. It just bounces as if somone turned off the power for a moment. However I have 2 identical systems doing the exact same thing so I think it is safe to say it is not a hardware issue.
 
Upvote 0 Downvote
What's the frequency of the restarts? Is it usually after hours, or during heavier production hours? Have you tried applying the new Exchange SP2 to either of the servers? That might be worth doing. Is it rebooting during times when Veritas BackupExec is active on either server?
 
Upvote 0 Downvote
Do you have McAfee Virus Scan installed on the servers by any chance? Our servers started the same thing and it was because of a driver that VirusScan 8 loads. Since we installed patch 11 for Virus Scan this has stopped
 
Upvote 0 Downvote
Yes I am running VSE 8 our servers. When I go to McAffee's web site I see I can download a "Patch 10" version, but I do not see "Patch 11". Where did you get "Patch 11
 
Upvote 0 Downvote
It looks like McAffee yanked back patch 11 due to many issues.

Can you tell me what patch you were at prior to upgrading to 11?
 
Upvote 0 Downvote
We were also on patch 10.
We have actually only tested the patch 11 on pre-prod servers as it is not released properly. We got it from our vendor.
The Driver in question is know as the "Mcafee TDI driver"

This can be disabled while waiting for patch 11 by doing the following:

***********************************************************
To disable the TDI driver, set the "Start" DWORD value from 1 to 4, and reboot. This value is located under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NaiAvTdin, where n is usually 0 or 1.
***********************************************************

We have done this on the live servers experiencing the problem and so far have had no reboots.

If you receive the following error in your system log then it is a clear indication that it is the TDI driver that is causing the problem:

***********************************************************
Event Type: Error
Event Source: EventLog
Event Category: None
Event ID: 6004
Date: 2005/11/15
Time: 02:05:04 PM
User: N/A
Computer: SERVERNAME
Description:
A driver packet received from the I/O subsystem was invalid. The data is the packet.

For more information, see Help and Support Center at Data:
0000: 0c 00 e0 00 0e 00 00 00 ..à.....
0008: b9 93 26 d0 dc e9 c5 01 ¹?&ÐÜéÅ.
0010: 40 00 00 00 00 00 00 00 @.......
0018: 00 00 00 00 04 00 4e 00 ......N.
0020: 00 00 00 00 cb 0b 00 80 ....Ë..?
0028: 00 00 00 00 10 00 00 c0 .......À
0030: 00 00 00 00 00 00 00 00 ........
0038: 00 00 00 00 00 00 00 00 ........
0040: 4d 00 52 00 78 00 53 00 M.R.x.S.
0048: 6d 00 62 00 00 00 5c 00 m.b...\.
0050: 44 00 65 00 76 00 69 00 D.e.v.i.
0058: 63 00 65 00 5c 00 4c 00 c.e.\.L.
0060: 61 00 6e 00 6d 00 61 00 a.n.m.a.
0068: 6e 00 52 00 65 00 64 00 n.R.e.d.
0070: 69 00 72 00 65 00 63 00 i.r.e.c.
0078: 74 00 6f 00 72 00 00 00 t.o.r...
0080: 46 00 4e 00 42 00 4a 00 F.N.B.J.
0088: 4e 00 42 00 30 00 31 00 N.B.0.1.
0090: 00 00 4e 00 65 00 74 00 ..N.e.t.
0098: 42 00 54 00 5f 00 54 00 B.T._.T.
00a0: 63 00 70 00 69 00 70 00 c.p.i.p.
00a8: 5f 00 7b 00 45 00 31 00 _.{.E.1.
00b0: 44 00 39 00 44 00 37 00 D.9.D.7.
00b8: 31 00 34 00 2d 00 37 00 1.4.-.7.
00c0: 39 00 32 00 38 00 2d 00 9.2.8.-.
00c8: 34 00 45 00 43 00 31 00 4.E.C.1.
00d0: 2d 00 41 00 35 00 32 00 -.A.5.2.
00d8: 45 00 2d 00 39 00 00 00 E.-.9...
***********************************************************

Hope this helps

Let me know :D

Regards
Brendon
 
Upvote 0 Downvote
Looks like a very good possibility. Thanks for the info. Next time this happens we will make the change and see what happend.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
2K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
2K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
2K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
2K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
2K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top