/MDBDATA/EDB.LOG Seems to be missing 2

[TooEZ]

Over the weekend, our Anti-Virus decided to take the edb.log file and quarantine it. This removed access to the information store, and from other exchange services from starting.

I have unquarantined the file, restarted the server to bring back up Exchange. Unfortunately the IS didnt come back up. I ran:

ISINTEG -PRI -FIX -VERBOSE -TEST ALLTESTS

But it came up with the following error:
JET Error JET_errInvalidLogSequence while opening the IS Databases.

The /MDBDATA/EDB.LOG is there and the permissions look OK. Ant other ideas...

Please help

 

[TooEZ]

Its all fixed. For anyone elses who wants to know this is what I did (Shutdown all Exchnge services first):

1) Ran: ESEUTIL /P /ISPRIV
2) Ran: ESEUTIL /P /ISPUB
3) Removed all LOG and .CHK files
4) Ran: ISINTEG -PRI -FIX -VERBOSE -TEST ALLTESTS
4b) Ran: ESEUTIL /MH PRIV.EDB check consistancy if failed did step 4 again
5) Ran: ISINTEG -PUB -FIX -VERBOSE -TEST ALLTESTS
5b) Ran: ESEUTIL /MH PUB.EDB check consistancy if failed did step 5 again
6) Restarted all Exchange services

There you go...

Cheers

 

[remain]

There should be a big sign on this and in any other Exchange or Symantec site that says: DO NOT DELETE OR QUARANTINE EXCHANGE LOG OR INFO STORE FILES. Seems to happen way too often. (happened to us last month)

 

[zbnet]

It would be much better if you ran an Exchange-aware antivirus on your Exchange server (instead of a file-based antivirus). A proper Exchange-aware scanner will connect to your info store and scan mailboxes in the correct way, whereas a file-based scanner can't see inside your store but does see all your Exchange system files (which you want it to leave well alone).

 

[bugcheck]

Had the same problem on a new site I was administering. Additionally to the steps that TooEZ ran I had to run "ISINTEG -patch"

Steps I had to do:

1) Ran: ESEUTIL /P /ISPRIV
2) Ran: ESEUTIL /P /ISPUB
3) Removed all LOG and .CHK files
4) Ran: ISINTEG -PRI -FIX -VERBOSE -TEST ALLTESTS
5) Ran: ISINTEG -PUB -FIX -VERBOSE -TEST ALLTESTS
6) Restarted the Directory Service with is required to run ISINTEG -patch
7) Ran: ISINTEG -patch
8) Restarted the rest of the Exchange services

Symantec/MS have documents on how to configure file based AV on a server that has Exchange on it.

MS:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q245822&ID=KB

Symantec:

http://service1.symantec.com/SUPPOR...2000110108382448?OpenDocument&ExpandSection=5

Thanks TooEZ

 

[weshot]

has exact incident last week, the minute I hit delete in quarantine, Ough-O, I realize it's a big mistake, it took me 6 hours to bring back IS using those procedures, luckily nothing lost and the disk space still allow me to recover.

Never Ever delete logs, exclude the \MDAdata path from NAV

 

[chu111]

Hi,

I am having the exact same problem. But when I ran the step 4:
ISINTEG -PRI -FIX -VERBOSE -TEST ALLTESTS.

I got the following error:
"JET Error JET_errInvalidLogSequence while opening the IS Database"

The step 2 says to remove all LOG and .CHK files, does it mean only in the \mdbdat directory?

Could someone please help me out? Thanks in advance

Chu111

 

[LaraM]

To chu111:

You need to delete all logs and .chk files from both the \mdbdata and the \dsdata directories. Old log files were probably the reason why ISINTEG failed on you server

 

[flipperc]

ok, so if I exclude the C:\exchsrvr\mdbdata dir then how do I keep the server from being infeced with all these viruses tht keep getting sent to the Exchsnge users?

 

[zbnet]

You need to understand how the Exchange server stores those files that are infected. They are encloded inside the priv.edb database, they're not directly accessible from the file system that the Exchange server is running. So, like I said earlier in the thread, if you really want to get at the viruses from your Exchange server(*), then you need an Exchange-aware anti-virus product, this will open the store using the correct MS API and scan inside the attachments for the viruses.

(*) You don't necessarily have to scan the store for viruses, some people work to the philosophy of 'boundary scanning' - catch the viruses at the external boundary (between the Internet and your IMS, by using an SMPT gateway scanner or an external company like MessageLabs), and also protect the desktops with scanners - after all, if they get in the virsues will try and run on the desktops, not the Exchange server that is storing the messages.

 

[PBurcin]

A combination of products is the best way to protect your Exchange environment. We have Symantec's SMTP gateway which protects us from inbound Internet email embedded viruses. Also have NAVMSE which is Norton Anti-Virus product for Exchange - this protects the Information Store from viruses in Exchange users' email. And finally, we use SAV 8.1 on the server itself to protect the Exchange server file system from infection.

Multiple layers of protection. We have not had a virus infection spread via email in the two years I have worked for this company.