MVP or MCP have question about DR on exchange

[reynolwi]

MVP or MCPs i have a question. Probably not the best way to do this but hey it works...

I recently did disaster recovery on my exchange server because of hardware failure. Its up and running granted not the way i want but its running until i can build a completely new server.

My question is this.... How does disaster recovery handle setup of permissions of IIS on a recovery of the server? Im asking because i have Sophos Puremessage for Exchange installed and we are having permission problems when we try and access the spam digest site where users can check messages and decide what to delete and what to send to their mailbox. We used to not have any problems before disaster recovery but now its not allowing part of puremessage to run because it failed on permissions. Sophos has been trying to work on it for almost 2 1/2 weeks now but we havent gotten far. We are thinking its IIS having permission problems but OWA is functioning normally. Does disaster recovery ensure OWA functions and makes permission changes on other things? DCOM, or some server side permissions. Microsoft isnt much help because they say its sophos but it was running PERFECTLY before the server crashed and i did disaster recovery.

Below is a copy of the error message we are getting...

PureMessage
A server-side error has occurred
Error: Failed to create object (SavexWebAgent.QuarDigestProxy)
Code: -2147024891 (0x80070005)
Description: 006~ASP 0178~Server.CreateObject Access Error~The call to Server.CreateObject failed while checking permissions. Access is denied to this object.


Wm. Reynolds
Premise Communications
Texas Public Safety Solutions

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -

Network Error:
Hit any user to continue

 

[xmsre]

When you install exchange 2003 with the disasterrecovery swith, it does a default install then retrieves the attributes for the server from the configuration container of AD. The IIS permissions will be the default, as will DCOM permissions; they aren't stored in AD. THings like storage group, database, and log information are stored in and retrieved from active directory. If you modified IIS directory permissions or DCOM permissions to make your application work in the first place, you'll need to do it again.

The error is a DCOM error, but it's not clear which account which. If Sophos is running under the default, it's probably IUSER_<Machinname> that you need to give interactive DCOM permissions.

 

[Zelandakh]

uninstall Sophos completely then reinstall it. Should sort the DCOM out.

 

[reynolwi]

see thats the problem. me and the sophos techs have uninstalled it numerous times and tried to reinstall it and even changed some settings a few times when we re-installed it. And we always get the same message everytime. We created a special IUSR account for sophos on the local server and in the active directory and tried to get the dcom agent to use either one of those accounts and that didnt help. I mean the only real option to figure anything is that we really dont want to do is to un-install IIS and reinstall it but with exchange and OWA on the server we dont want to do that because it could do something else to the machine.



Wm. Reynolds
Premise Communications
Texas Public Safety Solutions

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -

Network Error:
Hit any user to continue

 

[Zelandakh]

Funnily enough that was exactly what I had to do. Exchange doesn't care about IIS but if you remove OWA, remove IIS, install IIS, install Windows SP2, install OWA, install Exchange SP2 then you should be ok.

It was a last resort but it did work.

 

[reynolwi]

Ok so if we do the following in order its most likely going to fix it

1) turn off OWA
2) un-install IIS
3) reboot?
4) re-install iis
5) re-install windows 2003 service pack 2
5) re-activate OWA
6) re-install exchange service pack 2


Im guessing to turn of OWA i just go into ESM and turn it off? Do you use Sophos puremessage?

Wm. Reynolds
Premise Communications
Texas Public Safety Solutions

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -

Network Error:
Hit any user to continue

 

[MrNick0483]

If you unistall IIS and reinstall it you wil have to do a reinstall of Exchange 2003 if i recall correctly.

 

[Zelandakh]

You used to on Exchange 2000 but in Ex2003 it is a component only.

 

[58sniper]

Hey - there's two #5's!

Reboot after the first one.

Pat Richard MVP

 

[reynolwi]

lol... sorry i wasnt paying attention. So if i follow the seven steps, rebooting after the 1st #5 and then re-activate owa and install exchsp2 again i should be fine.

Now how do i remove OWA? Ive searched google for removing owa from exchange 2003 and im mostly getting info for exch5.5 and exch2000.

Wm. Reynolds
Premise Communications
Texas Public Safety Solutions

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -

Network Error:
Hit any user to continue

 

[58sniper]

http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html

Pat Richard MVP

 

[reynolwi]

Ok, i followed the steps and we ended up back at square 1 but even worse then before because now I do not have email coming in or out. Some email is coming in but not all. I can look in ESM and see the queues receiving and sending but its not delivering to mailboxes.

Wm. Reynolds
Premise Communications
Texas Public Safety Solutions

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -

Network Error:
Hit any user to continue

 

[Zelandakh]

what errors are you getting in the event log?

 

[reynolwi]

i wasnt getting any errors. I could see mail coming in and puremessage was processing it but it wasnt being delivered if puremessage said it was clear. If puremessage kept it because it thought it was spam then it stayed within puremessage. Me and the sophos tech played with telnet and tried sending an email that way and doing that created an error message in both puremessage and exchange. I went ahead and brought up a new exchange server and moved mailboxes and stuff over and I am up and running again. THe only thing im noticing now is i can not get it to replicate everything from the old to the new. I have it listed in the replication tab on those specific folders but its not moving them. Im going to check back tomorrow and see what its doing.

Is there anything i can do to get the system folders to move to the new server if they dont want to replicate? The new server is running and sending and receiving messages, and after hours of messing with puremessage me and the sophos tech got that running. For some reason we ended up getting the same error message like i got after i reinstalled it on the "old" exchange server i did DR on, but we got it going this time after a couple hours.

After i get everything moved completely to the new exchange server ive gotta fix the AD server because somebody thought sharepoint on it was a good idea and now the server is not responding after a while even with sharepoint off of it.

****
I know it seems like i have a lot of problems... im learning this as i go and these forums and everybody has been a big help getting me running and problems fixed. I do want to thank everyone for their help.

Wm. Reynolds
Premise Communications
Texas Public Safety Solutions

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -

Network Error:
Hit any user to continue