E2K7 SP1, roll-up fixes, and services not starting
One of our Unix systems died a pretty horrible death a few days before Christmas. This system, amoungst other things, supported about 750 POP3 mailboxes. The hardware could not quickly be replaced and the Unix folks could not rebuild the OS. We quickly built an Exchange 2007 SP1 server and put the user's back to work by just pointing the user's to a URL for OWA. The Unix folks were not amused.
The last thing one of my guys did before leaving on Christmas Eve was to apply the latest updates (including Rollup 5 - RU5) that that server. He rebooted the server and did not check that everything was fucntioning.
Saturday morning, we all got called in because e-mail was not leaving people's Outbox and no new mail was arriving. On checking the services, most of the Exchange services were not started. We could not start them and were seeing events such as this one below:
Event Type: Error
Event Source: Service Control Manager
Event ID: 7009
Description: Timeout (30000 milliseconds) waiting for the Microsoft Exchange Transport Log Search service to connect.
I floundered around for about 45 minutes looking at the server configuration while the Unix guy made snide remarks about Microsoft, Exchange, and the decision to replace Unix to the big boss.
Microsoft KB article 944752 - Exchange Server 2007 managed code services do not start after you install an update rollup for Exchange Server 2007 - seemed to describe the problem pretty well. Embarrasingly, I had already seen this issue once a few weeks before, but did not recognize it right away. I quickly made the XML changes recommended in the KB article but the services would still NOT restart.
I also needed the .NET Framework 2.0 hotfix described in KB 942027 - .NET Framework 2.0 Performance Issues on 64 bit Windows 2003 server. Once this fix was applied, then the XML config file changes recommended KB 944752 were then recognized.
From a security perspective, I understand the need to check the validity of .NET managed code, but IMHO, it is a very bad assumption on the part of Microsoft to assume that Windows servers have Internet connectivity. With some VERY few exceptions, I do not allow any of my Windows servers to have direct Internet connectivity. Those that do have Internet connectivity, such as the servers that download antivirus signatures or WSUS servers, are allowed to connect only to specific Internet hosts.
Labels: Exchange 2007