Saturday, December 27, 2008

E2K7 SP1, roll-up fixes, and services not starting

One of our Unix systems died a pretty horrible death a few days before Christmas. This system, amoungst other things, supported about 750 POP3 mailboxes. The hardware could not quickly be replaced and the Unix folks could not rebuild the OS. We quickly built an Exchange 2007 SP1 server and put the user's back to work by just pointing the user's to a URL for OWA. The Unix folks were not amused.

The last thing one of my guys did before leaving on Christmas Eve was to apply the latest updates (including Rollup 5 - RU5) that that server. He rebooted the server and did not check that everything was fucntioning.

Saturday morning, we all got called in because e-mail was not leaving people's Outbox and no new mail was arriving. On checking the services, most of the Exchange services were not started. We could not start them and were seeing events such as this one below:

Event Type: Error
Event Source: Service Control Manager
Event ID: 7009
Description: Timeout (30000 milliseconds) waiting for the Microsoft Exchange Transport Log Search service to connect.

I floundered around for about 45 minutes looking at the server configuration while the Unix guy made snide remarks about Microsoft, Exchange, and the decision to replace Unix to the big boss.

Microsoft KB article 944752 - Exchange Server 2007 managed code services do not start after you install an update rollup for Exchange Server 2007 - seemed to describe the problem pretty well. Embarrasingly, I had already seen this issue once a few weeks before, but did not recognize it right away. I quickly made the XML changes recommended in the KB article but the services would still NOT restart.

I also needed the .NET Framework 2.0 hotfix described in KB 942027 - .NET Framework 2.0 Performance Issues on 64 bit Windows 2003 server. Once this fix was applied, then the XML config file changes recommended KB 944752 were then recognized.

From a security perspective, I understand the need to check the validity of .NET managed code, but IMHO, it is a very bad assumption on the part of Microsoft to assume that Windows servers have Internet connectivity. With some VERY few exceptions, I do not allow any of my Windows servers to have direct Internet connectivity. Those that do have Internet connectivity, such as the servers that download antivirus signatures or WSUS servers, are allowed to connect only to specific Internet hosts.

Labels:

Wednesday, December 24, 2008

Exchange 2007 - reboot from a previous installation is pending

Today I found an interesting problem when trying to install some Exchange Server 2007 SP1 components on a system. At first, I just tried to run the /PrepareLegacyExchangePermissions option of setup, then tried to install the admin tools, and finally tried to install the mailbox role on a Windows 2003 system.

I kept getting an error both from the command prompt and through the GUI setup that indicated:

Error:
A reboot from a previous installation is pending. Please restart the systemand rerun setup.

I tried rebooting, I tried applying all the pending service packs and hot fixes, and even installing the .NET Framework 3.5, but nothing worked. I finally found that the Exchange Setup checks the following Registry key for any pending file renames:

HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations

If some installation program needs to rename a file on reboot (because it can't rename it during the setup process maybe because it is in use), then it puts it in this key. I found several entries like this:

\??\C:\WINDOWS\system32\FxsTmp\fxsD.tmp

I deleted these entries and then tried the Exchange Server 2007 SP1 setup again and it worked just fine. I am assuming that it is safe to delete these entries from this Registry, but always try a reboot first before doing so.

Labels:

Monday, December 08, 2008

Getting Microsoft hotfixes without calling PSS

One of the most annoying waste of times that I occasionally have to endure is to have to call Microsoft PSS and request a hotfix. A few years ago, Microsoft made it a bit easier by specifically having that option on the call menu, but it is still time consuming.

However, Microsoft has now made it even easier. If you know the specific KB article for the hotfix you are looking for, you can visit the Microsoft Support Hot Fix Request page. Search for the article, and there is a link in the article that will allow you to request the hotfix. Much, much easier.

Of course, this feature is for experienced systems folks that know what fixes they need and know the dangers of deploying a fix that is not fully regression tested.

Sunday, December 07, 2008

The scammers and spyware guys are getting better

The other day, a friend asked me about this security alert.


It looks convincingly real and seems to warn you about a Trojan called Trojan.Zlob.G. However, it is a scam and they are trying to get you to buy their worthless spyware protection. Don't let your friends fall for this.