Member Avatar for whiskeyjar

I am running Exchange Server 2000 with Symantec Antivirus Corporate Edition 8.1.
Last week my boss was complaining that when sending/receiving, it would “hang at a certain percentage (usually around or below 50%) and time out.

No one else was having problems sending or receiving e-mail. The next day, there was a message from Symantec antivirus saying that I should scan all drives; apparently a virus had been found in an e-mail and it instructed me to scan all other drives in case the infection had spread. I found some documentation on Symantec’s website listing specific files that should not be scanned during realtime protection or a manual scan on an Exchange server; it said that including these files could result in erratic behavior. I checked to see if the files Symantec stated shouldn’t be scanned were in fact being scanned. They were, and I had a manual scan set for daily at 8:00pm. I edited the scan to remove the files, and when I tried to save the settings, the blue screen of death appeared with the following message: ***STOP***: 0x0000007F (0x0000008, 0x0000000, 0x0000000, 0x0000000) UNEXPECTED_KERNEL_MODE_TRAP. Underneath it a counter was going telling me that it was dumping memory.

The computer rebooted itself; I tried one more time to edit the manual scan and got the same error, memory dump, and reboot. When I went into Symantec and clicked “scan drive and removed the files from there, (without trying to save) it worked fine.

Yesterday, I had a colleague complaining that he was trying to send a message to a customer and it was being bounced back immediately after clicking send.

It eventually went through after several attempts. He was able to receive and send other messages with no problem.

Today the same colleague complained again of sluggish e-mail first thing in the morning and said that a customer had tried to send him an e-mail and he never received it.

I have installed some performance counters and logical counters in the performance monitor to try to see what is going on with these sluggish situations; I’m a bit concerned about two in particular. One is the RPC operations/sec; this one has an average of 0.004. The RPC requests are at a minimum, maximum, and average of 0.000.

Any ideas and suggestions would be greatly appreciated.

Thank you.

  • 2 Contributors
  • 6 Replies
  • 102 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by TKSS
Member Avatar for whiskeyjar

Follow-up: I ran dumpchk.exe to look at the memory dump file. The exception address was 0x80465b79. I attempted to run pstat to compare the address to drivers at the end of the report generated by pstat. Unfortunately, pstat did its thing and closed immediately so I was unable to view the contents.

I am running Exchange Server 2000 with Symantec Antivirus Corporate Edition 8.1.
Last week my boss was complaining that when sending/receiving, it would “hang at a certain percentage (usually around or below 50%) and time out.

No one else was having problems sending or receiving e-mail. The next day, there was a message from Symantec antivirus saying that I should scan all drives; apparently a virus had been found in an e-mail and it instructed me to scan all other drives in case the infection had spread. I found some documentation on Symantec’s website listing specific files that should not be scanned during realtime protection or a manual scan on an Exchange server; it said that including these files could result in erratic behavior. I checked to see if the files Symantec stated shouldn’t be scanned were in fact being scanned. They were, and I had a manual scan set for daily at 8:00pm. I edited the scan to remove the files, and when I tried to save the settings, the blue screen of death appeared with the following message: ***STOP***: 0x0000007F (0x0000008, 0x0000000, 0x0000000, 0x0000000) UNEXPECTED_KERNEL_MODE_TRAP. Underneath it a counter was going telling me that it was dumping memory.

The computer rebooted itself; I tried one more time to edit the manual scan and got the same error, memory dump, and reboot. When I went into Symantec and clicked “scan drive and removed the files from there, (without trying to save) it worked fine.

Yesterday, I had a colleague complaining that he was trying to send a message to a customer and it was being bounced back immediately after clicking send.

It eventually went through after several attempts. He was able to receive and send other messages with no problem.

Today the same colleague complained again of sluggish e-mail first thing in the morning and said that a customer had tried to send him an e-mail and he never received it.

I have installed some performance counters and logical counters in the performance monitor to try to see what is going on with these sluggish situations; I’m a bit concerned about two in particular. One is the RPC operations/sec; this one has an average of 0.004. The RPC requests are at a minimum, maximum, and average of 0.000.

Any ideas and suggestions would be greatly appreciated.

Thank you.

Member Avatar for TKSS

Here's your answer:

http://www.winnetmag.com/Article/ArticleID/39704/39704.html

Also...as for the sluggish exchange server...how many clients do you have and have you configured your exchange server for a lower number of clients (i.e. has your company grown and more users been added?)? If so, http://www.microsoft.com/technet/prodtechnol/exchange/2000/maintain/e2kops2.mspx will help you. This may help also http://www.ftponline.com/wss/2003_12/magazine/columns/askpros/default_pf.aspx

Let us know how it works for ya!

TKS

Member Avatar for whiskeyjar

Thanks for the advice, TKS. I followed the instructions in the Symantec document about adding a registry key and re-booted the system. Unfortunately, when I went in to configure the realtime protection and eliminate the files that should not be scanned by realtime/manual scans in Symantec and clicked "ok" to save my changes, the server crashed and gave me the same error again, performed the memory dump, and rebooted. I am running Symantec AVF for Exchange in addition to having the Exchange server being configured as an unmanaged client....do you think there is a possible conflict between the two applications?

Member Avatar for TKSS

Thanks for the advice, TKS. I followed the instructions in the Symantec document about adding a registry key and re-booted the system. Unfortunately, when I went in to configure the realtime protection and eliminate the files that should not be scanned by realtime/manual scans in Symantec and clicked "ok" to save my changes, the server crashed and gave me the same error again, performed the memory dump, and rebooted. I am running Symantec AVF for Exchange in addition to having the Exchange server being configured as an unmanaged client....do you think there is a possible conflict between the two applications?

This could even be a conflict with hardware as well...there hasn't been any hardware additions to this computer has there? Possibly could be a software driver problem as well...some investigative work here on new installed stuffs is in order...:)

Member Avatar for whiskeyjar

This could even be a conflict with hardware as well...there hasn't been any hardware additions to this computer has there? Possibly could be a software driver problem as well...some investigative work here on new installed stuffs is in order...:)

Ahhhh, nothing is ever cut-and-dried, is it? I have had no hardware or software additions to the server. I will have to do more in-depth digging into this. Thanks so much for all of your help, TKS. I greatly appreciate it. :)

Member Avatar for TKSS

NP...Sorry I couldn't be of more help. :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.