One more thing. I think that the Exchange share is gone. (M Drive) Just noticed it. Dont know where it went. Ethier its gone or I cannot see it through remote desktop.
Printable View
One more thing. I think that the Exchange share is gone. (M Drive) Just noticed it. Dont know where it went. Ethier its gone or I cannot see it through remote desktop.
One little known fact for retail versions of the SBS.....It includes 2 FREE support calls to MS seeing the product was so unstable in the 4.X days...
This does not apply to SBS 2003....but may still be available for the 2000 product.
The support calls are gone. The last consultant they had used them. Good thing I have AO.Quote:
Originally posted here by morganlefay
One little known fact for retail versions of the SBS.....It includes 2 FREE support calls to MS seeing the product was so unstable in the 4.X days...
This does not apply to SBS 2003....but may still be available for the 2000 product.
2 things since he was having a lot of mail going through. Check the badmail folder. That thing will fill with hundred of thousands of small files that takes windows to it's knees and thus exchange. Use the cmd line since winows chokes. Delete everything in the folder. I moved mine to another drive so it's mailroot/badmail. Next check his log files under \exchange logs and if there is more than a few the backup is failing or he is not doing it properly. Run windows backup on it and output the file to the other large partition. Do not reinstall anything until that is done and looks good. ;) I would bet the \mailroot\badmail folder is dogging down the system and exchange cannot start because the virtual drive M: is taking too long to start? The system -if it comes back - will be slow while the message ques are cleared, assuming that is the problem but it's a good place to start.
2 gb is not much. Even a small shop will have a 3 or 4 gb mail store. It should be moved (or checked to see where it exists) to the other much larger drive. Exchange does not do that by default. Everything get's dumped into the first partition. I am only guess but I have seen this too common lately. Especially with spammers getting access to mail boxes through WEAK domain passwords.
\\EDIT M will NOT be there if the service fails to start.
\\EDITJust to eliminate that run ms backup on the information store and just save it to another partition and get the tape running later if time is critical.Quote:
There are 650 MB of Exchange logs currently on the server. (Just the SMTP logs) I will take out the backup drive just in case that could be an issue. (When I get to their office)
Roadclosed: The exchange install is on the bigger partition. Only Windows and some select other installs are on the first partition.
Also, I think that the spammer was using a legitimate account (The CEO's) to send large amounts of email. Every password on the domain has been changed and the outbound traffic has slowed to a normal size.
Good, delete the bad mail folder and make sure the information store and bad mail are on the partition, just to be safe. Even with alot of space the lack of good backups may have corrupted the store, it's common OR the badmail folder is too large to parse properly.
//EDIT chances are excellent that the user account was easily compromise, glad you changed the passwords but if they are easy they will get back in, good SMTP logging for a few days will ID the culprit as he tries more user aco****s.
I run a bat file with the following on exchange machines every couple of days...Quote:
Originally posted here by RoadClosed
2 things since he was having a lot of mail going through. Check the badmail folder. That thing will fill with hundred of thousands of small files that takes windows to it's knees and thus exchange.
cd <install drive>:\exchsrvr\Mailroot\vsi 1\BadMail <--- or wherever badmail resides
del *.* /Q
Just an FYI
The remove and re-install iis/exchange might be your ticket here...I would try sp3 1st tho
Would scare the CRAP out of me without a good information store backup tho.
If you don't have that, can you image the drive 1st just in case?
If you dont' have image software, I'll throw you a trial version to use if you want..
I do that as well Chef, it's amazing MS didn't design a decent way to delete the badmail folder. I don't think they anticipated the audacity and cunning of spammers. :mad: If the server is compormised the bad mail folder will reach dangerous proportions in a few days or hours in rare circumstances.
\Edit there are some utils that could attempt to restore the info store depending on your time and the data worth saving.
I will try the badmail folder. As I like to keep the options open, can you point me in the right direction Road Closed? The data is worth saving. They were complaining because all of their calendar info is in Exchange. It is probably worth it to them.Quote:
Originally posted here by RoadClosed
\Edit there are some utils that could attempt to restore the info store depending on your time and the data worth saving.
just do a search for bad mail and make sure it comes up as a subdirectory under \mail root. You can delete this with only a small risk of losing critical data. Most of it will be spam but a few may be actual messages waiting to be delivered. I am looking in exchange but you can just search.
//EDIT In system manager expand your server then protocols. Right click the default smtp virtual server and click propterties. The location is in the message tab. Right clicking the properties of the exchange server will divulge location of the logs and database as well. The should all be on the larger drive. After you delete bad mail run MS backup on the inforamtion store. If there are NO errors in the log then you should have a good store. Reboot and try again with both log files and bad mail cleared.