Windows Server

khaled azzaz · Guest

Hi
I have an SBS2003 Premium with no ISA installed. Norton Symantec AV
Corporate Edition 9.0, Symantec Email Security, and Brightmail Antispam. The
preformance of the server is jerky. Click on something and it takes 15
seconds to respond. Users have similar issues. It used to be working fine no
problem. The server has 3 G Ram, 3.0 Ghz Processor.
The event viewer shows all kind of errors regarding NAV, brightmail, and
email security, and a DHCP. I know some of them are related to reporting what
is happening.

If I stop the Brightmail services everything is fine. I called Symantec,
they asked me to download a patch , but they were surprised that nothing is
wrong with Brightmail. I did run Antivirus on the server and found bunch of
files that norton antivirus quarantine. I deleted them. the antivirus
software says that there are no viruses on the machine. Symantec Email
security says that a scan off all the e-mail boxes are clean too. Brightmail
AV side also says that the machine is clean. I am not running all these AV
together on one box.

Today I disabled Brightmail, the server is responding well. I stopped
Exchange too, but I kept Symantec Email Security services runing and the
event viewer shows that there is an enetry for MSEchange Transport error with
an even id 348
" A message could not be virus scanned. the operation will be retried later.
Internet message id <200500121hdgegd xxxxxxxxxxxxxxxxx@mx1.gamingexplore.com>
error code 0x0 "

The message id is random with bunch of different numbers, letters, and email
addresses.This is hapeening almost once or twice every minute on the event
viewer.
I believe that is my problem which I do not really know how to fix it. I
tried to download a netsky removal tool from symantec and I am trying it now.

Any ideas.
Thank you

Bill Swan · Guest

Hi

Brightmail has Norton AV in too...could this be fighting with your Corporate
vesion. Maybe so as all seems well when brightmail stopped. Is AV enabled in
brightmail ?

When you stopped exchange, possible emails going out are you an open relay ?
Is there anything in the queues
http://support.microsoft.com/?id=324958

Have you checked www.eventid.net for your event viewer stuff

--
www.smallbizserver.net (2000 and 2003)

microsoft.public.backoffice.smallbiz2000 (2000 NG)

microsoft.public.windows.server.sbs (2003 NG)

http://groups.google.com/groups?hl=en&safe=off&group=microsoft.public.backoffice.smallbiz2000

http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&safe=off&group=microsoft.public.windows.server.sbs

http://www.sbslinks.com/

"khaled azzaz" <khaledazzaz@discussions.microsoft.com> wrote in message
news:F2038065-F129-4945-81D5-ECBC8D24A8F1@microsoft.com...

Bill Swan · Guest

Forgot to ask....

Why are you not using ISA ?

--
www.smallbizserver.net (2000 and 2003)

microsoft.public.backoffice.smallbiz2000 (2000 NG)

microsoft.public.windows.server.sbs (2003 NG)

http://groups.google.com/groups?hl=en&safe=off&group=microsoft.public.backoffice.smallbiz2000

http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&safe=off&group=microsoft.public.windows.server.sbs

http://www.sbslinks.com/

"khaled azzaz" <khaledazzaz@discussions.microsoft.com> wrote in message
news:F2038065-F129-4945-81D5-ECBC8D24A8F1@microsoft.com...

khaled azzaz · Guest

AV is enabled in Brightmail. I am going to try to disable it. I checked the
event id, but no help. ISA was not used from the begining because the
previous IT guy felt no need for that since he had plenty of security
software around to play with.

Thanks for the reply

"Bill Swan" wrote:

khaled azzaz · Guest

Forgot to tell...
I do not think we are an open relay. I always check the queue. It is always
empty or one or two enteries to be processed.
I tested for open relay 3 months ago, it came negative. Do you think that
things changes regarding being an open relay or not when we do some updates?

Thanks again

"Bill Swan" wrote:

Stuart Mackie [MCP, MSP] · Guest

Hi Khaled. When you server becomes bogged down do you have any items in
your Symantec Corp Edition (Central Quarantine or Local Server Quarantine)
or Brightmail Quarantine ?

When you say Symantec Email Security, do you mean Symantec Mail Security for
Exchange or Norton AV For Exchange ?

"> I am not running all these AV together on one box."

Just to check how many servers do you have and what software is installed on
which server ?

When your server becomes bogged down with all your AV etc running open the
Task Manager select the Processes tab, and click on the CPU column until the
process with the highest CPU value is listed at the top all the time. Do
you have one particular process which is consuming a large amount of the CPU
for extended periods of time e.g. IcePack.exe ?

What patch did Symantec ask you to install ?

What virus's were found on the server(s) ?

--
Hth,
Stuart Mackie [MCP, MSP]

"khaled azzaz" <khaledazzaz@discussions.microsoft.com> wrote in message
news:F2038065-F129-4945-81D5-ECBC8D24A8F1@microsoft.com...

khaled azzaz · Guest

Thanks guys for the reply.
It is Symantec Mail security, Norotn AV for Exchange.

I did some more search, and here what I have noticed.
I checked the queue in exchange system manager, and this afternoon the
"Messages pending submission" grew from 481 messages to more than 800
messages, eventhough the MS exchange store services are stopped.

Also, "Messages awaiting delivery lookup" grew from 47 to 109.

At the end of the list, there is something like that:
Small Business SMTP Connector-tollbrothers.com (smtp connector)

It has three pending messages that I can not delete.

do I have some mass mailing worm or virus runing on the network or the
server probably?

Any help please?

Thanks

"Stuart Mackie [MCP, MSP]" wrote:

	Windows Server Forum Index -> Small Business Server 2003	All times are GMT
Page 1 of 1