Sunday, January 25, 2009

20090126 - TCPIP not working

Servers had been restarted and Windows Security updates applied. Exchange server appears to be up but not responding on the network. No RDP, No Ping, no email, etc. Found IPSEC service not started and error message in logs.

Event Type: Error
Event Source: IPSec
Event Category: None
Event ID: 4292

Description: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.

Found this could be caused by Security Update when DNS service randomly picks a port that a service uses. In this case it was IPSEC.

Added the following Reserved ports in the registry:

1645-1646 - Used by IAS
1701-1701 - Used by L2TP
1812-1813 - Used by IAS
2883-2883 - Used by AUTD
4500-4500 - Used by IPSEC

Restarted and access back. Restarted BES server and sent test...

This is from the Official SBS here to see this blog

Saturday, January 10, 2009

20090110 - Pool memory errors and Liveupdate problems

Getting Event

Type: Error
Event Source: Srv
Event Category: None
Event ID: 2020
Date: 1/9/2009
Time: 6:39:59 AM
User: N/A
The server was unable to allocate from the system paged pool because the pool was empty.

This started around the time I noticed problems with Liveupdate installs. I had also seen this error on another machine running Symantec Mail Security and Anti-virus server. This error was caused by the symantec software. So I updated the pool memory settings (see below for recommendation by Microsoft if you get these errors)

LiveUpdate Errors
Running BackupExec 12 Rev 1364 SP1. Getting the following error in LiveUpdate (also install errors reported in event log) "LU1812: A program that was part of this update failed when it ran. This update was not applied."

Confirmed: BackupExec Services uses Administrator account which I'm logged in as when I run LiveUpdate.

Checked the log in C:\Documents and Settings\All Users\Application Data\Symantec\Backup Exec\Logs\Bkupinst.htm. And found V-225-136: The patch failed to install. Return code: 1602

Cleared C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads folder. It had over 1000 files... some over 3 months old

Still getting the error.

Manually downloaded SP2 and installed.

Ran liveupdate again and it began doing the 1 thru 8 patches it had run before SP2. I stopped and uninstalled LiveUpdate ( and installed Ran and it still began the 1 thru 8 patches. This time I let it download and install...and it was successful.

Microsoft Recommendations for Pool Memory
The following tuning recommendation has been helpful in alleviating the problem with pool memory issues:
Start Registry Editor (Regedt32.exe).
Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management
On the Edit menu, click Add Value, and then add the following registry value:
Value name: PoolUsageMaximum
Data type: REG_DWORD
Radix: Decimal
Value data: 60
Setting the value at 60 informs the Memory Manager to start the trimming process at 60 percent of PagedPoolMax rather than the default setting of 80 percent. If a threshold of 60 percent is not enough to handle spikes in activity, reduce this setting to 50 percent or 40 percent.
Value name: PagedPoolSize
Data type: REG_DWORD
Radix: Hex
Value data: 0xFFFFFFFF
Setting PagedPoolSize to 0xFFFFFFFF allocates the maximum paged pool in lieu of other resources to the computer.
Quit Registry Editor.
Restart the server for the changes to take effect.