Posts Tagged Server 2003

Domain time syncing

I’ve been seeing this error on one of our domain controllers for awhile.

It’s a not a big deal, but annoying so I looked at fixing it today. Found this page about it and looked in the registry to check the settings it walks your through. The only thing that I needed to change was adding ,0x1 to the end of the servers since we weren’t using the IP addresses. I’ll check on it later to see if the error is still popping up.


This registry entry specifies a space-delimited list of stratum 1 time servers from which the local computer can obtain reliable time stamps. The list may consist of one or more DNS names or IP addresses (if DNS names are used then you must append ,0x1 to the end of each DNS name). For example, to synchronize the PDC Emulator in your forest root domain with, an open-access SNTP time server run by the United States Naval Observatory, change the value of the NtpServer registry entry from,0x1 to,0x1 here. Alternatively, you can specify the IP address of this time server, which is instead.


Leave a comment

Exchange server memory settings

Our Exchange server has been locking up lately, not terribly often so it isn’t the end of the world, but it obviously should not be happening at all. I eventually noticed an error in the event log that only shows up after a reboot so I didn’t notice it right away. We are running Exchange 2003 on a Server 2003 (32bit) box with 4 gigs of RAM. Hopefully upgrading this year…

Source: MSExchangeIS

Event ID: 9665

The memory settings for this server are not optimal for Exchange.

Then it links to the first article at the bottom of this post. Not being one who likes to jump right into registry settings on a server I first downloaded the best practices analyzer for Exchange and ran that to see if anything other issues came up and to see if it would be a little more helpful with what specific things I should look at for the memory problem.

The issues it found relating to memory utilization were:

  • ‘SystemPages’ set too high
  • ‘HeapDeCommitFreeBlockThreshold’ not set
  • ‘SystemPages’ setting – this second entry actually recommends the value to set it at to be zero.
  • USERVA is set incorrectly

The SystemPages setting was recommended to be set to zero in the BPA so I did that right away seeing as how it looked to be the easiest fix. The next two things I tried were adding the /3GB and /USERVA=3030 switches to the boot.ini file. Now right off the bat I didn’t think it worked properly because after hitting OK it showed 3030 being a separate OS entry even though I know I put it all on one line. I didn’t want to make all the registry changes at the same time in case I broke something so I held off on doing anything else. I rebooted the machine over night but still saw event 9665 in the log. Here is what the boot.ini file looked like after adding the switches:

[Boot Loader]
[Operating Systems]
multi(0)disk(0)rdisk(0)partition(2)\WINNT=”Microsoft Windows Server 2003″ /fastdetect /NoExecute=OptOut /3GB /Userva=3030

I googled the USERVA switch and came across a couple forums talking about them (the last 2 bullets) and they both said to replace the /NoExecute switch with /Execute. I did some research before making the change to see if it would really matter. I have a gist of what /noexecute does but do not fully understand the pros/cons of using it or not using it. So to test it out I swapped out the switches and right away noticed that 3030 was not listed in the drop down as an OS. That makes me think the switches are set properly.

I have yet to restart the Exchange server to test these changes. I am debating whether to do it tonight again or wait until Friday. It makes me cringe a little when I make changes that require reboots on the servers during the week. There is always that fear of them not coming back up properly. I think I will wait until Friday and report back – but I have a feeling this will work.

Update: After rebooting over the long weekend I came in today and ran the BPA again. All of the errors mentioned above were fixed. /win



Leave a comment

SideBySide errors in event viewer

I’ve been working a lot on our SMTP server configuring and watching a new spam filter. One of the features hasn’t been working quite right so went searching through the event log for anything that could possibly be related. This is what the event viewer looked like:

Not pretty. Every 15 minutes, on the dot, there was 6 errors in a row. So the hunt began. I wasn’t sure if this was related to the problem I was having but my spam filter is mentioned in one of the errors so I figured it wouldn’t hurt to fix it and if it helps, then great.  Here are the details of the 3 errors I was repeatedly seeing:

I started Googling to see what I could find and it turns out that there are quite a few things that will cause these errors to show up. The problem is that the errors aren’t specific enough to tell me which of the solutions would work. I can’t remember what sites I went to but the one solution that kept showing up was installing one of two Microsoft Visual C++ Redistributable Packages – either 2005 or 2008.

I tried 2005 but that didn’t make a difference at all. I then tried the 2008 package and ever since I installed it my event viewer has been perfectly clean – no errors at all.  I also installed a critical windows update, the net framework 3.5 I think is what it was. But I don’t think that was related to it. It would have been nice if the package I needed showed up in windows updates when I did the custom scan. But that would be too easy.



Leave a comment

Exchange 2003 and RBLs

We have a spam filter in place that I really do like.  It’s intuitive, has nice reports I can pull, and is easy to look at.  After I came into this job I noticed we were still getting more spam than we probably should.  It was getting sent to the quarantine folder, which is what was supposed to happen, but I felt like we shouldn’t have been getting the vast majority of the spam to begin with because the sources were on RBLs.  There is a setting in Sunbelt Email Security to enable RBLs but  if you have a perimeter network setup like we do there is no place to enter the IPs of the servers the mail passes through before hitting the mail server – the RBLs will not work.

The spam filter was working well enough, but well enough isn’t good enough for me when I know it can work better.  It was suggested that I install Exchange server in edge transport mode on the SMTP gateway/firewall and then install another copy of our spam filter on there to only handle the RBL portion of spam blocking.  But that didn’t seem like the best idea to me and my boss wasn’t sure if the licensing agreements we have would even allow that.  I didn’t like the idea of duplicating all of that and teaching myself to set up another version of exchange that would risk breaking mail for everyone here since I don’t have a test server to work on.

Originally I wanted to find out how to stop our firewall/SMTP gateway from stamping its IP address in the headers so that connection filtering would actually work in Email Security.  But endless hours of research did not find anything that worked.  I wanted to use Email Security because of the reports I could pull to find out where the spam was coming from and who it was going to, etc.  I finally gave in and came across information online about how Exchange 2003 has connection filtering.

Configure connection filtering in Exchange 2003

  1. Open Exchange System Manager -> Global Settings -> right-click Message Delivery -> Properties.
  2. The General tab is where you can add to the perimeter IP list if you have that type of network setup.
  3. Connection Filtering tab -> under Block List Service Configuration click Add.  Add any blacklists to this list that you want to use.  I’m using Spamhaus and Spamcop.
  4. I left all other settings as default.  But you could change the error message that a person receives when attempting to send email to you if they are on a blacklist.  See the source at the bottom for directions on how to do that.

Enable connection filtering on the virtual SMTP server

  1. Open Exchange System Manager -> Administrative Groups -> your domain -> Servers -> (server name) -> Protocols -> SMTP -> right-click on the virtual server you want to apply connection filtering to and go to properties.
  2. On the General tab click advanced, then edit and check the box for Apply Connection Filter.  Once you Hit OK on all the boxes and get back to Exchange System Manager you need to restart the virtual server you applied the filter to before it will take affect.  To do that you just right-click the virtual server and choose to stop the server and then do that again to start it.

Immediately after restarting the virtual server I was getting notifications for emails getting bounced because their source was on the blacklists I provided.  I had to disable the notifications so I wouldn’t get flooded, but it’s worth it.  Just in one day we’ve gone from 416 emails deleted or quarantined to 74.


, ,

Leave a comment

Cannot run executables in Server 2003

I came across a weird problem today on one of our servers where it wouldn’t let me install a program.  It said I might not have the permissions to access the file.  The first attempt was trying to install the file I had just downloaded from another computer onto one of the network drives.  I then tried downloading it directly onto the server and saving it on my desktop, but got the same error.  How could I not have permissions to install a file that I had just downloaded to my own desktop?

I looked around online and found some places that suggested uninstalling Internet Explorer enhanced security configuration (IEESC) so I tried that, but it didn’t do anything.  Then I noticed that when looking at the properties of the file, there was an unblock option under the general tab.  I’ve installed things on this server before and don’t recall ever having to do this, so I don’t know what has changed.  I think it’s pretty stupid that I have to unblock a file that I downloaded myself onto the server since I am the administrator.