Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Incoming mail flow stops, or the SMTP service fails when you try to fail over a node in Exchange Server 2003 or in Exchange 2000 Server after you install McAfee VirusScan Enterprise


View products that this article applies to.

Symptoms

Symptom 1

You install McAfee VirusScan Enterprise 8.0 or McAfee VirusScan Enterprise 8.0i on Microsoft Exchange Server 2003 or on Microsoft Exchange 2000 Server. When you do this, you may experience the following symptoms:
  • Incoming mail flow stops.
  • You cannot telnet to port 25 on the server that is running Exchange Server. When you try to telnet to port 25 on the local host, you receive the following error message:
    Connecting To localhost...Could not open connection to the host, on port 25: Connect failed

Symptom 2

You install McAfee VirusScan Enterprise 8.0 or McAfee VirusScan Enterprise 8.0i on both nodes in an Exchange Server 2003 or an Exchange 2000 Server clustered environment. When you do this, you may experience the following symptoms:
  • When you try to fail over a node, all resources come online, except the SMTP service.
  • The following event is logged in the Application log:

    Event ID : 1005
    Event Category : None
    Event Source : MSExchangeCluster
    Event Type : Error
    Computer : Server_Name
    Description : SMTP Virtual Server Instance 1 (Virtual_Server_Name): The IsAlive check for this resource failed. For more information, click http://www.microsoft.com/contentredirect.asp.

Symptom 3

You may see the following in the cluster log on a clustered Exchange Server 2003 computer or on a clustered Exchange 2000 Server computer:
00000410.00001290::2007/05/15-14:15:54.966 
Microsoft Exchange SMTP Server Instance <SMTP Virtual Server Instance � (EVS1)>: [EXRES]isalive failed in Connect Error Code: 10053. 

00000410.00001290::2007/05/15-14:15:54.966 
Microsoft Exchange SMTP Server Instance <SMTP Virtual Server Instance � (EVS1)>: [EXRES]DwProtocolCheckIsAlive failed. Will retry in 50 msec.

↑ Back to the top


Cause

These issues occur because the Access Protection feature in these McAfee products blocks port 25.

↑ Back to the top


Resolution

To resolve these issues, disable the "Prevent mass mailing worms from sending mail" rule in the Access Protection feature. To do this, follow these steps.

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.
Note The McAfee configuration settings are sometimes managed from a configuration server.
  1. Open the McAfee Virus Scan Console.
  2. Right-click Access Protection, click Properties, and then click the Port Blocking tab.
  3. Click to clear the Prevent mass mailing worms from sending mail check box, and then click OK.
  4. Exit the McAfee Virus Scan Console.

↑ Back to the top


Status

These issues are known to occur when you install McAfee VirusScan Enterprise 8.0 or McAfee VirusScan Enterprise 8.0i on Exchange Server servers.

↑ Back to the top


More information

In McAfee VirusScan Enterprise, configuration can be managed from a configuration server. In an Exchange Server clustered environment, the passive node may lose the connection to the configuration server when the passive node is offline for some time.

In this scenario, the passive node reverts to the default settings for McAfee VirusScan Enterprise. By default, the Access Protection feature enables the "Prevent mass mailing worms from sending mail" rule. This rule blocks port 25. When port 25 is blocked, SMTP traffic and "IsAlive" checks cannot occur.

For information about your hardware manufacturer, visit the following Web site: The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

↑ Back to the top


Keywords: KB908864, kbprb, kbtshoot, kbvirus, kbreceivemail

↑ Back to the top

Article Info
Article ID : 908864
Revision : 4
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 374