Search

Happenings – April Fools Week

Over the past couple of days I’ve been fighting text messages from Postini that one of our Internet connections used to transfer e-mail was flapping for about 10-90 seconds every night. It would happen almost like clockwork: exactly 12:38AM every morning. Thinking that it was trouble with our ISP, I notified them of the issue. They didn’t seem concerned but scheduled a software update and reboot on our equipment anyway.
The Monday following April 1st, at 8:36AM the Exchange server lost connection with the rest of the network. Going in to VSphere, Ben found the system unresponsive. Just as he was about to hit the virtual power button, the screen unfroze. Perusing the event log was uneventful. The only thing that we could find of significance was a SCSI event about delayed writes to the disk. I was really worried about disk contention on the VM host but this system has been running trouble-free for about a year. The database has not grown either.
Regardless, I took the database offline and ran an ESEUTIL to defrag it. Then I defragged the virtual disk. Viewing the logs after the Information Store came back online, I found event 9580:

“Virus scanning is enabled but diagnostic logging for ‘Virus Scanning’ category is turned off. To see diagnostic events related to virus scanning, increase logging level for ‘Virus Scanning category using Exchange System Manager.”

So, into the ESM I went to turn on virus debug logging. Now I’m getting the events delivered to The Dude and the event viewer. Come to find out, the McAfee GroupShield product was not working properly. We’re now on the phone with McAfee tech support to figure out what went wrong.

Advertisements

One Comment on “Happenings – April Fools Week”

  1. martin says:

    Man – that article reminded me of some of the problem’s we had with McAfee’s antivirus installed on our site PC’s a couple of years ago. Random PC’s would intermittently restart for no reason, nothing recorded in the logs at the restart time, and of course when we contacted McAfee – they could find nothing wrong. PC’s without the AV were fine though. My advice – go with Symantec, never looked back and no frustrated user breathing down your throat 😉


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s