Microsoft KB Archive/908864

= Incoming mail flow stops, or the SMTP service fails when you try to fail over a node in Exchange Server 2003 or in Exchange 2000 Server after you install McAfee VirusScan Enterprise =

Article ID: 908864

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange 2000 Server Standard Edition

-



Symptom 1
You install McAfee VirusScan Enterprise 8.0 or McAfee VirusScan Enterprise 8.0i on Microsoft Exchange Server 2003 or on Microsoft Exchange 2000 Server. When you do this, you may experience the following symptoms:  Incoming mail flow stops. You cannot telnet to port 25 on the server that is running Exchange Server. When you try to telnet to port 25 on the local host, you receive the following error message:

Connecting To localhost...Could not open connection to the host, on port 25: Connect failed



Symptom 2
You install McAfee VirusScan Enterprise 8.0 or McAfee VirusScan Enterprise 8.0i on both nodes in an Exchange Server 2003 or an Exchange 2000 Server clustered environment. When you do this, you may experience the following symptoms:  When you try to fail over a node, all resources come online, except the SMTP service.  The following event is logged in the Application log: Event ID : 1005

Event Category : None

Event Source : MSExchangeCluster

Event Type : Error

Computer :

Description : SMTP Virtual Server Instance 1 : The IsAlive check for this resource failed. For more information, click http://www.microsoft.com/contentredirect.asp. 

Symptom 3
You may see the following in the cluster log on a clustered Exchange Server 2003 computer or on a clustered Exchange 2000 Server computer: 00000410.00001290::2007/05/15-14:15:54.966 Microsoft Exchange SMTP Server Instance : [EXRES]isalive failed in Connect Error Code: 10053.

00000410.00001290::2007/05/15-14:15:54.966 Microsoft Exchange SMTP Server Instance : [EXRES]DwProtocolCheckIsAlive failed. Will retry in 50 msec.

<div class="cause_section">

CAUSE
These issues occur because the Access Protection feature in these McAfee products blocks port 25.

<div class="resolution_section">

RESOLUTION
To resolve these issues, disable the &quot;Prevent mass mailing worms from sending mail&quot; rule in the Access Protection feature. To do this, follow these steps.

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

Note The McAfee configuration settings are sometimes managed from a configuration server.
 * 1) Open the McAfee Virus Scan Console.
 * 2) Right-click Access Protection, click Properties, and then click the Port Blocking tab.
 * 3) Click to clear the Prevent mass mailing worms from sending mail check box, and then click OK.
 * 4) Exit the McAfee Virus Scan Console.

<div class="status_section">

STATUS
These issues are known to occur when you install McAfee VirusScan Enterprise 8.0 or McAfee VirusScan Enterprise 8.0i on Exchange Server servers.

<div class="moreinformation_section">

MORE INFORMATION
In McAfee VirusScan Enterprise, configuration can be managed from a configuration server. In an Exchange Server clustered environment, the passive node may lose the connection to the configuration server when the passive node is offline for some time.

In this scenario, the passive node reverts to the default settings for McAfee VirusScan Enterprise. By default, the Access Protection feature enables the &quot;Prevent mass mailing worms from sending mail&quot; rule. This rule blocks port 25. When port 25 is blocked, SMTP traffic and &quot;IsAlive&quot; checks cannot occur.

For information about how to contact McAfee, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Additional query words: Mass mailing worm port 25 XCON

Keywords: kbreceivemail kbvirus kbtshoot kbprb KB908864

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.