Tuesday 23 September 2008

Uninstalling AVG Anti-Virus SBS Edition broke my MS Exchange

The licence for my AVG Small Business Server 2003 Edition recently came to an end and after looking around I decided that rather than renew it I'd replace it with Microsoft's new Forefront products. This is probably vast overkill, but I figured it'd be interesting to see how it all works and I generally prefer vast overkill anyway.

What I discovered was that it's quite an involved process to get all the various pieces installed and working (ever the way with 'Enterprise software') so I uninstalled the AVG software and for a little while now have been going without protection on this server. Yeah, yeah, bad idea I know.

Shortly after uninstalling I found that Outlook clients couldn't connect to the Exchange server on this box. Not only that, but people were getting bounce emails saying that their messages couldn't be delivered. Thankfully I route all emails through another external email server (with its' own anti-virus and spam filtering) before having them forwarded through to my internal Exchange server so I wasn't actually losing the emails, but clearly something was wrong. I tried the old 'restart the box' trick but even this didn't work so I turned my attention to the Event logs and started to look for any errors of warning. What I found, amongst others not seemingly relevant, were the following:

Event Type: Error
Event Source: MSExchangeFBPublish
Event Category: General
Event ID: 8197
Date: 19/09/2008
Time: 11:18:36
User: N/A
Computer: The server name
Description:
Error initializing session for virtual machine SERVER01. The error number is 0x8004011d. Make sure Microsoft Exchange Store is running.

Event Type: Information
Event Source: EXCDO
Event Category: General
Event ID: 8196
Date: 19/09/2008
Time: 11:17:13
User: N/A
Computer: The server name
Description:
Calendaring agent is stopping successfully.

Event Type: Information
Event Source: EXOLEDB
Event Category: General
Event ID: 101
Date: 19/09/2008
Time: 11:17:13
User: N/A
Computer: The server name
Description:
Microsoft Exchange OLEDB has successfully shutdown.

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9564
Date: 19/09/2008
Time: 11:17:12
User: N/A
Computer: The server name
Description:
Error 0x80004005 starting the Microsoft Exchange Information Store.
Failed to init VSERVER.

Event Type: Error
Event Source: MSExchangeIS
Event Category: Virus Scanning
Event ID: 9581
Date: 19/09/2008
Time: 11:17:12
User: N/A
Computer: The server name
Description:
Error code -2147467259 returned from virus scanner initialization routine. Virus scanner was not loaded.

What I took from these was that due to my uninstalling the anti-virus software Exchange was now broken because the Microsoft Exchange Information Store couldn't now start.

A quick google on 'Error 0x80004005 starting the Microsoft Exchange Information Store' led me to an Experts-Exchange post, and scrolling to the bottom informed me about a registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan. I changed this, as suggested, so that Enabled is set to 0, restarted the server, waited a few minutes, started Outlook and held my breath. Very quickly emails started to flood in to their relevant folders.

Now all I have to do is get the Forefront products up and running nicely, and then probably upgrade my infrastructure to Server 2008 and Exchange 2008 (following the new branch office configuration).

9 comments:

Anonymous said...

Thank you so much for sharing this experience. The same thing just happened to me an your blog just saved my skin.

Anonymous said...

Thnx! this also worked for me!!!

Matt Jurcich said...

Saved me at one site as well, thanks for the info! AVG 7.5 for Exchange did not cleanly uninstall.

-Matt
www.invisik.com

SD said...

Just wanted to say a quick thanks as well. We had our issue when the installation of AVG failed on the exchange server. The same method you described save us.

Free Virus Protection said...

nice blog interesting article.

Yeps A said...

Thank you! Thank you! Thank you!

rmcphaden said...

Excellent worked a treat

Many thanks

Anonymous said...

Even in 2011 (with Exchange 2007 and AAVG 8.6) this a very helpful post! Thanks very much. This problem has been buggin me for 6 hours!

Anonymous said...

Wonderful. Saved my bacon. Thanks!!!!