Exchange 2007 / 2010 change the SMTP Banner

KB ID 0000327

Problem

If you want to shield the outside world from seeing what mail platform you are running, or even if you just want to deter the casual script kiddy who is trying to remote fingerprint a massive range of IP addresses. Changing the SMTP response banner is quite simple to do.

Out of the box we know we are running a Microsoft mail platform

Solution

1. Open Exchange System Manager and find the name of your “Receive Connector” (Server Configuration > Hub Transport > Receive Connectors).

2.Open the “Exchange Management Shell” and issue the following powershell command,

[box]Set-ReceiveConnector “name of the connector” -Banner “220 The text you want to display”[/box]

3. Then your banner should be changed (you don’t need to restart anything).

Changing the SMTP Banner for Exchange 2000 / 2003

1. Drop to command line and issue the following commands,

[box]

cd c:inetpubadminscripts
cscript adsutil.vbs set smtpsvc/vsi number/connectresponse “220 The text you want to display”

[box]

Note: c:inetpubadminscriptsadsutil path may be different in your Exchange server. And “vsi number” is the number of your SMTP virtual server, this is nearly always 1, check in your Exchange System Management console to make sure.

How to locate your VSI Number

2. Then restart the SMTP service.

Related Articles, References, Credits, or External Links

NA

Exchange – Unable to Mount Stores (log file missing)

KB ID 0000348

Problem

Exchange fails to mount a database and complains, with an error like the one below when you try and mount it manually.

Error:
Mailed to mount database ‘ database name’
Error:
Exchange is unable to mount the database that you specified. Specified
database {your server name}{path to database}{database name}; Error code:
MapiExeptionCallFailed: Unable to mount database. (hr=0x80004005,
ec=1032)

You may also see the following errors in the event log,

Event ID 9518

Log Name: Application
Source: MSExchangeIS
Date: 04/11/2010 13:51:09
Event ID: 9518
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: servername.doaminname
Description:
Error 0xfffffbf8 starting Storage Group /DC=local/DC=hc/CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=First Organization/CN=Administrative Groups/CN=Exchange Administrative Group (FYDIBOHF23SPDLT)/CN=Servers/CN=SERVERNAME/CN=InformationStore/CN=First Storage Group on the Microsoft Exchange Information Store.
Storage Group – Initialization of Jet failed.

Event ID 489

Log Name: Application
Source: ESE
Date: 04/11/2010 13:51:09
Event ID: 489
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: servername.domainname
Description:
MSExchangeIS (2476) First Storage Group: An attempt to open the file “C:Program FilesMicrosoftExchange ServerMailboxFirst Storage GroupMailbox Database.edb” for read only access failed with system error 32 (0x00000020): “The process cannot access the file because it is being used by another process. “. The open file operation will fail with error -1032 (0xfffffbf8).

Additionally if you have McAfee (and it caused the problem) you may also see,

Event ID 259

Log Name: Application
Source: McLogEvent
Date: 04/11/2010 13:45:33
Event ID: 259
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: servername.domainname
Description:
The file C:Program FilesMicrosoftExchange ServerMailboxFirst Storage GroupE00.log�00074b5.js contains the JS/Redirector Trojan. Undetermined clean error, deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6156.0000.

Solution

Essentially we are missing a log file and the database is not happy, in my case the AV software had quarantined the file and even restoring it didn’t fix the problem.

1. Before you proceed make sure that the folder that contains the log files, is NOT included in your AV scan in the future, to negate this happening again.

2. We need to repair the database, click start > run > cmd {enter}.

3. At command line, change directory to the exchange “bin” directory with the following command,

[box]
cd “C:Program filesMicrosoftExchange ServerBin”
[/box]

Note: Your “bin” directory may be elsewhere check the path.

4. MAKE SURE the drive has plenty of spare room – there needs to be 110% the size of the database FREE for this process to work. If that’s a problem you need to copy the database to a larger drive for this procedure.

Note: You can carry out the procedure on another drive, to run eseutil you need the following three files (eseutil.exe, ese.dll, and exchmem.dll)

5. Take a copy of the broken database and put it somewhere safe.

6. Execute the following command,

[box]
eseutil /d “C:{path to the database}{database name}”
[/box]

7. Depending on the size of the database this can take a little time. When complete it will say DONE.

8. Now locate the directory that has the log files in it, (it will be on the properties of the storage group – in this example you can scroll left and right to see the full path).

9. Copy all the log files to the same place you copied the database earlier. (Note: they will all start E00xxxxx in this case).

10. Remount the affected database.

 

Related Articles, References, Credits, or External Links

NA