ESET Mail Security for Exchange 4.2 Hanging Exchange & Outlook

Just overwrite them in the safe mode of Windows.

 

I see, ours is Exchange 2003 SP2 on Windows Server 2003 R2 SP2 member server, only odd thing is the excessive NODxxxx.tmp files in C:\WINDOWS\Temp\, currently 22,077 in ours after the last cleanout of 65,540 originally when it was hanging.

Different issue to NOD/Exchange/DC hanging/rebooting.

 

And it happened again, even with the new driver that sape posted. It seems that the problem occurs when an employee connects to Exchange with RPC over HTTPS (Outlook Anywhere). Can someone confirm this?

 

We have several users connecting with RPC over HTTPS (Outlook Anywhere, Exchange 2010) including myself. A couple of times the server hangs occurred when I opened Outlook first thing in the morning, which made me think that there might be a link there as well.

However, as we have users connecting at different times all over the day, surely this was just a coincidence.

 

After I installed a new PC at the home of the eployee, I did also setup Outlook 2007 with RPC over HTTPS. Because the mailbox was quite big, I decided to leave the computer turned on for the whole night so that Outlook could download the complete mailbox.

That night my SBS2008 server restarted 2 times! I agree that it doesn't happen always, but I think that there is definitely a relation...

 

We also thought that the Outlook Anywhere could have been an issue a few months ago. However we were never able to narrow down for sure if it was causing the issues. We had lockups both with/without an Outlook session connected over HTTPS Outlook Anywhere.

 

Did it work for you? I'm facing the exact same problems with a clients SBS2008 box but didn't had the time to try the update yet.

 

I used to leave my Outlook 2007 (rpc over http(s)) running over night because I thought it made my Exchange server less likely to reboot/hang.

I can also report that I have been running a competitive demo product after un-installing ESMX due to these reboot/hanging issues. It has now been 11 days without a single problem! Which is unheard of when I was running ESMX. Come on Eset, it's time to fix this problem!

 

I'm glad I finally stumbled across this post to find I am not alone. For maybe 6 months we have dealt with EMSX 4 freezing our Exchange server. It goes away when we uninstall the software, and returns when we reinstall the software. The server will freeze, and the freeze will occur anywhere from 10 minutes to 8 days of run time. I've had no luck pinpointing a trigger for the freeze.

We run Exchange 2010 on a Windows 2008 R2 install in Hyper-V, running on Windows 2008 R2 host. Neither are DCs. The Exchange server is the only VM on this machine, which is an HP ML350 G6. When the server freezes, the Hyper-V Heartbeat status changes from OK to Lost Communication and I have to force it to Turn Off before I can boot it up again.

At this point, there is no AV installed on the VM or the host, as that's the only way to keep it stable. (Although, the host AV appears to have no impact on the freezing.) I have not tried reinstalling since Exchange 2010 SP1 because I just can't take the freezing anymore.

 

Yep, same issue in our environment. We have three exchange servers (two front ends that have Hub Transport and Client Access roles that are round-robined) and a clustered mailbox server.

We had Forefront for Exchange installed but we decided to go with ESET because our experience on the desktop NOD32 side was so positive, but now it's hanging our front-end exchange servers randomly and they require hard resets to fix. Uninstalling ESET mail security fixes the problem. They are Server 2008 VMs.

I guess one question I have is regarding how it is properly installed. Forefront for Exchange was installed only on the front-end hub transport/client access servers and not the mailbox server. Does ESET need to be on the mailbox servers or can it just be installed on the hub transport/client access roles?

Thanks everyone

 

You mention its crashing your front-end servers, so I doubt leaving EMSX off the Mailbox server is going to eliminate the problem.

Is it crashing the Mailbox server? If not, I wonder if there is a way we can install ESMX in a crippled configuration that at least provides minimal protection to the mailbox stores.

 

I actually never installed it on the mailbox servers because Forefront was never installed on them. Since all mail flow goes through the front-end before it hits the mailboxes I was going with the assumption that ESET would function similar to Forefront.

I suppose I could try just running it on the Mailbox servers, but with the issues so far on the front ends I'm pretty hesitant.

What's interesting is that it doesn't actually "crash" the VMs, it just spikes the CPU to the point where it stops responding to pings and you have to reset the VMs due to the console being unresponsive.

 

Yeah, that's the same problem we run into. It doesn't crash, it hangs indefinitely until you intervene to force it to restart.

We use an external port monitoring service to tell us when servers or connections go down, so it monitors port 25 on our Exchange server. When the Exchange server hangs from this issue, the service does not kick off an alert. If we shut the server down normally, the alert goes out as expected.

 

Firstly, check to see if you're suffering the NOD temp files problem, look in C:\WINDOWS\Temp for a load of NODxxxx.tmp files, if so, delete them all and might have to restart services.

Otherwise, I found disabling VS API but leaving Transport agent running worked ok, before we removed the temp files.

I've heard on the underground there's a 4.3 of NOD for Exchange on the way that will fix some of these issues and support Exchange 2010 SP1.

 

For the people who are following this thread: the driver update mentioned before posted by 'Sape' has fixed my problems with a crashing SBS2008 box.

 

I can definitely confirm that Exchange with RPC over HTTPS (Outlook Anywhere) creates the problem for SBS 2008 (Exchange 2007 Sp3). I'm running SBS 2008 under vSphere 4.0u2 on a Dell T410.

As long as I access Exchange from within my office I never experienced any problem.

As soon as I'm connection from outside with Outlook or my Smart Phone I get problems. It does not happen immediately, sometimes you can try a whole day long. But most often it happens within an hour.

Since I uninstalled ESMX 4.2.10019 everything is fine.

 

ESET support got back to me and told me to rename the epfwwfpr.sys file located in c:\windows\system32\drivers in safe mode and then restart the server.

So far this has fixed the issue for me (hanging the OS till you reset it). It's been going strong for 3 days when before it would hang after only a couple hours.

 

My other product 30 day demo was about to run out so I needed to re-install Eset Mail Security. Within 12 hours I had two system hangs and then HP ASR automated restarts.

I had been in touch with Eset regarding my problems and they told me the same thing, rename “c:\windows\system32\drivers\epfwwfpr.sys” (in safe mode) which I did last night. I hope it works!

As it stops the Http firewall/scanning module from loading you will see a warning to this in the Eset logs and Protection Status window. You won’t have Internet browsing protection but your core mail scanning modules will still be enabled.

Maybe the RPC over Http(s) comms irritated this Http firewall/scanning module?

Apparently the soon to be released 4.3 version will fix this issue.

 

Please keep us posted on whether or not the fix works! If you get over a week of up-time, I will reinstall and give it a try.

 

I don’t think I am being premature, but this fix seems to be working great. Server has been stable all week. Looks like this workaround works, thank heavens.

 

I have said that before. I have not had a problem (41 days up without a lockup) since I uninstalled ESET Mail Security and re-Installed the latest version 4.2.1..19.0. So either that resolved it, or the problem just magically resolved itself, or I can expect another lockup anytime. When do I call it resovled? 3 months, 6 months?

 

Nice to see they have time to change the look and feel of their website. While I wait wondering when my server is going to lock up next..

 

I renamed the epfwwfpr.sys in safe mode file yesterday. Until now, the SBS2008 server is running fine. I will keep you updated!

 

Yep, over a week of uptime for me so far

 

Microsoft was contacted and dumps provided. So far everything points to a bug in Windows. The next version of EMSX will have an option for disabling the WFP driver completely until a hotfix from MS is available.