0

The server I'm managing was hit by spam (I think targeted) through an Anonymous relay that was setup and has since been disabled.

The server has 12GB of RAM and there was about 238,000+ of spam emails in the queue; mail.que was 5GB and EdgeTransport.exe was using 9GB of memory and the server's memory usage was at 99%.

What I did was stop the service Microsoft Exchange Active Directory Topology Service, and then deleted the mail.que file.

I started all the Exchange services except Exchange Transport Service which starts and quits.

I searched online and found out I have to use eseutil to repair the pasettings.edb file (Dirty shutdown) but I don't know what log file to pass according to the documentation and answers I found online.

And keep in mind mail.que was deleted from the directory.

Which log file do I need to pass to eseutil.exe along with the EDB file?

EDIT: Fixed

I first had to repair pasettings.edb and because I deleted mail.que I had to recover the whole folder for the queue file to match the logs, restarted MSExchange Transport and everything was back to normal.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
chx101
  • 101
  • 4
  • Welcome to ServerFault. Go ahead and answer your own question with your edit and then accept it when it allows it. – TheCleaner Mar 12 '15 at 18:42

2 Answers2

1

There is a walkthrough on cleaning up the Sender Reputation Database pasettings.edb here. (http://exchangeserverpro.com/event-id-454-and-17003-a-corrupt-sender-reputation-database-causes-exchange-server-2007-transport-service-to-stop/)

The long and short is (cause the link above might disappear) 1) run integrity check "eseutil /g pasettings.edb" 2) attempt to recover the database "eseutil /r /a trn" 3) if #2 fails then recover it.. "eseutil /p pasettings.edb" 4) even if #3 succeeds, it still may fail to start. Move all the files out of the "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\SenderReputation" folder (article says delete). and the system will rebuild a new one when the Transport service is started.

MikeAWood
  • 2,566
  • 1
  • 13
  • 13
  • I haven't tried this yet but looked at the link you provided. In my last attempt before posting my question here, I did move the whole folder but Transport Service still failed with an event that looked something like "Microsoft.Exchange.Isam.IsamAttachedDatabaseMismacthException". The exception given in that link differs an I'm just wondering if this won't worsen the situation if it just happens to be a "wrong solution". But I'll just backup the whole Exchange folder anyway ehehe. :) – chx101 Mar 12 '15 at 02:23
  • I tried that solution, same results. – chx101 Mar 12 '15 at 14:25
0

I first had to repair pasettings.edb and because I deleted mail.que I had to recover the whole folder for the queue file to match the logs, restarted MSExchange Transport and everything was back to normal.

chx101
  • 101
  • 4