All of my Exchange 2010 services are stopped and disabled. Have I been hacked?

Recently Microsoft release Exchange service pack 1 rollup 7 unfortunatly this software was not tested. We have had multiple clients experience issues. To resolve follow the steps below or contact N2 Network Solutions.
Time and Material – 10.12.12 – exchange down
1.Set all exchange services to startup type according to default values:
http://technet.microsoft.com/en-us/library/ee423542.aspx
2.Check/set World Wide Web Publishing Service startup to auto
3.Check/set IIS Admin Service startup to auto
4.Check/set Windows Management Instrumentation startup to auto
5.Check/set Remote Registry startup type to auto
6.Restart server (starting services themselves did not seem to work properly)
7.Check System log for DistributedCOM 10016 error:
should it appear, find out which service is causing the problem by looking at HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSID in the log} (most likely IIS Admin Service), run component services->DCOM Config->IIS Admin Service, properties and set local launch permission for the user mentioned in the log (in my case IIS APPPOOLDefaultAppPool – just do add, paste the whole IIS APPPOOLDefaultAppPool and check names). Restat server. This should handle the DCOM problem.
8.should be able to access Exchange mgmt console.
9.Check if OWA works, actually if any IIS folders work (in my case IIS was running but returning error 500). In this case use this guide Reset Client Access Virtual Directories.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply