Search This Blog

Friday, 30 July 2010

GFI Mail Essentials Debug Logs and disk fragmentation

I often find that the disk which has GFI Mail Essentials installed has fragmentation issues and the files that are fragmented are the Debug log files. These files are not needed unless you need to debug, but the setting is on by default and causes your disk to become fragmented.

I switch these off unless I need to debug and keep my drive from fragmenting. You can switch the debug logs off in the registry here

GFI MailEssentials version 2010(x86): - [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME15\Config]
GFI MailEssentials version 2010(x64): - [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GFI\ME15\Config]
GFI MailEssentials version 14(x86): - [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME14\Config]
GFI MailEssentials version 14(x64): - [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GFI\ME14\Config]
GFI MailEssentials version 12(x86): - [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME12\Config]
GFI MailEssentials version 12(x64): -[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GFI\ME12\Config]
GFI MailEssentials version 11: - [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME11\Config]
GFI MailEssentials version 10: - [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME10\Config]
GFI MailEssentials version 9: - [HKEY_LOCAL_MACHINE\SOFTWARE\GFI Fax & Voice\ME9\Config]

A dword value named ‘debug’ should be found in this location. If the value does not exist a new DWORD value called ‘debug’ should be created manually.

Change the ‘debug’ dword value as follows:
To disable debug logging, change the ‘debug’ dword value to ‘0’
To enable debug logging, change the ‘debug’ dword value to ‘1’

Once complete restart the IISAdmin Services and GFI Mail Essentials Services. Then you can delete the actual log files.

Tuesday, 27 July 2010

ISAlog.bak and ISALog.bin

If you have a server with ISA Server 2004 installed you will find in the C: partition the files ISAlog.bak and ISALog.bin

These files will be approx 400MB in size and often taking up valuable disk space on an older system.

The files are not necessary and are for Microsoft PSS to use if you have a case open with them. You can remove these files by editing the registry key


Set this value to 0 and reboot the server, you can then delete the files manually and reclaim the disk space.

Thursday, 22 July 2010

How to monitor for when an application terminates

I have had an application that needs to run on a SBS 2008 Server as an interactive user, the application runs from a mapped network drive and then runs from the system tray.

If the application is running it works fine, but it will on occasion terminate with no error, this means that emails do not get sent from the clients workstations and it can be hours before it is noted that the application is not running.

So I decided I needed to know if this application closes or terminates, I could then restart the application automatically and know that my users can still send emails.

I started by looking to see if I could run the application as a service so I did not need the server logged on with an interactive user, I used the SRVANY.EXE application from the Windows 2003 Resource Kit and then created a service using SC.EXE and set this to run my application as local system and interactive with the desktop.

This did run the service but the application did not load into the desktop and as a result did not work so I decided this was not the solution.

Next I looked for an application that would monitor a process and then alert when this occurred, I found Application Monitor here

This allows you to specify the application you want to monitor, how often it checks to see if it is running and then will restart the application if it detects that it is not running. I quickly setup the EXE as a check and tested by closing the application manually and the Application Monitor restarted the application!

There is no event log monitoring which would have been nice for our Managed Services application that could have notified our helpdesk, but it does work for a quick fix!

Monday, 19 July 2010

Snap shot delete stops at 95% on ESXi Server

I had taken a snapshot of a server pre Windows Updates and had not deleted this snapshot for four days, when I came to delete the snapshot I could see that the process had jumped to 95% and then stayed at this level for some considerable time.

This is by design, the snapshot is a differencing file and has to write the changes back to the VMDK file and so this takes some time to complete. Don't worry in this situation, just wait for the process to complete and this may take several hours!

Tuesday, 13 July 2010

Missing Toolbar in SharePoint Services 3.0

I had a customer today report that the Calendar List they had in Sharepoint 3.0 had suddenly gone missing. I looked at the site and I could see when I selected the Calendar list there was indeed no content or menu bar options for New, Action or Settings.

My first thought was that the List was probably still in Sharepoint but it had somehow got hidden, so I looked into the way to edit the page and find if the list had been hidden.

This is achieved but using the Site Actions, Edit Page option in the top right, you can then choose to Add a Web Part. At the bottom of the web parts list is the "Advanced Web Part gallery and options" link, choose this and a side bar opens and you are shown the option for Closed Web Parts.

In this Closed Web Parts was the Calendar List I was looking for, I added this back to the page and saved the changes and the Calendar was back in place.

Monday, 12 July 2010

Message rejected as spam by Content Filtering

We use a cloud based email security scanning service called GFI Max Mail Protection and on the whole this is a well priced and effective service. But recently my MD noticed that he no longer received his daily digest emails from the service.

I looked at the log files and I could see that his digest emails were being dropped with a NDR in the log files of 550.5.7.1 Message rejected as spam by Content Filtering.

I placed a support call as I couldn't think why his emails would be dropped as we use this is a our sole email scanning service, but it was a busy day and I didn't give it as much attention as I should have.

I get a email back from the GFI helpdesk to say, its my server that is dropping the emails, they checked their logs and could see my Exchange 2007 Server making the drop. A quick think and of course Content Filtering is part of Exchange 2007 Anti Spam features and naturally it was switched on!

This feature uses an algorithm to filter emails and it was seeing the digests as spam, probably because the digest contains HTML links to the emails so you can filter them manually. I quick switch off of this filter and my digests are being delivered again, which goes to show you should always have a good think on an issue before you fire off an email to the helpdesk!

Windows Disk Clean Up and SQL Database files

We had an issue today where users could not rollover a client in an application that used SQL Server Express 2005. The errors in the event log were listed as event ID 5118 and had the content.

The file "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\MyDatabase.mdf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.

The problem had been caused by the Disk Clean Up tool being used on this server and the option to compress old files had been used, this resulted in the MDF and LDF files being compressed and this error occurs.

I entered the properties for the files after stopping the SQLEXPRESS Service and then in the Advanced button in the file properties I chose to uncompress the files. Once I had restarted the SQLEXPRESS Service the database was available to use again.

Sunday, 11 July 2010

Acronis - Failed to read sector 63 of hard disk

I have used the Acronis True Image and Backup & Recovery applications to backup customers servers to USB disk, this makes for a quick, cheap and effective backup for the smaller SMB Servers we have.

On occasion we would try to run a disk backup and hit the error "failed to read sector 63 of hard disk xx" where xx is one of the hard disks in the computer.

Now if you Google this error you will find a lot of issues with this error related to Acronis True Image and that in Backup & Recovery this has been fixed in build #11639. Well I have this fault today and I am running build #11639 so I don't think this stands true yet.

I found that when I tried to backup my server with disks C: and D: to USB disk on disk F: this error would be displayed. The event log would show an event ID 1 with the details

Error Code:500
Failed to read from disk
Failed to read from sector 63 of hard disk '1'

The hard disk 1 in this server was a dynamic disk, no RAID just a Ultra 320 SCSI disk. I had checked the disk and I new this was good using CHKDSK.

I looked back in the application event log and noted event ID 12289, this was with the Source VSS. This lead me to think the error may be occuring with the VSS snapshot and the event ID details confirmed this.

Volume Shadow Copy Service error: Unexpected error OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS). hr = 0x80070005.

This error shows that an problem is occurring when Acronis tries to take the Volume Shadow Copy Service snapshot and this then leads to the sector 63 error. A further event ID 1 then displayed this information about the snapshot

Error code: 502
Operation with partition '0-0' was terminated.
Read error.

Error code: 0x70003
Tag: 0x2CBDD167CBCA9516
Failed to read the snapshot.

Error code: 0x10C45A
Tag: 0x14181C22EF45AD6E
Access is denied

If Access is Denied then this could be a permissions issue, I looked at the backup account I was using in Acronis and this was a purpose backup account that was a member of the Backup Operators Group. By default the Backup Operators Group does not have permission to the Volume Shadow Copy Service and therefore cannot read or write the shadow copies and will display the error.

So I added my backup account to the local Administrators Group, this was acceptable in this situation as I controlled the backup account and needed to get a backup completed!

I re ran the job and this time it has ran through successfully with the VSS snapshot taken as expected.

I think the conclusion is that the "sector 63" error can be caused by a multiple of things and no one solution will fit and a methodical approach to trouble shooting is the best plan of action.

Automate a backup with SQL Server 2005 Express

When it comes to backing up a SQL database it is simple to initially setup a SQL Maintenance Plan and schedule this to backup the database and log files and then start to work on a comprehensive strategy.

But the problem comes when you need to do this with a SQL Server 2005 Express database as this version does not come with a SQL Agent so you cannot use a Maintenance Plan.

The solution comes in using a SQL Script file, configure this to backup the databases and then move these files off to a location to be backed up to tape or disk.

The first thing to do is to install the SQL Server Management Studio as this will help you generate the SQL script file, the Management Studio can be downloaded here

Once you have connected to the SQL Server instance, find the database you want to backup and then choose the option to backup the database. Once you have setup the backup choose the option to Script | Script Action to File.

This will allow you to save the backup and a .SQL file which can then be ran as a script later. Save the file to a location for your SQL backup scripts.

Now you have a .SQL file you can open this and Management Studio will open the file and hows the SQL commands, execute the script to test the backup. If this is successful and you have the relevant .BAK files you are ready to automate this process.

Using Windows Scheduled Tasks create a new task to backup the SQL Databases and when asked for the application to use browse to

C:\program files\microsoft sql server\90\tools\binn\SQLCMD.EXE

This application will run the .SQL file as a command line, next save the task with the appropriate schedule for your backups.

Open the task and edit the command line for the task to add the details of which instance to backup and where the .SQL file is located. This is appended to the command as follows


Save the task and manually run the task to confirm it will backup your databases correctly.

Once this part is completed you can now setup the move of the BAK files with the robocopy application.

Robocopy is a great tool to copy and move files, and it is part of the Windows 2003 Resource Kit that can be downloaded from

Robocopy has many options but in my case I wanted to move the files to another location for backup to disk so I used the command

robocopy C:\MySQLBackups \\server\sqlbackup /MOV

The /MOV switch will delete the source files once copied but will NOT delete the source folder, this means we keep the folder referenced in the SQL backup script.

I then used scheduled tasks again to create a new task that executes the robocopy command at 30 minutes after the SQL backup executes.

Now I have a daily SQL backup and the files are moved off to a network share for backup to disk later.

Saturday, 10 July 2010

Application Log with constant Perflib Errors

I had a server that I could not get a verification on the backup because the application log was full of Perflib Event ID 1008 errors. One was being generated about every 5 seconds so the log was full and the backup application, Acronis Backup & Recovery 10.0 could write to the log but I would never see it with my Managed Services application because the application log was being over written constantly.

So to resolve this problem, and this means stopping the error being generated in the log and not stopping the error itself, I downloaded the Windows 2000 Resource Kit tool ExCtrlList.exe from Microsoft. This is all outlined in this KB article

Next I used this application to find the Perflib monitor that was filling my application log, in this case it was ASPNET 2.0 with the Open command, then I deselected the check box to enable the Performance Monitor.

Back to the application event log and the constant event id 1008 has stopped and I can read the event log normally.