Wednesday, October 05, 2005

Exchange Server's Service Control Manager Lockout

I lockout the Service Control Manager of my Exchange 2003 server yesterday!!! Fortunately, it is my test Exchange server and this “forces” me to try out disaster recovery.

I was testing the solutions provided by Microsoft on resolving the issue of remote admin unable to change or add email addresses if the remote admin does not have local administrator right on the Exchange server. This was caused by the security hardening of Windows 2003 SP1. You can more about it at KB905809 and also Jim McBee’s blog. When trying to change the access right of the Service Control Manager by using the sc command, I made a mistake and locked it out. I was unable to access Services snap-in and all services cannot start!!!

After half a day of attempt to recover the access right, I gave up and decided to perform a disaster recovery for my Exchange server. I followed the tutorial from MSExchange.Org for my disaster recovery. My test Exchange server runs in Virtual PC and I had put the databases and logs on their own virtual disks. I reinstalled Windows 2003, applied all patches and hotfixes, reinstalled Exchange 2003 and applied Exchange service pack and hotfixes. I attached the virtual disks for the databases and logs back to the virtual machine and I managed to mount all the stores successfully. However, when I tried to connect to the SRS using Exchange 5.5 Admin Program and LDP.exe, it failed.

Then I remembered the SRS is located in the same drive as the OS. So I restored the SRS databases from my backup but it still does not work and I cannot start the SRS service. I checked on the Application Event Log and I saw some error and warning logs.

Event ID: 1403
Site replication service was unable to obtain legacy account details and cannot continue.

Event ID: 8231
System Attendant Service failed to create session for virtual machine E2K3Server. The error number is 0x80090005.

Event ID: 9318
An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: 18, Windows 2000/MTA error code: 5. Comms error 5, Bind error 0, Remote Server Name E55Server [MAIN BASE 1 500 %10] (14)

Checking on Event ID 1403, bring me to KB278254. I re-entered the Exchange 5.5 service account password on the Exchange 2003 server. With that, I managed to start the SRS service and connect to the SRS. The other two events are related and I don’t see them anymore after resolving Event ID 1403.

I think this is really a good head start for my Exchange 2003 disaster recovery testing and planning. I will definitely try out more disaster recovery scenarios and have them document down.

No comments: