Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1000 Source: MicrosoftExchangeServer

Level
Description
Faulting application <application>, version <version>, stamp <stamp>, faulting module <dll>, version <version>, stamp <stamp>, debug? 0, fault address <address>.
Comments
 
I was receiving the following error:
Faulting application contentfilter.dll, version 6.5.7638.1, stamp 430e739c, faulting module unknown, version 0.0.0.0

The suggestion, in a previous post, of renaming the psapi.dll file in the \exchsvr\bin directory solved the problem.
- Application: inetinfo.exe - See ME949599 for a hotfix applicable to Microsoft Exchange Server 2003.
- Application: store.exe - See ME935468, ME943193 and ME944254 for hotfixes applicable to Microsoft Exchange Server 2003.
From a newsgroup post: "If indexing is enabled try the following fixes.

Step 1:
- Click Start -> Run, type services.msc and click OK.
- Stop the Microsoft Search service.
- Click Start ->Run, type "regsvr32 /u offfilt.dll" (without the quotation marks) and click OK.
- Click Start -> Run, type "regsvr32 offfilt.dll" (without the quotation marks) and click OK.
- Start the Microsoft Search service.

Please check if the issue persists, if yes, go to step 2.

Step 2:
This issue can also appear if the version of offfilt.dll is too old. Please refer to ME915800 to obtain a hotfix for this file".
From a newsgroup post: "The problem may be caused by IE 7 and there are two ways to resolve this. Either uninstall it, reboot the server and try again, or, if you would like to keep IE 7, please rename the "C:\Program Files\exchsrvr\bin\psapi.dll" file. There is a known issue with the version of psapi.dll that ships with Internet Explorer 7 and the one that ships with Exchange 2003. The current workaround is to rename the psapi.dll file in the exchsrvr\bin directory so that ESM will use the newer version in the "C:\Windows\system32" directory and work correctly".
The user got this when accessing contextual help in ESM. This is the case of Exchange 2003 SP2 with IE7 installed. At this time, the solution is to uninstall IE7. See “Exchange Server 2003 SP2 and Internet Explorer 7 compatibility problems” for more information about this problem.


- Application: store.exe - See ME872963 for a hotfix applicable to Microsoft Exchange Server 2003.
- Application: mad.exe - See ME831187 for a hotfix applicable to Microsoft Exchange Server 2003.

This problem can also appear if you are running Sunbelt Software iHateSpam Server Edition. See the link to "Sunbelt Software Support Answer ID 1197" for further details.
- Application: contentfilter.dll (Internet Message Filter) - I do not have a definite solution, but maybe downloading hotfix KB883106 (see the link to “Filter Update for Exchange Intelligent Message Filter”) and installing it might do the trick.
Most likely cause of this problem is a stack overflow vulnerability in SMTPSvc if a MX lookup hits a DNS Zone with more than 100 MX records. The problem most likely occurs as a Denial of Service attack (DOS), whereby a hacker that has discovered this vulnerability creates a DNS zone with more than 100 MX records then “spams” the server. If Exchange is setup to perform a reverse lookup on the message, it makes an inquiry to the zone with more than 100 MX records and then crashes. A less likely cause is a corrupt message in one of the mail transfer queues.
To fix this problem do the following:
1. Apply Microsoft Exchange Server 2003 Service Pack 1.
2. Apply IIS Stack Overflow Vulnerability Patch ME827214.
3. Shut down Exchange and IIS. Rename the “...\mailroot\vsi 1” directory, create a new one and restart the services. This will eliminate any spam, or corrupt messages from the queues.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...