Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Issues with Antigen

Answered Issues with Antigen

  • Wednesday, January 16, 2013 6:17 PM
     
     
    Sign In to Vote
    0

    Hi, I had Antigen 9.0 installed on my two Exchange 2003 Bridgehead servers. These servers also have the mailboxes hosted on it. Yesterday all of a sudden server performance dropped and it almost stopped responding. Emails started piling up in "Message awaiting directory lookup" and "Message pending submission". I disabled the Antigen service on one server which resolved the issue on that server. System performance was normal and mail-flow was good. 

    I re-enabled the Antigen again I started facing the same issue. Now I have disabled the Antigen and everything is OK on this server.

    Once I did all this I started facing the same issue on another server.  Server performance degraded and emails started piling up on it. I tried to disable the Antigen on this server also but received some error  so I have to uninstall the Antigen from it. It resolved the issue.

    Please let me know what to do to avoid the issue.

     I am using Antigen 9 and Exchange 2003 SP2.

    Below are the events I am seeing on those servers

    Event Type: Error
    Event Source: AntigenSmtpSink
    Event Category: Scan Error 
    Event ID: 5015
    Date: 1/15/2013
    Time: 7:36:42 AM
    User: N/A
    Computer: servername1
    Description:
    Internet scan exceeded the allotted scan time limit while processing message ( Revisionsarbeiten  DUE 560).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    ==========

    Event Type: Error
    Event Source: AntigenSmtpSink
    Event Category: (4)
    Event ID: 4007
    Date: 1/15/2013
    Time: 1:15:32 PM
    User: N/A
    Computer: servername2
    Description:
    The description for Event ID ( 4007 ) in Source ( AntigenSmtpSink ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Internal error 3-6, method returned 0x80070422.


     

All Replies

  • Friday, January 18, 2013 7:54 AM
     
     Answered
    Sign In to Vote
    0

    Hi,

    this could be due to a corrupted scan engine. Check the program.log inside the installation directory of Antigen for more details.

    Greetings

    Christian

    Christian Groebner MVP Forefront

     
  • Sunday, January 20, 2013 7:09 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    Firstly, you may install the latest rollup: http://support.microsoft.com/kb/2508121/en-us, and then increase the scan timeout and see if it helps: http://support.microsoft.com/kb/927397/en-us. If you have installed any antivirus software, please exclude Exchange and Antigen directories as per this article: http://support.microsoft.com/kb/943620/en-us

    Regards,

    Nick Gu - MSFT

     
  • Monday, January 21, 2013 8:40 AM
     
     
    Sign In to Vote
    0

    Hi,

    We got exactly the same problem same antigen version on cluster, problem happen exactly same date same day with very big impact on our organisation.

    What we have seen is that the norman engine was donwgraded since via engine update system ... So to my POV the error come from this engine with no particular communication !

    So the question is, today and since the downgrade of norman can we enalbe back antigen and the norman engine ? can we just enable other engine and disable norman ?