Last week was a pretty hectic week. Started off well, then I got a call around 9:15 PM on Monday evening from a colleague saying that he noticed some mails still in his outbox. After relaxing for a few minutes (dude...I'd just got home) I connected to the server. I noticed everthing was extremely sloooooow. Every window I opened up took forever to launch. So I decided to check the "Task Manager" processes. I noticed the GFIScanM.exe was racing away at 100% CPU cycle. I then tried to check the mail queue but the server was so unresponsive...I decided to reboot.
After the server was rebooted the same thing was hapenning. I then head down to the office. I killed the process, in order to get the Exchange System Manager to open. I noticed nothing in my queue. In the mean time this annoying (at the time) GFIScanM.exe process keeps automatically restarting. I tried stopping all GFI services...same thing. There were no errors in the event log. Since GFI support ends at 5PM, which to me is absolutely ridiculous, I had to start battling this alone.
None of the following worked
- Downloaded new version of GFIMailSecurity and installed on the server.
- Multiple Restarts
- Removed and replaced the GFI entries on the Windows DEP Exception list. read more about that here.
- Digging GFI KB (nothing at the time)
- Checking if debug mode was enabled
- Dismount my store and re-mount, which didn't make any sense but it was now 2AM and soon employees will start looking for mails.
- I even run a backup on the store and checked my SAN for any errors, nothing.
- I then rolled out a brand new spanking server, configured it as a Mail Relay (some of you call it smart host) for this Exchange box and installed GFIMailSecurity then migrated my settings, re-configured routers...the whole 9 yards...and guess what...same crap! The GFIScanM.exe was doing 100% even on this brand new server.
I went home at 5AM got some zzzz and got on the phone with GFI support. At around 1PM, as per the GFI support tech, I uninstalled GFIMailSecurity, deleted all the folders in the "C:\Program Files\GFI" directory. I was reluctant at first as I didn't want to loose my settings, anyway I bit the bullet and did. After a brand new installation everything was normal. It turned out to be something corrupted in my settings.
I learned 2 things during this ordeal
- Don't put all your eggs in one basket in the first place. If I had a relay server in the first place, the Mail Store could've been online and my users could've at least use outlook and I could've swapped a temporary AV.
- A reminder of how important email is becoming in today's business arena.
Good luck!