Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool queries the CIM_Datafile Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the Version key for Ese.dll, the Exchange Database Storage Engine, also known as the Extensible Storage Engine (ESE).
The Exchange Server Analyzer also queries the Active Directory® directory service to determine the value of the serialNumber attribute for all objects with an object class of msExchExchangeServer. If the string value includes "Version 5.5," the computer is running Microsoft Exchange Server 5.5. If the string value includes "Version 6.0," the computer is running Microsoft Exchange 2000 Server. If the string value includes "Version 6.5," the computer is running Microsoft Exchange Server 2003.
If the Exchange Server Analyzer finds the value for Version does not contain a substring of 6 as part of its version information, but the value for serialNumber indicates that Exchange 2000 Server or Exchange Server 2003 is installed, a warning is displayed. This warning indicates that a non-Microsoft version of Ese.dll is installed and being used on this Exchange Server computer. You should correct this problem as soon as possible.
One possible cause of this is the use of ESE-based antivirus software. Some ESE-based antivirus programs use an unsupported interface between the Exchange information store and the ESE. When you use this kind of software, you run the risk of database damage and data loss if there are errors in the implementation of the software.
During installation, the ESE-based scanner changes the Microsoft Exchange Information Store service so that it depends on the ESE-based antivirus program's service. This makes sure that the ESE-based antivirus program's service starts before the Microsoft Exchange Information Store service starts. When the ESE-based antivirus program starts, the version of Ese.dll included with Exchange Server is temporarily renamed as Xese.dll, and the ESE-based antivirus program's version of Ese.dll replaces the original file. After the ESE-based antivirus program's version of Ese.dll is loaded, the version included with Exchange Server is renamed back to Ese.dll, and the Microsoft Exchange Information Store service completes the startup process.
It is strongly recommended that you do not use non-Microsoft implementations of the ESE on Exchange Server computers. Customers who contact Microsoft Product Support Services may be asked to disable the ESE-based antivirus program to help identify issues, but customers are free to enable the software again after the root cause of the issue is correctly diagnosed.
The most widely used ESE-based antivirus program is Antigen for Microsoft Exchange from Sybari Software. Microsoft and Sybari agree that disabling Sybari Antigen is a valid troubleshooting step to determine the cause of issues. To contact Sybari Software, visit the Sybari Software Web site ( http://www.sybari.com).
|The third-party Web site information is provided to help you find the technical information you need. The URLs are subject to change without notice.|
It is also recommended that you use antivirus programs that support the Virus Scanning Application Programming Interface (VSAPI), also known as the Antivirus API (AVAPI).
To correct this warning
Perform a full backup of the Exchange Server computer.
Uninstall Exchange Server from the computer.
Reinstall Exchange Server on the computer.
Apply the latest service pack and updates for Exchange Server.
For more information about running antivirus software on Exchange Server, see the following Microsoft Knowledge Base articles:
- 823166, "Overview of Exchange Server 2003 and antivirus
- 328841, "XADM: Exchange and Antivirus Software" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=328841)