Sniffing Out XP SP2 Problems

On the road again, this time at TechMentor/San Jose, Bill takes time out to contemplate a solution to this admin's XP SP2 problem.

Dear Readers: I'm writing this week from MCP Magazine's TechMentor Conference in beautiful San Jose, CA. I'm busy collecting questions from attendees and I'll be answering them in future columns.

Meanwhile, I recently I got a note from Gray S. about a problem he had with XP SP2:

Bill, I normally manage my Exchange 2003 servers from on my WinXP computer. Everything was working fine until I recently installed Windows XP SP2. Now, the Exchange Message Tracking Center no longer works. I tried un/reinstalling all of the Windows and Exchange Admin Tools to no avail.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Answer: I wasn't able to replicate Gray's problem, so here's what I recommended to him. I wanted him to load a packet sniffer on the XP desktop, then examine the traffic generated when he attempts to open the Message Tracking interface.

I normally use Ethereal for this type of work. It can be downloaded from Ethereal requires a packet driver called WinPCap, which can be downloaded from (Hint: Use the 3.1 beta 3 version.)

I'd also like to hear from anyone who has had the same, or a similar, problem.

Until next week...

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

comments powered by Disqus

Reader Comments:

Sat, Oct 2, 2004 Anonymous Anonymous

I, as well as others, came here for some assistance and are belittled because we don't have all the answers. I guess this is not the place to look for help. I think the anonymous user should look for something positive in their life.

Sat, Oct 2, 2004 Anonymous Anonymous

You Mickey Mouse (MCP) losers really get me.

Thu, Sep 30, 2004 Vi NY

I can't connect to Citrix MetaFrame since installing XP SP2.

Tue, Sep 28, 2004 Anonymous Anonymous

I personally prefer Dameware for remote admin work. Works very well. Can the user define his statment better? "Now, the Exchange Message Tracking Center no longer works." IE: Error message, log info? XP2 seems to be working great for me so far. Ethereal is a great product, I have been using it for some time.

Tue, Sep 28, 2004 mailpete405 Anonymous

After installing XP SP2 you may notice Event ID 861 quickly filling up your XP security logs if you have enabled failure auditing for "audit process tracking". This occurs when the Windows firewall-ICS service is running, EVEN IF the firewall is "turned off". More info available at Apparently, even having the firewall service "off" doesn't keep it from interfering with other functions. I'd try actually stopping the firewall service, changing it to 'disable' temporarily, and rebooting to see if it is source of your problem. Play with sniffer later.

Tue, Sep 28, 2004 TomG New Hampshire

Oh, great - use a sniffer. That's an answer? Assuming that everyone knows what to look for - and then what to do about it? Listen, I installed XP SP2 and in every case, it crashes the machine on reboot and is unrecoverable! Absolute trash from MS (again). Better advice is to avoid SP2. Best advice is to ditch MS products.

Tue, Sep 28, 2004 Dwayne Wesson, MS

You can also set the firewall to log discards and use that to figure out what needs configured on the firewall to fix a problem.

Tue, Sep 28, 2004 Anonymous Anonymous

i found the packet sniffer an excellent tool

Tue, Sep 28, 2004 Anonymous Anonymous

I am having a similar problem to this, but mine is limited to systems that were upgraded from Win2000 to XPSP2. I get an access denied error when I try to open up evant viewer via remote administration.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.