Exchange 2010 management tools do not start after the installation of .NET hotfix KB 2449742

UPDATE 4/20/2011: We have now identified the problem and have a solution for customers that were impacted by it

Please see the following KB article for the resolution of this problem: 


The content of the original post (please see above for updates!):


We have become aware of a problem that impacts Exchange management tools on servers running Exchange 2010 on Windows Server 2008 SP2.

Note: Windows 2008 R2 SP1 systems do not seem to be impacted. Windows 2008 R2 RTM is impacted.

The symptoms of the problem are:

  • Exchange Management Shell does not start
  • Exchange Management Console does not start
  • There might be a crash in Exchange Mailbox Replication Service (it is not clear yet if this is related)
  • Event Viewer might have trouble opening

The following events could be logged in the Application event log:

  • Event ID: 1023
    Source: .NET Runtime
    Event ID: 1023
    Level: Error
    Description: .NET Runtime version 2.0.50727.5653 - Fatal Execution Engine Error (000007FEF9216D36) (80131506)
  • Event ID: 1000
    Source: Application Error
    Level: Error
    Description: Faulting application PowerShell.exe, version 6.0.6002.18111, time stamp 0x4acfacc6, faulting module mscorwks.dll, version 2.0.50727.5653, time stamp 0x4d54a59c, exception code 0xc0000005, fault offset 0x00000000001d9e19, process id 0x%9, application start time 0x%10.

While we are still investigating this problem, the failures seem to start after the .NET security update KB 2449742 (MS11-028) is installed. The only workaround that we have identified up to now is a removal of this security update.

Warning: We do not recommend that you uninstall any security updates, but we are providing this information so that you can implement this procedure at your own discretion. Use this procedure at your own risk. Removing a security update could may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses.

We will update this blog post with more information as it becomes available.

Nino Bilic

Comments (13)
  1. anony.muos says:

    So no effect on Excange 2007 tools running on w2k8?

  2. kunal says:

    Thanks Nino for updating..we are now trying to hold the updates….:)

  3. susan says:

    In this instance remove the update.  The .net update can only be triggered by browsing (hello we don't browse on a server that's running exchange – or shouldn't) and is of an attack vector that MS doesn't see exploited in the wild.

  4. April says:

    This update killed OWA on my friend's Exchange 2007 installation. Attempts at access create event 64 in the log, and show the following to the user: "Outlook Web Access did not initialize. An event has been logged so that the system administrator can resolve the issue. Please contact technical support for your organization." The update ate his IIS config and created AD replication issues as well. IIS and AD weren't too difficult to fix, but OWA stubbornly refuses to come to life.

    I'll be very interested in hearing more of your findings while I try to help him troubleshoot his issue. I am not sure in his case that removing the update would undo the damage. We'll probably try to remove and recreate the default owa site.

  5. Jeff25 says:

    It also leaves thes bombs in the System Log:

    Source:        Microsoft-Windows-WAS

    Event ID:      5009


     A process serving application pool 'MSExchangeAutodiscoverAppPool' terminated

     unexpectedly. The process id was '8504'. The process exit code was '0x80131506'.


     Source:        Service Control Manager

     Event ID:      7031


     The Microsoft Exchange Mailbox Replication service terminated unexpectedly.  

    It has done this 1 time(s).  The following corrective action will be taken in 5000

    milliseconds: Restart the service.


    Source:        Microsoft-Windows-WAS

    Event ID:      5011


    A process serving application pool 'MSExchangeAutodiscoverAppPool' suffered a

    fatal communication error with the Windows Process Activation Service. The process

    id was '9032'. The data field contains the error number.

  6. Peter O. says:

    I can confirm that this hoses up Exchange 2007 Sp3 machines too.  Has similar behavior to a bad .net patch installer from the last patching period.  I was able to fix that by copying the machine.config from an unpatched system.

  7. Joe says:

    I've run into this on my 2008 SP2 box running Exchange 2010 SP1.

    Looking forward to a fix to the fix :-)

  8. fucifino says:

    On XCH 2010 SP1/WIN 2K8 SP2 besides the symptoms outlined above, KB 2449742 breaks Outlook 2011 (fanboys beware) connectivity.

    Outlook 2011 will not connect until KB 2449742 is removed (and server restarted). We did not have any problems with Outlook 2010.

  9. Nino Bilic says:

    Folks, I just made an update to the blog post with links to fixes that will resolve this situation for you.

  10. Frank T says:

    So if we never installed it, we need to install the -v2 patch from those project/development sites and then install the original MS11-28 patch? I'm confused.

    Will the -v2 eventually be put out for auto updates?

  11. says:

    I've followed the instructions in KB2540222 to determine that we have the 'broken' hotfix, but I can't install the 'fxed' hotfix as it says we have no affected products installed.  For now I have just removed the current patch but that still leaves us with the broken hotfix in place and I'm concerned this will hit us again unless I can fix the root cause.  Any suggestions?

  12. girts says:

    "I've followed the instructions in KB2540222 to determine that we have the 'broken' hotfix, but I can't install the 'fxed' hotfix as it says we have no affected products installed. "

    Same problem.

  13. Bob Jones says:

    Why is the broken version of this hotfix still being distributed by Microsoft?  I sync'd my WSUS server 2 weeks after the fixed version was released and still got the broken version.

Comments are closed.

Skip to main content