?
Solved

SMTP Service Terminates Unexpectedly - causes WWW, Exch Routing Engine to crash

Posted on 2004-09-10
8
Medium Priority
?
552 Views
Last Modified: 2012-08-14
With no prior events in the event log and no recent changes to the server we have suddenly encountered an unreliable SMTP server. Event ID: 7034, 7031 Service Terminated Unexpectedly.
We have successfully restarted the services and the system will run well for some 5 or 6 hours then will quit again. Once it quits, it quits repeatedly for some length of time and then begins to work again. We have isolated the problem to the Exchange Server 2003 (running on Windows 2003 Server).
We had suspected some kind of DOS attack. The server is behind a PIX501 and Nessus scans are negative for vulnerabilities. sc query yields:  1067 (0x42b)

Any assistance gladly accepted. thx
0
Comment
Question by:ataylor1953
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
8 Comments
 
LVL 6

Accepted Solution

by:
chumplet earned 1000 total points
ID: 12031861
Ahhh... you may be experiencing a similar issue that we've recently run into.  We're also running Win2k3 with Exchange 2003, though we've seen most of our crashes in "inetinfo.exe" to start, then cascading to other services.  Yuck, yuck, yuck.  We are also running OWA (webmail) which is where it usually rears its ugly head first.  We also have dozens and dozens of those 7034 and 7031 Event IDs in our logs.

Anyhow, I've received a hotfix from Microsoft that I'm happy to give you a link to *BUT* please be aware that it may or may not fit your particular issue.  Tread lightly, I guess I'd say.  The hotfix is in reference to article Q827214, though it's not yet listed in their knowledge base.  You will need to reboot your Exchange Server after applying this hotfix (highly recommended to STOP all
Exchange services *before* the reboot).

You can grab the hotfix at...
http://67.105.130.90/temp/Exchange2003_Windows2003_Q827214_hotfix.zip

I hope that helps you out!

Chumplet
0
 
LVL 12

Assisted Solution

by:BNettles73
BNettles73 earned 1000 total points
ID: 12031925

Are you running SP1 ... Have you installed the IMF on it recently?

I'd turn up logging on MSExchangeTransport (SMTP) and MSExchangeMU (Metabase Update - IIS) to see if you can get a more clear picture of what is occurring. If you have metabase corruption it would cause SMTP to stop or hang.

Is your AV software scanning IIS or Exchange directories? This could also cause the issue.

Where is email actually queuing up? Have you checked the state of the queue in Queue Viewer on the E2K3 box?

Is this a mailbox server or do you use it primarily for mail transfer?

Do you run separate software to scan exchange and the OS?

I'd be very weary of installing any hotfixes until you are absolutely sure it is needed. I'd also make sure you get a solid backup of the server before making any modifications.

Brian
0
 
LVL 6

Expert Comment

by:chumplet
ID: 12047925
Just an FYI.... we've not had a *single* process crash since installing this hotfix.  All appears to be back to normal.

Here's hoping... :)

Chumplet
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 12049077
Did you install Service Pack 1? The hotfix and a few transport related fixes was included in SP1 from what I understand ...
0
 

Author Comment

by:ataylor1953
ID: 12050114
Thank you BNettles73 and chumplet for your inciteful feedback!

I did install SP1 on Exchange. All other OS security patches are also installed.

Here is the good news, I solved the problem of the Exchange services shutting down. What follows is a long winded recounting of my misadventures.

Having read your responses and having looked again at the server, I decided to start my troubleshooting from the beginning.
Ultimately, I solved the problem with the aid of my teenage kids, who know nothing about computers. If you want to find out what the kids did last night, ask the question in several ways. Subtle differences in their answers will lead you to the truth.

 I had my servicing technician on the phone, and asked him about ANY changes made to the server recently. Not much feedback. This guy is no kid and has lots of experience. "Well did you fix anything on the server during your last visit?" Not much feedback, just maintenance stuff. "Did you apply any patches on your last visit?" Nope, was the answer.
 Finally, I asked the right question, "Did you do anything to the server, or anything physically attached to the server?" Yes, he did. He worked on the APC UPS. Oh, and yes he did remember that he installed a Java "upgrade" to get the APC UPS software to work. In the imortal words of Homer Simpson, "D'uh Oh!" Since the uninstallation of this Java "upgrade"  we have had no shutdowns. I felt like a nitwit. But alas, it is sometimes not the "IF you asked the question" that gets you there. It is the "HOW you asked the question" that makes communication work.

Again, many thanks.

-ataylor53
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question