Link to home
Start Free TrialLog in
Avatar of 12vltmn
12vltmnFlag for United States of America

asked on

World Wide Web Publishing Service problem on multiple servers

First issue: On my Exchange Server 2003 running on Win2003 SP2, the WWW Publishing service shuts down and does not restart.  I've noticed some issues with the IIS Admin service in the logs but that service is always running when I check it. It uses the "iisreset" to restart. But the WWWPS, even though I have it set to restart automatically if it shuts down, does not. This kills our Outlook Web Access.  I can then start the service and all is fine.

Issue #2: On another Win2003 SP2 server, we are running Autodesk Vault.  For the past three days, each day I get reports saying that users can not get into Vault and their Civil 3D is not responding due to that.  I haver restarted the server each time to resolve the issue.  When I try to open the Management Console, I can't get in, so I restart.  Today, I tried restarting the WWWPS on that machine, and shazaam...once it restarted, Vault was working again.  What the hell is going on with my WWWPS??

Both of these issues are affecting productivity.  And I can not figure out who the culprit is and how to resolve.  thanks
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

If IISADMIN stops then services that are dependant on it, such as WWW, FTP etc will also stop. Therefore I suspect that is the source of the problem.
This comes up occasionally, if you search this site for IISADMIN stopping you will find many posts on the topic. The usual cause is third party tools, often AV or similar. You need to look through the event logs for errors around IISADMIN.

Simon.
Avatar of 12vltmn

ASKER

Thanks, Sembee. I have looked and can't find anything (at least not in the first 20 pages or so and I ran out of time) that matches my situation specifically.  BUT, I wanted to ask you about one of your solutions/posts.  You basically say that Symantec is the culprit to problems with IIS.  I do have Symantec Information Foundation Mail Security for Exchange installed.  In fact, we didn't have this problem until Symantec was installed.  I am going to call them and see if they can give me a solution to this problem.  I noticed that you have mentioned you don't do anything with Symantec except uninstall it.  I actually got a chuckle out of that one.  :)  That being said, what is your first choice for corporate/enterprise anti-virus/anti-spam?  I would be willing to make a switch when my subscription comes due if I had a viable alternative.  Checkpoint has an endpoint solution that looks interesting but I don't know where that would leave us with servers, especially the Exchange server.
ASKER CERTIFIED SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 12vltmn

ASKER

Yes, I totally understand that it is the first rule of IT.  But, I have already uninstalled it once and reinstalled with an updated version.  The problem remains.  To remove it for good would mean no AV on my Exchange server, which is not a good thing.  At least, not until I replace it with another solution and I have seven months left on my Symantec subscription that I can't just "burn".  Thanks!
Did you remove it and then test the server without it installed to confirm it was the cause of the problem?

There is a school of thought not to have any AV on the servers. I don't use AV on any of mine at home. If you don't browse from the servers and the servers are used for Exchange etc only then AV is almost redundant - particularly if you have the same AV on the workstations. The only time AV on the servers would be worthwhile is when you are using something different for dual layer of support.

There is also a good chance that Symantec has simply screwed up IIS or the metabase.

As for seven months of Symantec, I have burned 11 months in the past and still saved the client money. I can get two years from an alternative provider for less than 12 months of Symantec's "product".

Simon.
Avatar of 12vltmn

ASKER

No, I did not test it before reinstalling.  I was having some other issues with Mail Security at the time, specifically the program would crash, then restart.  I thought this was the main reason the WWWPS was shutting down.  By removing it and then reinstalling with the current version, the .exe crashing was resolved but obviously the issue with IIS remained.

But, don't you worry about a virus getting loose on Exchange and wreaking havoc on the information store?  Or is that not possible without first opening the virus-containing email?  I'm fairly new to Exchange (Novell GroupWise was my forte in the past...no worries there about viruses on the server) so perhaps I am totally wrong on this thinking.  I went for about a year without AV on the newly installed Exchange server without problems but then got nervous about it and requested the upgrade from Corporate Edition to Enterprise so we could get the Mail Security.  The Mail Security has captured some viruses in accounts already, the latest being Trojan.Pandex.  We also run Symantec on each and every networked computer.

The AVG does look promising and I see they have server components as well (if necessary).  :)
Avatar of 12vltmn

ASKER

Simon:

One thing I found is our database was over 50 MB and in the registry there was a 50 MB max set.  We are running Exchange 2003 SP2 Standard so I increased the max value in the registry to 75 MB.  Over the past few days Exchange has shutting down and was not sending any mail.  This happened twice in the past four days.  I believe the database was the culprit.  I have read a few posts regarding this issue and I noticed a response from your saying that doing the offline defrag probably wasn't worth the trouble.  Do you still feel that way?  How much do you think I could recover by doing the offline defrag?  So, I'm not sure at this point if the large DB had anything to do with the IIS problems or not.  I'll see what happens over the next few days.  My retention looks ok with 7 days for deleted messages and I just changed deleted mailboxes from 30 days to 14.

kevin
I haven't changed my mind - offline defrag in many cases is not worth the downtime and I don't think would be the cause of this problem. If you look for event ID 1221 you will see how much space you would get back, if that is not at least 50% of the current store then it isn't worth the down time.

If you were hitting the limit that you had configured in the registry then that would stop email, but it wouldn't cause anything to do with IIS. That is something else.

Simon.
Avatar of 12vltmn

ASKER

I agree, especially since our MTA shut down again this morning.  I had to restart the server to get email flowing again.  I, as you do, suspect that it is still Symantec Mail Security causing a problem.  This afternoon I will call Symantec support to see if they can solve this problem (ahem) and if they can't I may be forced to uninstall Symantec.  In one of my previous posts I asked your expert opinion on having no AV on our Exchange server.  Can you please answer that question?  It was Re: the possibility of a virus getting loose in the information store before the email was opened on the workstation.  I would feel much better removing Symantec if you feel our IS is safe.  thanks

kevin
Almost all modern viruses and worms need something to execute them - a user clicking on an attachment. Therefore an attachment that is infected in the store is harmless.

It is perfectly possible to run without any AV on the Exchange server itself, that is what I do at home. A gateway SMTP scanning product would stop anything and allow the store to operate without the additional burden of AV. What I am finding now is that AV software at the Exchange level isn't being used to block viruses but to stop users form sending "inappropriate" email messages. A good antispam application will stop most virus infected messages as well, as most spam and viruses are using the same techniques, just with different payloads.

Simon.
Avatar of 12vltmn

ASKER

Yes, that is also a reason I am reluctant to remove the Mail Security.  It has escelated our spam control significantly.  It is easy to use in setting up blacklists and content filtering.  I know that I can set up a blacklist directly in Exchange, but the content filtering has been huge in stopping Viagra and sexually based spam that does get through the IMF and blacklist.  We only have a back end Exchange server, no front end.  I am not familiar with gateway SMTP scanning products (can you elaborate on this?).  If I remove the Symantec, what do you suggest as a "good antispam application"?

kevin
Most of the major antispam and antivirus vendors have a gateway version. They are products designed to protect non-Exchange servers.

For antispam, the main product I use is Vamsoft ORF. I only use greylisting feature of it. I don't use blacklisting or anything like that as I prefer to decide what email I receive. IMF then soaks up the few that get past.
Another product I have used in the past is GFI Mail Security, which also works well and has multiple engines - none of which are Symantec. Therefore if you have Symantec on your desktops you have dual layer of protection.

As for an SMTP gateway, that would ideally be a separate machine. http://www.amset.info/exchange/gateway.asp
If you do go for something that runs on a second machine then ensure that you use a product that can do recipient filtering. Dropping email to non-existent users will allow you to drop a large amount of messages. One client of mine drops over 10,000 messages a day to non-existent users.

In short, when it comes to antispam the usual thing I suggest is avoid the AV vendors' solutions. I find most of the AV vendors do not make great antispam applications. Most people get stuck with them though because they come as part of a suite.

Simon.
Avatar of 12vltmn

ASKER

Sembee,

I just wanted to let you know how this turned out so far.  I disabled the Symantec Mail Security for about 10 days and had no problems at all with email flow or IIS shutting down.  According to Symantec, they first saw these inetinfo problems in version 6.0 and supposedly they were dealt with in version 6.0.1 but obviously I was still having issues.  At their recommendation I uninstalled version 6.0.4 and installed version 5.0.9 which was the last release of version 5 before they released version 6 that was compatible with MS Server 2008.  I did this on Monday evening and so far we have had no problems with IIS or W3svc shutting down and email has been flowing fine in both directions.

thanks,
kevin