Tonyfai
asked on
Exchange not receiving email
Hi,
My business's inward email has stopped working.
The email server is a Windows SBS 2008 machine, using Exchange 2007. It was set up in March and email has been running smoothly until Thursday afternoon (it is Friday afternoon here now), when inwards email just stopped.
On Wednesday afternoon I installed Total Defense v 12 including the Exchange Option on the SBS 2008 machine. This seemed to be running fine, but only a day later Exchange stopped working.
I have tried restarting the server, and this didn't help.
I tried restarting Microsoft Exchange Transport service, and this is stuck on stopping.
In the Event Log there are a series of Event 1000 application errors:
"Faulting application edgetransport.exe, version 8.1.436.0, time stamp 0x4b9f315d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e855, exception code 0xc0000374, fault offset 0x00000000000acb17, process id 0x30f0, application start time 0x01cd3a33290915bc."
Also some Event 1023 .net runtime errors:
".NET Runtime version 2.0.50727.4223 - Fatal Execution Engine Error (000007FEF93F4DD6) (80131506)"
Two errors Event 10003 MSExchange Transport
"The transport process failed during message processing with the following call stack: System.AccessViolationExce ption: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
at delete(Void* )
at CHubTransportAgent.MySubmi ttedMessag eHandler(S ubmittedMe ssageEvent Source source, QueuedMessageEventArgs eMsg)
at Microsoft.Exchange.Data.Tr ansport.Ro uting.Rout ingAgent.I nvoke(Stri ng eventTopic, Object source, Object e)
at Microsoft.Exchange.Data.Tr ansport.In ternal.MEx Runtime.Di spatcher.I nvoke(MExS ession session)
at Microsoft.Exchange.Data.Tr ansport.In ternal.MEx Runtime.ME xSession.A syncInvoke (Object state)
at Microsoft.Exchange.Data.Tr ansport.In ternal.MEx Runtime.ME xSession.B eginInvoke (String topic, Object source, Object e, AsyncCallback callback, Object callbackState)
at Microsoft.Exchange.Transpo rt.Categor izer.MExEv ents.Raise Event(MExS ession mexSession, String eventTopic, AsyncCallback callback, Object state, Object[] contexts)
at Microsoft.Exchange.Transpo rt.Categor izer.MExEv ents.Raise OnSubmitte dMessage(T askContext context, AsyncCallback callback, MailItem mailItem)
at Microsoft.Exchange.Transpo rt.Categor izer.Categ orizerComp onent.Stag e1OnSubmit ted(Transp ortMailIte m transportMailItem, TaskContext taskContext)
at Microsoft.Exchange.Transpo rt.Categor izer.TaskC ontext.Inv oke()
at Microsoft.Exchange.Transpo rt.Categor izer.CatSc heduler.Jo bThreadEnt ry(Object ignored)
at System.Threading.Execution Context.Ru n(Executio nContext executionContext, ContextCallback callback, Object state)
at System.Threading._ThreadPo olWaitCall back.Perfo rmWaitCall backIntern al(_Thread PoolWaitCa llback tpWaitCallBack)
at System.Threading._ThreadPo olWaitCall back.Perfo rmWaitCall back(Objec t state)"
What should I do next??
My business's inward email has stopped working.
The email server is a Windows SBS 2008 machine, using Exchange 2007. It was set up in March and email has been running smoothly until Thursday afternoon (it is Friday afternoon here now), when inwards email just stopped.
On Wednesday afternoon I installed Total Defense v 12 including the Exchange Option on the SBS 2008 machine. This seemed to be running fine, but only a day later Exchange stopped working.
I have tried restarting the server, and this didn't help.
I tried restarting Microsoft Exchange Transport service, and this is stuck on stopping.
In the Event Log there are a series of Event 1000 application errors:
"Faulting application edgetransport.exe, version 8.1.436.0, time stamp 0x4b9f315d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e855, exception code 0xc0000374, fault offset 0x00000000000acb17, process id 0x30f0, application start time 0x01cd3a33290915bc."
Also some Event 1023 .net runtime errors:
".NET Runtime version 2.0.50727.4223 - Fatal Execution Engine Error (000007FEF93F4DD6) (80131506)"
Two errors Event 10003 MSExchange Transport
"The transport process failed during message processing with the following call stack: System.AccessViolationExce
at delete(Void* )
at CHubTransportAgent.MySubmi
at Microsoft.Exchange.Data.Tr
at Microsoft.Exchange.Data.Tr
at Microsoft.Exchange.Data.Tr
at Microsoft.Exchange.Data.Tr
at Microsoft.Exchange.Transpo
at Microsoft.Exchange.Transpo
at Microsoft.Exchange.Transpo
at Microsoft.Exchange.Transpo
at Microsoft.Exchange.Transpo
at System.Threading.Execution
at System.Threading._ThreadPo
at System.Threading._ThreadPo
What should I do next??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can Disable your Antivirus from Server and all 3rd party products from Msconfig
ASKER
Have installed process explorer, how can I use it to see whether total defense is causing the exception?
I have disabled the total defense real time scanner and Exchange option real time scanner, however this doesn't seem to have re-established email.
If I telnet to the computer from externally on port 25, there is no response.
I have disabled the total defense real time scanner and Exchange option real time scanner, however this doesn't seem to have re-established email.
If I telnet to the computer from externally on port 25, there is no response.
are you able to send mail or just not receiving emails
ASKER
Bawer:I had already excluded the exchange folder from total defense.
Ash007:It seems that outwards emails are shown by Microsoft outlook on clients as sent, but they do not arrive.
Ash007:It seems that outwards emails are shown by Microsoft outlook on clients as sent, but they do not arrive.
ASKER
Actually Microsoft Exchange Transport service was restarted, it just took a long time.
ASKER
Sysinternals Process Explorer shows EdgeTransport.exe as being suspended, with dw20.exe below it sucking at about 25% of CPU.
Ah I have found that I had mis-typed the exchange folder address in the exclusions in Total Defense, and that the standard exclusions didnt include the .que extension. Am trying to restart with that extension. hopefully the damage is not permanent!. Reviewing the list of identified viruses (all of which were in the Forefront quarantine directory), there doesn't seem to have been any activity in the Exchange folder. I removed Forefront as its trial licence was expiring.
Ah I have found that I had mis-typed the exchange folder address in the exclusions in Total Defense, and that the standard exclusions didnt include the .que extension. Am trying to restart with that extension. hopefully the damage is not permanent!. Reviewing the list of identified viruses (all of which were in the Forefront quarantine directory), there doesn't seem to have been any activity in the Exchange folder. I removed Forefront as its trial licence was expiring.
So it means the issue is solved now ? as i do not see any clear message. In case no just check the edgetransport.exe, if it is not hit by the AV software.
DW20 is for the app error reporting. If the edgetransport is stuck, is it possible for you to restart the server after adding the exceptions for scanning the extensions.
ASKER
Bawer: the issue is not solved; EdgeTransport is still suspended.
kprad: this is after restarting the server after adding exceptions for c:\Program Files\Microsoft\Exchange Server\\, and for .edb, .jrs and.chk files, such as those in the c:\Program Files\Microsoft\Exchange Server\TransportRoles\Data \Queue folder. This seems relevant maybe as if I start the Queue Viewer tool in Exchange Management Console, the tool starts, but after a long wait gives an error, this time that mms stopped working.
But maybe we're on the wrong track? Disabling the realtime scanner in Total Defense and restarting the server didn't help.
kprad: this is after restarting the server after adding exceptions for c:\Program Files\Microsoft\Exchange Server\\, and for .edb, .jrs and.chk files, such as those in the c:\Program Files\Microsoft\Exchange Server\TransportRoles\Data
But maybe we're on the wrong track? Disabling the realtime scanner in Total Defense and restarting the server didn't help.
what is the Roll-up and service pack level on Exchange 2007.
Is the AV uninstalled or is it still running with the exceptions ?
It would be definitely worth a try to remove any third party services / applications on the SBS, especially AV Mail Journaling software etc.
Is the AV uninstalled or is it still running with the exceptions ?
It would be definitely worth a try to remove any third party services / applications on the SBS, especially AV Mail Journaling software etc.
what exchange service pack is installed, are you running SP3?
ASKER
kprad and works2011: in Exchange Management Console->server configuration->my server->properties->genera l tab it shows the version as Version 8.1 (Build 240.6), with no other version information, which I gather means I have no service packs installed.
OS is SBS 2008 which incorporates Windows Server FE, which is Service Pack 2.
I have used msconfig to disable all 3rd party services and all startup items (mostly related to Total Defense), but the problem persists, with EdgeTransport.exe showing as suspended within seconds of the Microsoft Exchange Transport service being restarted.
OS is SBS 2008 which incorporates Windows Server FE, which is Service Pack 2.
I have used msconfig to disable all 3rd party services and all startup items (mostly related to Total Defense), but the problem persists, with EdgeTransport.exe showing as suspended within seconds of the Microsoft Exchange Transport service being restarted.
You need to install the latest service pack, my research shows this error showed up with SP1 and SP3 is available.
Download link for Exchange SP3, click here
ASKER
Works2001: It's getting late, and I'm working remote, so I'll go into work tomorrow and try that out. I'll let you know how it goes.
recommendation: if you're not doing this until tomorrow fire off a full exchange backup, it's nice to have one close to the point you do the SP3 install.
ASKER
There's a nightly backup using the built-in SBS2008 backup, but how would you recommend doing a specific exchange backup; ntbackup is not supplied/may not even run on SBS2008. I would prefer to have a discrete exchange backup independent of the nightly. I suppose I could stop all exchange services then copy c:\program files\microsoft\exchange server\*.* to an external, but not sure about active directory/system state.
I've never had to do an exchange restore from the SBS 2008 backups.
I've never had to do an exchange restore from the SBS 2008 backups.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
kprad, your suggestion of using sysinternals process viewer was really useful to identify when exchangeTransport.exe was suspended, as this didn't show up in services.
Bawer, It was probably a good suggestion to uninstall Total Defense, but it had taken some time to install and update, and I was reluctant to go that way in the first instance. In the event it was unnecessary.
Disabling Total Defense strangely didn't confirm that the problem was an antivirus problem, and I still don't understand that. Maybe maybe it wasn't???
Upgrading Exchange 2007 to sp3 was irrelevant to the issue, although I will do it anyway now that I'm here all on my own and have the server to myself.
I'll have to give main credit though to the support folk at CA Technical Support.
Bawer, It was probably a good suggestion to uninstall Total Defense, but it had taken some time to install and update, and I was reluctant to go that way in the first instance. In the event it was unnecessary.
Disabling Total Defense strangely didn't confirm that the problem was an antivirus problem, and I still don't understand that. Maybe maybe it wasn't???
Upgrading Exchange 2007 to sp3 was irrelevant to the issue, although I will do it anyway now that I'm here all on my own and have the server to myself.
I'll have to give main credit though to the support folk at CA Technical Support.
ASKER
The problem recurred. Solution was to uninstall total defense from the server machine (using add/remove programs) then to clean up the registry under ca direction, had to fix a broken link which stopped exchange transport from working, then reboot, install the latest release of total defense and update it. What a pain on a server!