Exchange not receiving email

Tonyfai
Tonyfai used Ask the Experts™
on
Hi,
My business's inward email has stopped working.

The email server is a Windows SBS 2008 machine, using Exchange 2007.  It was set up in March and email has been running smoothly until Thursday afternoon (it is Friday afternoon here now), when inwards email just stopped.

On Wednesday afternoon I installed Total Defense v 12 including the Exchange Option on the SBS 2008 machine.  This seemed to be running fine, but only a day later Exchange stopped working.

I have tried restarting the server, and this didn't help.  
I tried restarting Microsoft Exchange Transport service, and this is stuck on stopping.

In the Event Log there are a series of Event 1000 application errors:
"Faulting application edgetransport.exe, version 8.1.436.0, time stamp 0x4b9f315d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e855, exception code 0xc0000374, fault offset 0x00000000000acb17, process id 0x30f0, application start time 0x01cd3a33290915bc."

Also some Event 1023 .net runtime errors:
".NET Runtime version 2.0.50727.4223 - Fatal Execution Engine Error (000007FEF93F4DD6) (80131506)"

Two errors Event 10003 MSExchange Transport
"The transport process failed during message processing with the following call stack: System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
   at delete(Void* )
   at CHubTransportAgent.MySubmittedMessageHandler(SubmittedMessageEventSource source, QueuedMessageEventArgs eMsg)
   at Microsoft.Exchange.Data.Transport.Routing.RoutingAgent.Invoke(String eventTopic, Object source, Object e)
   at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.Dispatcher.Invoke(MExSession session)
   at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExSession.AsyncInvoke(Object state)
   at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExSession.BeginInvoke(String topic, Object source, Object e, AsyncCallback callback, Object callbackState)
   at Microsoft.Exchange.Transport.Categorizer.MExEvents.RaiseEvent(MExSession mexSession, String eventTopic, AsyncCallback callback, Object state, Object[] contexts)
   at Microsoft.Exchange.Transport.Categorizer.MExEvents.RaiseOnSubmittedMessage(TaskContext context, AsyncCallback callback, MailItem mailItem)
   at Microsoft.Exchange.Transport.Categorizer.CategorizerComponent.Stage1OnSubmitted(TransportMailItem transportMailItem, TaskContext taskContext)
   at Microsoft.Exchange.Transport.Categorizer.TaskContext.Invoke()
   at Microsoft.Exchange.Transport.Categorizer.CatScheduler.JobThreadEntry(Object ignored)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPoolWaitCallback tpWaitCallBack)
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state)"

What should I do next??
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kini pradeepDevelopment Manager
Commented:
if you disable Total Defense does it work ?
you could use the sysinternals process explorer to check whether its Total defense that is causing this exception.
You can uninstall the T defense and then check or exclude the EX-server folder and its related paths in T-defense

Commented:
You can Disable your Antivirus from Server and all 3rd party products from Msconfig
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Have installed process explorer, how can I use it to see whether total defense is causing the exception?

I have disabled the total defense real time scanner and Exchange option real time scanner, however this doesn't seem to have re-established email.

If I telnet to the computer from externally on port 25, there is no response.

Commented:
are you able to send mail or just not receiving emails

Author

Commented:
Bawer:I had already excluded the exchange folder from total defense.

Ash007:It seems that outwards emails are shown by Microsoft outlook on clients as sent, but they do not arrive.

Author

Commented:
Actually Microsoft Exchange Transport service was restarted, it just took a long time.

Author

Commented:
Sysinternals Process Explorer shows EdgeTransport.exe as being suspended, with dw20.exe below it sucking at about 25% of CPU.

Ah I have found that I had mis-typed the exchange folder address in the exclusions in Total Defense, and that the standard exclusions didnt include the .que extension.  Am trying to restart with that extension.  hopefully the damage is not permanent!.  Reviewing the list of identified viruses (all of which were in the Forefront quarantine directory), there doesn't seem to have been any activity in the Exchange folder.  I removed Forefront as its trial licence was expiring.
So it means the issue is solved now ? as i do not see any clear message. In case no just check the edgetransport.exe, if it is not hit by the AV software.
Kini pradeepDevelopment Manager

Commented:
DW20 is for the app error reporting. If the edgetransport is stuck, is it possible for you to restart the server after adding the exceptions for scanning the extensions.

Author

Commented:
Bawer: the issue is not solved; EdgeTransport is still suspended.

kprad: this is after restarting the server after adding exceptions for c:\Program Files\Microsoft\Exchange Server\\, and for .edb, .jrs and.chk files, such as those in the c:\Program Files\Microsoft\Exchange Server\TransportRoles\Data\Queue folder.  This seems relevant maybe as if I start the Queue Viewer tool in Exchange Management Console, the tool starts, but after a long wait gives an error, this time that mms stopped working.

But maybe we're on the wrong track?  Disabling the realtime scanner in Total Defense and restarting the server didn't help.
Kini pradeepDevelopment Manager

Commented:
what is the Roll-up and service pack level on Exchange 2007.
Is the AV uninstalled or is it still running with the exceptions ?
It would be definitely worth a try to remove any third party services / applications on the SBS, especially AV  Mail Journaling software etc.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
what exchange service pack is installed, are you running SP3?

Author

Commented:
kprad and works2011: in Exchange Management Console->server configuration->my server->properties->general tab it shows the version as Version 8.1 (Build 240.6), with no other version information, which I gather means I have no service packs installed.

OS is SBS 2008 which incorporates Windows Server FE, which is Service Pack 2.

I have used msconfig to disable all 3rd party services and all startup items (mostly related to Total Defense), but the problem persists, with EdgeTransport.exe showing as suspended within seconds of the Microsoft Exchange Transport service being restarted.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
You need to install the latest service pack, my research shows this error showed up with SP1 and SP3 is available.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
Download link for Exchange SP3, click here

Author

Commented:
Works2001: It's getting late, and I'm working remote, so I'll go into work tomorrow and try that out.  I'll let you know how it goes.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
recommendation: if you're not doing this until tomorrow fire off a full exchange backup, it's nice to have one close to the point you do the SP3 install.

Author

Commented:
There's a nightly backup using the built-in SBS2008 backup, but how would you recommend doing a specific exchange backup; ntbackup is not supplied/may not even run on SBS2008.  I would prefer to have a discrete exchange backup independent of the nightly.  I suppose I could stop all exchange services then copy c:\program files\microsoft\exchange server\*.* to an external, but not sure about active directory/system state.

I've never had to do an exchange restore from the SBS 2008 backups.
Commented:
Have contacted CA technical support to see if they have any solutions prior to upgrading to SP3 for exchange 2007.  They tried similar tests to what I did then recommended setting the following process exclusions:
Store.exe,dsamain.exe, isinteg.exe, eseutil.exe, mtacheck.exe, perfwiz.exe, inetinfo.exe, srsmain.exe and mad.exe.

Establishing these exclusions in the relevant policy on the total defense server machine, and waiting for the policy to propagate to the exchange machine, fixed the problem.

Strangely, it appears it was the antivirus, even though disabling all non-microsoft processes, and all startup items through msconfig and restarting the server didn't let exchange work.

Author

Commented:
kprad, your suggestion of using sysinternals process viewer was really useful to identify when exchangeTransport.exe was suspended, as this didn't show up in services.

Bawer, It was probably a good suggestion to uninstall Total Defense, but it had taken some time to install and update, and I was reluctant to go that way in the first instance.  In the event it was unnecessary.

Disabling Total Defense strangely didn't confirm that the problem was an antivirus problem, and I still don't understand that.  Maybe maybe it wasn't???

Upgrading Exchange 2007 to sp3 was irrelevant to the issue, although I will do it anyway now that I'm here all on my own and have the server to myself.

I'll have to give main credit though to the support folk at CA Technical Support.

Author

Commented:
The problem recurred.  Solution was to uninstall total defense from the server machine (using add/remove programs) then to clean up the registry under ca direction, had to fix a broken link which stopped exchange transport from working, then reboot, install the latest release of total defense and update it.   What a pain on a server!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial