My consulting company received a call from a client whose email system was down. Although users could access their Inboxes, they couldn't send or receive any mail. The client was running Microsoft Exchange 2000 Server on Windows 2000. I hoped that a simple reboot would fix the problem, but the email system didn't come back up after I restarted the server.

A quick look at the Event Viewer showed multiple 7031 errors stating that services had terminated unexpectedly. The log showed 7031 errors on the following services: • IIS Admin Service (inetinfo.exe)
• Microsoft Exchange IMAP4 (inetinfo.exe)
• FTP Publishing Service (inetinfo.exe)
• Network News Transport Protocol (NNTP--inetinfo.exe)
• Microsoft Exchange POP3 (inetinfo.exe)
• Microsoft Exchange Routing Engine (inetinfo.exe)
• Simple Mail Transport Protocol (SMTP--inetinfo.exe)
• World Wide Web Publishing Service (inetinfo.exe)

While monitoring the System Event Viewer, I noticed the services would start, then suddenly crash with a 7031 error. These services would continually loop in a start, crash, start, crash cycle. Sometimes the services would run long enough to deliver a small email message, but the system wouldn't deliver any messages containing attachments. A search of the Microsoft Knowledge Base found the article "IIS and Exchange Services Quit Unexpectedly" (http://support.microsoft.com/?kbid=316612). The article describes the behavior of a server infected with the Code Red worm. The company's network had virus protection—Symantec's Norton AntiVirus Corporate Edition (NAVCE) and Norton AntiVirus for Microsoft Exchange (NAVMSE) on the server with the latest virus patterns—but to verify that it was working correctly, I ran a virus scan and the Code Red cleaner on the server. The server wasn't infected with the Code Red worm.

Because the Private and Public mail stores were mounted and users could still access their Inboxes, I suspected a Microsoft IIS problem. You probably noticed that all of the services use the same executable name – inetinfo.exe. The Microsoft article "How to Manually Restore the Metabase When No Proper Backup Exists or When the MMC Does Not Start" (http://support.microsoft.com/?kbid=234429) discusses how to manually restore a corrupt metabase. The file in %systemroot%\system32\inetsrv\metabase.bin contains the IIS configuration. If the file becomes corrupted, it can produce the problems the company was experiencing. You can view any metadata backups by starting the Internet Services Manager (ISM). Right-click the server and select Backup/Restore configuration. A window will display the backups created from the metabase.bin file. By default, metabase.bin backup files are stored in %systemroot%\system32\inetsrv\metabase.bin\metaback. I first backed up the current IIS configuration and tried to restore a metabase backup from February 4, 2004. The problem still existed after I restored the IIS configuration. You should create a backup of metabase.bin whenever you make changes to the IIS configuration. The metabase.bin file is in use when the IIS services are running, so a tape backup typically skips over this file unless it can back up the System State in Win2K. Third-party backup software such as VERITAS Software's VERITAS Backup Exec tries to restore the entire System State, which I didn't want to do in this situation. I found another article, "Exchange Databases Are Not Mounted and Event Logs Contain Error Messages" (http://support.microsoft.com/?kbid=304166), which describes how to reinstall IIS on the Exchange computer. Because the metabase.bin restoration didn't work, reinstalling IIS was the next logical step. However, doing so will destroy your IIS configuration, so make sure to document your IIS settings first, including all the non-Exchange Web site settings, FTP, NNTP, and SMTP settings. To reinstall IIS and Exchange, complete the following steps:
1. Disable all Exchange-related services.
2. Remove IIS by using the Control Panel Add/Remove Programs applet. 3. Restart the server.
4. Reinstall IIS through Add/Remove Programs. Make sure to install the SMTP and NNTP services.
5. If necessary, reinstall the latest Win2K service pack if your i386 files weren't slipstreamed with the latest service pack.
6. Insert the Exchange 2000 CD-ROM and select the reinstall option. 7. Install any Exchange 2000 service packs.
8. Recreate any IIS settings not restored by the IIS and Exchange reinstallation.
9. Reinstall NAVMSE.

After I reinstalled IIS and Exchange, the services stayed up and mail started working again. After reviewing the logs and comparing them with when the server went down, I determined that the metabase corruption might have been caused by a new virus pattern file, although I'm not sure. And I'm not sure that a more recent metabase restore would have fixed the problem, but backing up the metabase is still a good idea whenever you make a change to the IIS configuration.

Tip
Good news! Symantec has fixed the Microsoft Exchange Server 2003 freezing problem in Symantec Mail Security 4.0 for Microsoft Exchange (SMS for Exchange). In last month's column (http://www.winnetmag.com/article/articleid/41738/41738.html), I wrote about a client company that was experiencing freezing problems on a heavily loaded Exchange 2003 server running SMS for Exchange. I have clients who run the 4.0.10.461 version of Symantec Mail Security without any problems on heavily loaded servers. Symantec Platinum customers can download the latest version from Symantec's secure Web site. Symantec Gold customers can call technical support to receive access to a secure site to download the latest version.

End of Article


You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

Extremely pleased to find that someone else had exactly the same issue occur to them with exactly the same setup - and only a few weeks ago! Did the Code Red search - nothing. Backed up the IS & System State. Backed up and then restored the IIS metabase and it brought all the services up other than the Exchange Routing Engine which had terminated "not finding the path specified". Re-installed Exchange and applied latest SP and we were off! Finished by re-installing NAVMSE and applying SP4 to W2K. Small problem on the main server at the Head Office where it showed an Event ID 9297 in the App log that MSExchangeMTA on the Remote server had caused a security violation. Google came up with a solution in a Microsoft chat room - couldn't believe it would work but it did - stopped the Remote server's MTA service and restarting it again. Errors disappeared - even though we must have re-booted that server at least four times! Many thanks for taking the time out to write up the incident. Must have been the same virus.

Simon Hayes- May 07, 2004

I had a similar problem and found it to be mailformed email in the smtp queue. Renaming the vsi 1 folder and restarting exchange and IIS services resolved the problem. (Q304166) I'm wondering if that was tried prior to the IIS re-install.

Stu Bit- June 02, 2004

I have the same problem here. How will I do it in Small Business Server 2000 ?

Sunlie- June 13, 2004

I had this problem and had been working like a mad man to fix it. When i read your article and tested to restore an old IIS backup it all started to work perfectly. So thank you for a great article!!!

Erik Brännlund- June 29, 2004

I had the same issue and it is a post SP4 related. There is a hotfix for the IIS Admin crashing due to malformated messages. http://thinstructor.com/modules.php?op=modload&name=PostWrap&file=index&page=http://support.microsoft.com/?kbid=819019

Velimirmkd- July 01, 2004

We had the same setup and the same issue. Tried to rename the VSI 1 folder and restart the services and although there was a message in the queue we still ended up reinstalling. Thanks for the help.

Jim Johnson- July 08, 2004

Exactly the same problem, though i tried creating the VSi 1 folder first and it worked a treat.

The messages you gave me can be replayed successfully without problems (no crashes, etc.) What I did is described below:

stopped SMTP server service; renamed *.EML so that the extensions wereremoved copied messages to \Program Files\Exchsrvr\Mailroot\vsi 1\PickUp started SMTP server service;

Result: the messages immediately went to the \Program Files\Exchsrvr\Mailroot\vsi 1\BadMail folder

Result: the IIS Admin service did NOT crash

jcorbishley- August 23, 2004

Article Rating 5 out of 5

Had the same issue starting today - was driving me nuts. My thanks for the other comments about checking the Queues. Found one email sitting in the 'Messages awaiting directory lookup'. I deleted it and the problem was resolved.

topry- October 27, 2004

Article Rating 5 out of 5

This morning I uninstalled and reinstalled the IIS SMTP service, without thinking about the reprecussions it would have on the Exchange 2000. Since this my action Exchange has stopped sending or receiving all mail (internal & external). My knowledge of exchange is very limited, can any offer any help.

francoish- October 28, 2004

Article Rating 4 out of 5

 
 

ADS BY GOOGLE