Announcement

Collapse
No announcement yet.

Mail delivery halting.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mail delivery halting.

    Howdy. Tuesday I rebooted my mail server to do some updates and when I brought it back up the Information Store Service didn't automatically start. Not a big deal, I just started it myself. However, Thursday, we found that no one was getting any more emails since some time Wednesday. I restarted the Topology service (which restarted everything) and then all the mail started to flow again. Problem solved! ...except the exact same thing happened again today.

    I got this error every few seconds from 5:56 to 6:28 PM. It started when the server rebooted. I think it ended when I got home and started the Information Store service... It then started again 1-15 at 8:07 AM and went to 8:08. If memory serves, in this time period I had stopped the Info Store and restarted it in an attempt to fix the email clog.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10016
    Date: 1/13/2009
    Time: 5:56:45 PM
    User: NT AUTHORITY\SYSTEM
    Computer: MERCURY
    Description:
    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {9DA0E103-86CE-11D1-8699-00C04FB98036}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-1. This security permission can be modified using the Component Services administrative tool.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    I sporadically get the following errors:
    Event Type: Warning
    Event Source: MSExchange ActiveSync
    Event Category: Requests
    Event ID: 1040
    Date: 1/16/2009
    Time: 2:10:20 AM
    User: N/A
    Computer: MERCURY
    Description:
    The average of the most recent [482] heartbeat intervals used by clients is less than or equal to [540].
    Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and Direct Push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

    For more information about how to configure firewall settings when you use Exchange ActiveSync, see Microsoft Knowledge Base article 905013, "Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology" (http://go.microsoft.com/fwlink/?link...mp;kbid=905013).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Warning
    Event Source: MSExchangeIS
    Event Category: Virus Scanning
    Event ID: 9874
    Date: 1/16/2009
    Time: 1:53:04 AM
    User: N/A
    Computer: MERCURY
    Description:
    Unexpected error 0x8004010f occurred in "EcProcessVirusScanQueueItem" during virus scanning.
    Mailbox Database: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MERCURY/cn=Microsoft Private MDB
    Folder ID: 1-A922358113
    Message ID: 1-A946202456

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    I got these two error messages at exactly the same time 4:07:40 AM this morning, however, I did receive an email at 4:57 AM... On further inspection, these happen every day at about 4AM... I have a feeling it has something to do with my backups. They appear to happen after the backup finishes. Any ideas there?
    Event Type: Error
    Event Source: MSExchangeSA
    Event Category: OAL Generator
    Event ID: 9335
    Date: 1/16/2009
    Time: 4:07:40 AM
    User: N/A
    Computer: MERCURY
    Description:
    OALGen encountered error 80004005 while cleaning the offline address list public folders under /o=KNUTSON/cn=addrlists/cn=oabs/cn=Default Offline Address List. Please make sure the public folder store is mounted and replicas exist of the offline address list folders. No offline address lists have been generated. Please check the event log for more information.
    - Default Offline Address List

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: MSExchangeSA
    Event Category: OAL Generator
    Event ID: 9331
    Date: 1/16/2009
    Time: 4:07:40 AM
    User: N/A
    Computer: MERCURY
    Description:
    OALGen encountered error 80004005 (internal ID 50101ee) accessing the public folder store while generating the offline address list for address list '/'.
    - Default Offline Address List

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    At 8:22 this morning, I got this error, followed by many of the subsequent warning (ninja is my spam filter):
    Event Type: Error
    Event Source: .NET Runtime 2.0 Error Reporting
    Event Category: None
    Event ID: 1000
    Date: 1/16/2009
    Time: 8:22:35 AM
    User: N/A
    Computer: MERCURY
    Description:
    Faulting application ninjapimsvc.exe, version 1.0.0.0, stamp 469fdc77, faulting module ntdll.dll, version 5.2.3790.3959, stamp 45d6cc72, debug? 0, fault address 0x00000000000309d4.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 00 70 00 70 00 6c 00 A.p.p.l.
    0008: 69 00 63 00 61 00 74 00 i.c.a.t.
    0010: 69 00 6f 00 6e 00 20 00 i.o.n. .
    0018: 46 00 61 00 69 00 6c 00 F.a.i.l.
    0020: 75 00 72 00 65 00 20 00 u.r.e. .
    0028: 20 00 6e 00 69 00 6e 00 .n.i.n.
    0030: 6a 00 61 00 70 00 69 00 j.a.p.i.
    0038: 6d 00 73 00 76 00 63 00 m.s.v.c.
    0040: 2e 00 65 00 78 00 65 00 ..e.x.e.
    0048: 20 00 31 00 2e 00 30 00 .1...0.
    0050: 2e 00 30 00 2e 00 30 00 ..0...0.
    0058: 20 00 34 00 36 00 39 00 .4.6.9.
    0060: 66 00 64 00 63 00 37 00 f.d.c.7.
    0068: 37 00 20 00 69 00 6e 00 7. .i.n.
    0070: 20 00 6e 00 74 00 64 00 .n.t.d.
    0078: 6c 00 6c 00 2e 00 64 00 l.l...d.
    0080: 6c 00 6c 00 20 00 35 00 l.l. .5.
    0088: 2e 00 32 00 2e 00 33 00 ..2...3.
    0090: 37 00 39 00 30 00 2e 00 7.9.0...
    0098: 33 00 39 00 35 00 39 00 3.9.5.9.
    00a0: 20 00 34 00 35 00 64 00 .4.5.d.
    00a8: 36 00 63 00 63 00 37 00 6.c.c.7.
    00b0: 32 00 20 00 66 00 44 00 2. .f.D.
    00b8: 65 00 62 00 75 00 67 00 e.b.u.g.
    00c0: 20 00 30 00 20 00 61 00 .0. .a.
    00c8: 74 00 20 00 6f 00 66 00 t. .o.f.
    00d0: 66 00 73 00 65 00 74 00 f.s.e.t.
    00d8: 20 00 30 00 30 00 30 00 .0.0.0.
    00e0: 30 00 30 00 30 00 30 00 0.0.0.0.
    00e8: 30 00 30 00 30 00 30 00 0.0.0.0.
    00f0: 33 00 30 00 39 00 64 00 3.0.9.d.
    00f8: 34 00 0d 00 0a 00 4.....
    Event Type: Warning
    Event Source: MSExchange Extensibility
    Event Category: MExRuntime
    Event ID: 1050
    Date: 1/16/2009
    Time: 8:27:42 AM
    User: N/A
    Computer: MERCURY
    Description:
    The execution time of agent 'Ninja Routing Agent' exceeded 300000 (milliseconds) while handling event 'OnRoutedMessage'. This is an unusual amount of time for an agent to process a single event. However, Transport will continue processing this message.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Any insight would be greatly appreciated.

  • #2
    Re: Mail delivery halting.

    Given that three of the errors are about Ninja or AV software then that would be the first thing I would be looking at as the cause. IE it needs to be removed and the server rebooted.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Mail delivery halting.

      Yea, that's what I was thinking, I just couldn't do that right away so I figured I'd start looking for other suggestions right away.

      I wound up removing the AV totally and upgrading to the latest spam filter.


      Shutting the system down took about 20 minutes as did bringing it back up. When it came back up it said that a service failed to start (info store). I tried remoting into the server, but I couldn't even ping it. When I logged in locally, I also couldn't get online.

      The nic was manually configured (as it always had been). I plugged in the other nic and I could get online and remote into the server, but the server wouldn't send mail, but could receive it. Apparently, the guy before me disabled the second onboard nic (the gigabit one oddly enough... ) before he configured exchange, and set it up to only use DNS info from the nic that is now "not working" (but it still had DNS info manually entered...). I manually entered the DNS settings to use no matter the NIC used and then I could send and receive.

      I know I should have rebooted again, but the server was working and it was late. I didn't want to take the chance it would be another 40 minute reboot.


      On the bright side, I didn't have to restart the topology service at all this weekend, so it looks like I may be ok... as far as the delivery delay at least.

      Comment

      Working...
      X