Re: [IMail Forum] Web Messaging is down this morning

[Darin Cox]

It was at 7:18am ET Darin.     ----- Original Message ----- From: Norman Nolasco To: Imail_Forum@list.ipswitch.com Sent: Friday, September 15, 2006 9:58 AM Subject: RE: [IMail Forum] Web Messaging is down this morning Doesn't look like this ever made it to the forum. From: Norman Nolasco [mailto:[EMAIL PROTECTED] Sent: Friday, September 15, 2006 6:19 AM To: 'Imail_Forum@list.ipswitch.com' Subject: RE: [IMail Forum] Web Messaging is down this morning Thanks to Travis and Eric for their help.   Well, the problem isn't 100% fixed, but at least we're up and running.  I thought I would email the group for the record.  I found a few related issues in the archives, but nothing with a solution.  I'm afraid this won't be of much help either, but it is a record of what I tried.   To answer some questions:   > What operating system are you running?   This particular install is on Windows 2000 Advanced Server.   > Do a search for iwebmsg.ini and see how many you have..   There are two copies of iwebmsg.ini on the server. 1) C:\WINNT - This one is being updated with the new settings and used by IMail. 2) E:\IMail - This one does not appear to be used.  It is not being updated and it doesn't seem to affect the server (although I haven't thoroughly tested this).   The problem: After at least 3-4 years of operation, web messaging on port 80 is no longer responding.  It worked Sept 13, 2006 and stopped working Sept 14, 2006. Everything else works fine - POP3, SMTP, lists, etc... A few pieces of information and what I tried: Windows 2K AS - IMail Version 7.13 - 2002.12.16.17 We have roughly 120 domains on our server. We rarely touch any settings on the email server or our firewall. The only thing (I know of) that has been changed on the server in the last month are the automatic updates from Microsoft (and people sending and receiving email). Port 80 is open on the firewall and we can ping the server from the Internet. Tested everything from PC Anywhere directly on server (ie - no firewall or routers between browser and server). Shut off IMONITOR, reboot server - no change to web messaging. Shut off IWEBCAL and IMONITOR, reboot server - no change. Uninstalled all MS updates for the last week one at a time with reboots between each - no change. IIS 5.0 is running on the server, but all web sites have been shut off (and it has been working since we installed IMail originally in 2002). Tried to shut off socket pooling as in these articles, reboot - no change. http://www.isaserver.org/tutorials/The_Misery_of_IIS_50_Socket_Pooling.html http://support.microsoft.com/kb/238131/ Ran "netstat -an".  The only thing on port 80 is 0.0.0.0:80 listening. Ran CurPorts from here: http://www.nirsoft.net/utils/cports.html Found that the only process listening on 0.0.0.0:80 is iwebmsg.exe using CurPorts. Switched from :80 to :8080 - CurPorts correctly reported iwebmsg.exe switch from :80 to :8080.  Switched back to :80. Tried CodeRed removal tool - no virus detected. Tried W32.NimdaA removal tool - no virus detected. Tried W32.NimdaE removal tool - no virus detected. Ran Norton AV Corp 10 (updated last week) - no virus detected. Tested on :80 - still no response. Switched to :8080 - web messaging works! Switched to :8181 - web messaging works! Switched to :80 - web messaging down Logs - the only thing I see suspect are multiples of these: 20060915 032834 Info - Normal TCP listener exiting    . 20060915 033158 Web Error (00000298) xx.x.xxx.xx<- xx.x.xxx.xx receive error 10060. 20060915 034843 Web Error [E] TCP accept error.  10004 (consecutive_accept_error_count=1 on IWebMsg Normal listen socket 348). 20060915 040500 Socket Error - xxx.xxx.xxx.xxx Error while writing sockect due to error 10053 or malicious connection type. NOTE: xxx - ip address hidden When I switch to a different port other than :80, these errors do not come up.  On 8080 and 8181, I can browse email and perform management functions (view, compose, etc..) with no problems. Uninstalled IIS 5.0 and all IIS components from the server - no effect on port 80 access. When I bring the server up from a reboot, it looks like the first Web Msg access on port 80 works.  However, as soon as you login or refresh the page, it's dead.  It looks like only the first hit goes through.  Any subsequent Web Msg on port 80 returns a server not found. Solution: Finally, we just decided to switch everything to 8080 and open up the firewall to 8080.  It's not ideal, but it gets everyone up and running (web messaging has been down for 24 hours now). I still have no idea why :8080 works and :80 doesn't work.  I'm open to suggestions and we're still considering this an open issue. We've checked for spyware and viruses, but could not find anything.  It doesn't mean it's not there, but if there's something else using port 80, I don't see it with netstat, CurPorts, or NAV. 8080 is not the end of the world for us.  80 is preferable.  To us, the bigger issue is figuring out if this is in any way related to a security breach or a sign that our email server is about to eat it (what happens if 8080 stops working, etc...). Apologies for the HTML email, but I needed the indented bullets.  This email was getting ugly quick.   Thanks, Norm