It was at 7:18am ET
Darin.
----- Original Message -----
Sent: Friday, September 15, 2006 9:58 AM
Subject: RE: [IMail Forum] Web Messaging is down this
morning
Doesn't look like this ever made it to the
forum.
Thanks to Travis and Eric for their
help.
Well, the problem isn't 100% fixed, but at least we're
up and running. I thought I would email the group for the record. I
found a few related issues in the archives, but nothing with a solution.
I'm afraid this won't be of much help either, but it is a record of what I
tried.
To
answer some questions:
>
What operating system are
you running?
This
particular install is on Windows 2000 Advanced Server.
> Do a search for iwebmsg.ini and see how
many you have..
There are two copies of iwebmsg.ini on the server.
1)
C:\WINNT - This one is being updated with the new settings and used by
IMail.
2)
E:\IMail - This one does not appear to be used. It is not being updated
and it doesn't seem to affect the server (although I haven't thoroughly tested
this).
The
problem:
- After at least 3-4 years of operation, web messaging on port 80 is
no longer responding. It worked Sept 13, 2006 and stopped working
Sept 14, 2006.
- Everything else works fine - POP3, SMTP, lists,
etc...
A
few pieces of information and what I tried:
- Windows 2K AS - IMail Version 7.13 - 2002.12.16.17
- We
have roughly 120 domains on our server.
- We
rarely touch any settings on the email server or our firewall.
- The
only thing (I know of) that has been changed on the server in the last month
are the automatic updates from Microsoft (and people sending and receiving
email).
- Port 80 is open on the firewall and we can ping the server from the
Internet.
- Tested everything from PC Anywhere directly on server (ie - no firewall
or routers between browser and server).
- Shut off IMONITOR, reboot server - no change to web
messaging.
- Shut off IWEBCAL and IMONITOR, reboot server - no
change.
- Uninstalled all MS updates for the last week one at a time with reboots
between each - no change.
- IIS
5.0 is running on the server, but all web sites have been shut off (and it has
been working since we installed IMail originally in 2002).
- Tried to shut off socket pooling as in these articles, reboot - no
change.
- Ran
"netstat -an". The only thing on port 80 is 0.0.0.0:80
listening.
- Ran
CurPorts from here: http://www.nirsoft.net/utils/cports.html
- Found that the only process listening on 0.0.0.0:80 is iwebmsg.exe
using CurPorts.
- Switched from :80 to :8080 - CurPorts correctly reported iwebmsg.exe
switch from :80 to :8080. Switched back to :80.
- Tried CodeRed removal tool - no virus detected.
- Tried W32.NimdaA removal tool - no virus detected.
- Tried W32.NimdaE removal tool - no virus detected.
- Ran
Norton AV Corp 10 (updated last week) - no virus detected.
- Tested on :80 - still no response.
- Switched to :8080 - web messaging works!
- Switched to :8181 - web messaging
works!
- Switched to :80 - web messaging down
- Logs - the only thing I see suspect are multiples of
these:
- 20060915 032834 Info - Normal TCP listener exiting
.
- 20060915 033158 Web Error (00000298) xx.x.xxx.xx<- xx.x.xxx.xx
receive error 10060.
- 20060915 034843 Web Error [E] TCP accept error. 10004
(consecutive_accept_error_count=1 on IWebMsg Normal listen socket
348).
- 20060915 040500 Socket Error - xxx.xxx.xxx.xxx Error while writing
sockect due to error 10053 or malicious connection type.
- NOTE: xxx - ip address hidden
- When I switch to a different port other than :80, these errors do not
come up. On 8080 and 8181, I can browse email and perform management
functions (view, compose, etc..) with no problems.
- Uninstalled IIS 5.0 and all IIS components from the server - no
effect on port 80 access.
- When I bring the server up from a reboot, it looks like the first Web
Msg access on port 80 works. However, as soon as you login or refresh
the page, it's dead. It looks like only the first hit goes
through. Any subsequent Web Msg on port 80 returns a server not
found.
Solution:
- Finally, we just decided to switch everything to 8080 and open up the
firewall to 8080. It's not ideal, but it gets everyone up and running
(web messaging has been down for 24 hours now).
- I
still have no idea why :8080 works and :80 doesn't work. I'm open to
suggestions and we're still considering this an open issue.
- We've checked for spyware and viruses, but could not find
anything. It doesn't mean it's not there, but if there's something else
using port 80, I don't see it with netstat, CurPorts, or NAV.
- 8080 is not the end of the world for us. 80 is preferable.
To us, the bigger issue is figuring out if this is in any way related to a
security breach or a sign that our email server is about to eat it (what
happens if 8080 stops working, etc...).
Apologies for the HTML email, but I needed the indented bullets.
This email was getting ugly quick.
Thanks,
Norm
|