Microsoft KB Archive/944752

= Exchange 2007 managed code services do not start after you install an update rollup for Exchange 2007 =

Article ID: 944752

Article Last Modified on 11/26/2007

-

APPLIES TO


 * Microsoft Exchange Server 2007 Standard Edition
 * Microsoft Exchange Server 2007 Enterprise Edition

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista



SYMPTOMS
After you install an update rollup for Microsoft Exchange Server 2007, the Exchange 2007 managed code services may not start. Additionally, the following events are logged in the System log: Event Type: Error

Event Source: Service Control Manager

Event ID: 7000

Description: The Microsoft Exchange EdgeSync service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Event Type: Information

Event Source: Microsoft Exchange Server

Event ID: 5001

Description: Bucket 77004151, bucket table 5, EventType e12, P1 c-rtl-amd64, P2 08.00.0733.000, P3 msexchangetransport, P4 unknown, P5 unknown, P6 s.serviceprocess.timeoutexception, P7 0, P8 08.00.0733.000, P9 NIL, P10 NIL.

Event Type: Error

Event Source: Service Control Manager

Event ID: 7000

Description: The Microsoft Exchange Transport Log Search service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Event Type: Error

Event Source: Service Control Manager

Event ID: 7009

Description: Timeout (30000 milliseconds) waiting for the Microsoft Exchange Transport Log Search service to connect.

The following events are logged in the Application log: Event Type: Error

Event Source: MSExchange Common

Event Category: General

Event ID: 4999

Description:

Watson report about to be sent to dw20.exe for process id: 1448, with parameters: E12, c-RTL-AMD64, 08.00.0733.000, MSExchangeTransport, unknown, unknown, S.ServiceProcess.TimeoutException, 0, 08.00.0733.000

Event Type: Error

Event Source: Microsoft Exchange Server

Event ID: 5000

Description:

EventType e12, P1 c-rtl-amd64, P2 08.00.0733.000, P3 msexchangetransport, P4 unknown, P5 unknown, P6 s.serviceprocess.timeoutexception, P7 0, P8 08.00.0733.000, P9 NIL, P10 NIL.

Note Depending on the Exchange 2007 server role, the events may display time-outs for other Exchange Server services.



CAUSE
This problem occurs because the affected computer cannot reach the following Microsoft Web site:

http://crl.microsoft.com

This problem occurs because of the following behavior:
 * When the Microsoft .NET Framework 2.0 loads a managed assembly, the managed assembly calls the CryptoAPI function to verify the Authenticode signature on the assembly files to generate publisher evidence for the managed assembly.
 * The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at http://crl.microsoft.com. This action requires an Internet connection.
 * If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. This problem may also occur if the computer cannot resolve http://crl.microsoft.com. This long delay causes the CRL check to time out.
 * The Service Control Manager (SCM) determines that the service is taking too long to start and that the service has exceeded the maximum service start time. Therefore, the SCM reports the error message, and the Exchange managed code services are not started.

Note The maximum service start time is defined by the following registry subkey:



RESOLUTION
To resolve this problem, verify that the computer can reach the following Microsoft Web site to download the CRL:

http://crl.microsoft.com

If your organization uses a proxy server for HTTP and for HTTPS, you must configure the proxy server so that HTTP-enabled CRL validation works. Additionally, make sure that the proxy settings are configured correctly for the Exchange Server services to access the Internet.

The simplest way to configure WinHTTP is to use ProxyCfg.exe. ProxyCfg.exe is a command-line tool that is included in the %System32% directory on all Windows Server 2003-based computers. You can use ProxyCfg.exe to set WinHTTP configurations and to view WinHTTP configurations. For more information about how to use the Proxycfg.exe tool to modify WinHTTP proxy settings, click the following article number to view the article in the Microsoft Knowledge Base:

936707 FIX: A .NET Framework 2.0 managed application that has an Authenticode signature takes longer than usual to start

Note Microsoft Knowledge Base article 841641 describes how to configure a specific proxy setting if you are running services as a noninteractive account. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

841641 IIS returns a &quot;403.13 Client Certificate Revoked&quot; error message after you install MS04-011 because of Wininet proxy settings



WORKAROUND
To work around this problem, use one of the following methods.

Method 1: Configure the firewall
Configure the firewall to return a failure status to the application quickly if the firewall blocks access to http://crl.microsoft.com.

Note For more information, see the firewall documentation or contact the manufacturer of the firewall provider.

Method 2: Configure the URL retrieval time-out values
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Configure the URL retrieval time-out values that are used by CryptoAPI to a lower value. CryptoAPI provides the following settings to control the time-out values for authority information access (AIA). AIA is a certificate extension that contains information that is useful for verifying the trust status of a certificate. The CRL is part of the AIA extension.

URL retrieval time-out value
The URL retrieval time-out value defines the default URL time-out period for AIA retrievals and for nonaccumulative CRL retrievals. This setting was introduced in security update 835732.

This registry key is also exposed as a Group Policy UI item on the Default URL Retrieval Timeout policy property page. The UI item has a list to control the units in seconds. The default value is 15 seconds. Although the UI item allows a maximum value of 1000 seconds, the registry key and policy processing allow a maximum value of 65536 seconds.

Aggregate URL retrieval time-out value
The Aggregate URL retrieval time-out value defines the default revocation accumulative URL time-out period. The first revocation URL retrieval uses half of this time-out value. This setting was introduced in security update 835732.

This registry key is also exposed as a Group Policy UI item on the Default Accumulative URL Retrieval Timeout policy property page. The UI item has a list to control the units in seconds. The default value is 20 seconds. Although the UI will allow a maximum value of 1000 seconds, the registry key and policy processing allow a maximum value of 65536 seconds.

Method 3: Configure the Service Control Manager (SCM) time-out value
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Increase the default time-out value for the SCM in the registry. To do this, follow these steps:  Start Registry Editor. Change the value data for the ServicesPipeTimeout DWORD value to 60000 in the  subkey. To do this, follow these steps:  Click the following registry key:

 Click the   registry subkey. Right-click the  DWORD value, and then click Modify. Click Decimal.</li> Type 60000, and then click OK.</li></ol> </li> If the ServicesPipeTimeout value is not available, add the new DWORD value, and then set its value data to 60000 in the  registry subkey. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click the following registry key:

</li> Click the   registry subkey.</li> On the Edit menu, point to New, and then click DWORD Value.</li> Type ServicesPipeTimeout, and then press ENTER.</li> Right-click the ServicesPipeTimeout DWORD value, and then click Modify.</li> Click Decimal.</li> Type 60000, and then click OK.

Note The value 60000 milliseconds equals 60 seconds.</li></ol> </li></ol>

This change does not take effect until you restart the computer. After you increase the ServicesPipeTimeout value in the registry, the SCM waits for the services to use the whole ServicesPipeTimeout value before the System log reports that the service did not start.

If the services require several minutes to start, a value of 60 seconds may be insufficient. Therefore, increase the ServicesPipeTimeout value to give the services sufficient time to start.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Additional query words: Exchange 2007 Managed Code Services do not startup after installing RU5

Keywords: kbtshoot kbexpertiseinter KB944752

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.