After you install an update rollup for Microsoft Exchange Server 2007, the Exchange 2007 managed code services may not start. Additionally, the following events are logged in the System log:
Event Type: Error Event Source: Service Control Manager Event ID: 7000 Description: The Microsoft Exchange EdgeSync service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Event Type: Error Event Source: Service Control Manager Event ID: 7000 Description: The Microsoft Exchange Transport Log Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Event Type: Error Event Source: Service Control Manager Event ID: 7009 Description: Timeout (30000 milliseconds) waiting for the Microsoft Exchange Transport Log Search service to connect.
The following events are logged in the Application log:
Event Type: Error Event Source: MSExchange Common Event Category: General Event ID: 4999 Description: Watson report about to be sent to dw20.exe for process id: 1448, with parameters: E12, c-RTL-AMD64, 08.00.0733.000, MSExchangeTransport, unknown, unknown, S.ServiceProcess.TimeoutException, 0, 08.00.0733.000
This problem occurs because of the following behavior:
When the Microsoft .NET Framework 2.0 loads a managed assembly, the managed assembly calls the CryptoAPI function to verify the Authenticode signature on the assembly files to generate publisher evidence for the managed assembly.
The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at http://crl.microsoft.com. This action requires an Internet connection.
If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. This problem may also occur if the computer cannot resolve http://crl.microsoft.com. This long delay causes the CRL check to time out.
The Service Control Manager (SCM) determines that the service is taking too long to start and that the service has exceeded the maximum service start time. Therefore, the SCM reports the error message, and the Exchange managed code services are not started.
To resolve this problem, you have the following options:
Exchange server does not have to have a connection to the Internet. It just needs to have routers that do not send packets into a black hole. The CRL check is timing out because it never receives a response. If a router were to send a “no route to host” ICMP packet or similar error instead of just dropping the packets, the CRL check would fail right away, and the service would start. You can add an entry to crl.microsoft.com in the hosts file or on the DNS server and send the packets to a legitimate location on the network, such as 127.0.0.1, which will reject the connection. To do this, use a text editor to open the Windows\system32\drivers\etc\host file, and then add the following entry:
Use a switch in the configuration files that are associated with the Exchange services. This switch works in the common language runtime (CLR) 2.0 SP1 environment that is included with the .NET Framework version 3.5.
If you are using the .NET Framework 2.0, follow the steps in the “Install a software update” section. Then, continue to the “Create configuration files” section. If you already have the CLR 2.0 SP1 environment installed, go to the “Create configuration files” section.
Install a software update
If you are using the .NET Framework 2.0, install one of the following software updates:
Software update 936707 with CRL build 2.0.50727.876 For more information, click the following article number to view the article in the Microsoft Knowledge Base:
936707 FIX: A .NET Framework 2.0 managed application that has an Authenticode signature takes longer than usual to start
Software update 942027 with CRL build 2.0.50727.926 For more information, click the following article number to view the article in the Microsoft Knowledge Base:
942027 FIX: You may notice that the memory load is very high when you run an application that is built on the .NET Framework 2.0
A different software update that has a later CRL build. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
945757 Problems that are fixed in the .NET Framework 2.0 Service Pack 1
To download the .NET Framework 3.5, visit the following Microsoft Web site:
Important You must save a copy of your existing configuration files to a safe location. If there is an error in a configuration file, the applicable service cannot start.
You must create configuration files for all Exchange Server 2007 managed code services.
How to create a new configuration file
If you already have a configuration file, go to the “How to change an existing configuration file” section. To create a new application configuration file that contains the switch that is introduced in CLR 2.0 SP1, follow these steps:
Create a file, and then name it ApplicationName.exe.config.
Note Replace <Other entries> in this example with the original lines.
You may have to update the configuration files for the following services or programs:
Note Disabling the generation of publisher evidence does not loosen security. The assembly is treated the same as if it had an invalid Authenticode signature. Any permissions that would be granted based on a validated Authenticode signature are no longer granted with this configuration switch. This behavior is acceptable because Exchange Server 2007 does not have to have publisher evidence. Standard CAS policy does not rely on the PublisherMembershipCondition class. Therefore, unless the application runs on a computer that has custom CAS policy modifications or unless the application is intended to satisfy demands for the PublisherIdentityPermission class, you can safely disable the generation of publisher evidence for Exchange 2007 managed code services.
If a service does not start after you modify or create the configuration files, there is typically an XML syntax error or an incorrect value. In both cases, you receive an error message from the Exchange 2007 Edge Transport Service that resembles the following:
Event Type: ErrorEvent Source: MSExchangeTransportEvent Category: Process Event ID: 14004Date: DateTime: TimeUser: N/AComputer: Computer_NameDescription:The worker process has failed to load application configuration file: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: The 'generatePublisherEvidence' start tag on line 4 does not match the end tag of 'runtime'. Line 5, position 6. (C:\Program Files\Microsoft\Exchange Server\Bin\edgetransport.exe.config line 5) ---> System.Xml.XmlException: The 'generatePublisherEvidence' start tag on line 4 does not match the end tag of 'runtime'. Line 5, position 6. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ThrowTagMismatch(NodeData startTag) at System.Xml.XmlTextReaderImpl.ParseEndElement() at System.Xml.XmlTextReaderImpl.ParseElementContent() at System.Xml.XmlTextReaderImpl.Skip() at System.Configuration.XmlUtil.StrictSkipToNextElement(ExceptionAction action) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(XmlUtil xmlUtil, String parentConfigKey, Boolean inLocation, String locationSubPath, OverrideModeSetting overrideMode, Boolean skipInChildApps) at System.Configuration.BaseConfigurationRecord.ScanSections(XmlUtil xmlUtil) at System.Configuration.BaseConfigurationRecord.InitConfigFromFile() --- End of inner exception stack trace --- at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal) at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors) at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey) --- End of inner exception stack trace --- at System.Configuration.ConfigurationManager.GetSection(String sectionName) at System.Configuration.ConfigurationManager.get_AppSettings() at Microsoft.Exchange.Transport.TransportAppConfig.GetConfigBool(String label, Boolean defaultValue) at Microsoft.Exchange.Transport.TransportAppConfig.ResourceManagerConfig.Load() at Microsoft.Exchange.Transport.TransportAppConfig.Load() at Microsoft.Exchange.Transport.Main.Program.Run(String args) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.Microsoft is researching this problem and will post more information in this article when the information becomes available.
Exchange 2007 Managed Code Services do not startup after installing RU5