Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Understanding and catching silent exits of the Exchange Information Store in Exchange 2000 Server and in Exchange Server 2003

Understanding and catching silent exits of the Exchange Information Store in Exchange 2000 Server and in Exchange Server 2003

View products that this article applies to.

Symptoms

The Microsoft Exchange Information Store self-terminates in Microsoft Exchange 2000 Server or in Microsoft Exchange Server 2003. This is known as a "silent exit."

↑ Back to the top

More information

This article defines what is and is not a "silent exit" and describes the facilities and processes that you can use to diagnose a potential occurrence of the problem.

Self-termination of the Microsoft Exchange Information Store is different from an abnormal ending of the process such as occurs with an access violation (crash). In an abnormal situation, something unexpected has occurred inside the process. One example of an unexpected situation is the miscalculation of a memory address and the subsequent attempt to write to a memory location that is considered read-only. When an unexpected event occurs, the Just in Time Debugger (JIT) is invoked to capture the situation either in a debugger for immediate evaluation or in a log file for post mortem analysis. By default, Dr. Watson is the JIT debugger for Windows and generates an entry in the Dr. Watson Log file. If it is configured to do so, Dr. Watson also generates a user .dmp file for postmortem analysis by Microsoft.

By contrast, in a silent exit, code that is running inside the Microsoft Exchange Information Store is explicitly or implicitly calling for the process to quit. When a silent exit occurs, the JIT debugger is never invoked because the process itself asked to be terminated. For example, two Win32 Application Programming Interface (API) functions that perform this action are TerminateProcess and ExitProcess.

For more information about these functions, visit the following Microsoft Web sites:
ExitProcess:
http://msdn2.microsoft.com/en-us/library/ms682658.aspx
TerminateProcess:
http://msdn2.microsoft.com/en-us/library/ms686714.aspx
Any code that is running inside a process, such as a third-party DLL, can call the two functions mentioned above and cause the entire process to be terminated without notification. When the information store quits in this way, it is extremely difficult to determine what is responsible for causing the termination and under what conditions the process exited.

For the Microsoft Exchange 2000 Information Store, the following new code and registry key was added to give the store the ability to intercept calls to the TerminateProcess and ExitProcess functions and to allow additional information to be captured when these functions are called from anywhere in the process, including from third-party DLLs.
SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Name: Intercept Exit Functions
Type: REG_DWORD
Value: <see the following list>

The following values are acceptable for this setting:
  • 0 Do nothing (same behavior as without the registry key present).
  • 1 Log an event before exiting.
  • 2 Log an event, and create a log file with a full call stack and information about loaded modules (this option requires the correct symbols to be available on the system at the time it fails). The log file name is Storeterm.log, and it is written to the same folder as Store.exe. For example, it is written to Exchsrvr\Bin.
  • 3 Log an event, and cause a debug break for immediate debugging (if a debugger is already attached to process).
  • 4 Log an event, and cause a crash to start the JIT debugger.
For the Microsoft Exchange 2003 Information Store, an event is written to the event log by default. This event indicates that the Information Store has terminated. Additionally, it indicates which process caused the termination. There is no
SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
registry key, but you can add it to control the level of data and debugging activity. Microsoft Product Support Services (PSS) may require that you change this value to enable them to troubleshoot a problem more.

Unfortunately, there are still cases when an information store silent exit can occur, such as a stack overflow. To diagnose these situations you must attach a debugger to the store process. However, there are cases where it may appear that the information store has experienced a silent exit, when actually the process was terminated by the following means:
  1. During Cluster service failover the Information Store did not shutdown in the resource timeout allotted and had to be forcefully terminated to force the cluster failover.
  2. User intervention required a forceful exit of the information store process, such as running Kill.exe.
When the application log is configured to log an event, the following event is logged in the application log:

Event Type: Information
Event Source: MSExchangeIS
Event Category: General
Event ID: 9643
Description: Process termination function %1 was called by a function in module %2; some parameters and their values were %3. A significant section of the call stack is in the data section. %n%n
For more information, click http://search.support.microsoft.com/search/?adv=1.

↑ Back to the top

Resolution

Exchange 2000

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. Component: Information Store

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date         Time   Version      Size    File name
   --------------------------------------------------
   31-Oct-2002  01:04  6.0.6354.0      3,915,776  Cdoex.dll
   31-Oct-2002  01:04  6.0.6354.0      3,567,616  Excdo.dll
   31-Oct-2002  00:43  6.0.6354.0        258,048  Exmime.dll
   31-Oct-2002  00:50  6.0.6354.0      1,691,648  Exoledb.dll      
   30-Oct-2002  23:38  6.0.6354.0      2,256,896  Mdbmsg.dll
   30-Oct-2002  23:23  6.0.6354.0         32,768  Mdbrole.dll
   31-Oct-2002  00:42  6.0.6354.0      4,587,520  Store.exe
Note Because of file dependencies, this update requires Microsoft Exchange 2000 Server Service Pack 3 (SP3). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301378 How to obtain the latest Exchange 2000 Server service pack

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

Keywords: KB329629, kbfix, kbexchange2000presp4fix, kbbug, kbqfe, kbqfe, kbhotfixserver, kbautohotfix

↑ Back to the top

Article Info
Article ID : 329629
Revision : 11
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 309