Windows 2003 + Exchange 2007 ActiveSync and iPhones = W3SVC Deadlock Detected

6 Replies

Recently I was at a customer site and noticed quite a few W3SVC errors in both the system and application eventlog. The specific errors were:

In the system eventlog:

Event Type:       Warning

Event Source:     W3SVC

Event Category:  None

Event ID:           1013

Date:                9-3-2011

Time:                6:40:05

User:                 N/A

Computer:         -

Description: A process serving application pool ‘MSExchangeSyncAppPool’ exceeded time limits during shut down. The process id was ’65380′. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

In the same timespan as the above eventlog entry, I found the following in the application eventlog:

Event Type:       Warning

Event Source:     W3SVC-WP

Event Category:  None

Event ID:           2262

Date:                9-3-2011

Time:                8:07:26

User:                 N/A

Computer:         -

Description: ISAPI ‘C:WINDOWSMicrosoft.NETFramework64v2.0.50727aspnet_isapi.dll’ reported itself as unhealthy for the following reason: ‘Deadlock detected’. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

It seemed that the above entries in the eventviewer went hand in hand with the introduction of iPhones as mobile mail clients. After some research, this blog linked me to Technet Article cc778630, which states:

Setting SSLAlwaysNegoClientCert also helps eliminate client certificate renegotiation deadlocks, which may occur when a client is blocked on sending a large request body when a renegotiation request is received.

People that are familiar with SQL (and programming in general) will probably know that deadlocks occur when two ore more actions are each waiting for the other to finish processing, which results in a never-ending loop. The system detects the deadlock and prevents it from happening. Exactly the same thing happens with IIS 6 in Windows server 2003 when the SSLAlwaysNegoClientCert has not been set. The following procedure describes on how to set the SSLAlwaysNegoClientCert property in IIS, which solves the issue and eliminates the W3SVC errors:

  1. First, find the site identifier of the website where the Exchange ActiveSync service resides. This can be done by starting the IIS manager, selecting the servername in the left hand pane. The site identifier will be shown on the right. For more information on finding the site identifier, see Scott Forsyth’s blog.
  2. Open a command prompt and navigate to c:inetpubadminscripts
  3. Execute the following command: ‘cscript adsutil.vbs set w3svc/siteID/SSLAlwaysNegoClientCert True’ , of-course replacing ‘siteID’ with the appropriate ID.

Dominique is an IT enthousiast who currently works as a consultant in the south of the Netherlands. He has a strong focus on Microsoft collaboration products (Microsoft Exchange, Lync) and Cisco Wireless Networking. He blogs about these technologies at www.techdom.nl

  • deep-packet

    Thanks for documenting this issue. One of my clients was having the same problem. Periodically, they would not receive email on their mobil devices. Rebooting Exchange wouold resolve the issue for a while, but the issue would resurface after a few weeks.

    Just wanted to point out that the required “back-” and “forward-slashes” in your procedure are missing. The correct script command should read as:
          cscript adsutil.vbs set w3svc/1/SSLAlwaysNegoClientCert True

    (assumes siteID=1)

    • http://www.techdom.nl Dominique Hermans

      Thanks! Fixed the typo.

  • Markus

    thank you very much

  • http://fookhar.dk Marcus Mattsson

    Thanks a lot for this. However, you should maybe mention that the “IIS Admin Service” service must be restarted before it takes effect.

  • Chris

    I have a client whose server has been experiencing both of these errors, though they are running Server 2007 and Exchange 2007 and (as far as I know) have no iPhones connecting.  This particular server seems to boot up fine but as the day goes on something is screwing up Exchange (speculating these errors), and at some point Exchange just fails and I get calls in the morning from the client that they have no mail sitting in their inbox.  A restart seems to fix the problem but is obviously a horrible long-term plan.

    I’ve been doing a lot of research and your solution seems to be the best bet so far.  Thanks for sharing with us through your blog!  I’ll be posting back on Monday to see if this has solved the problem.

    • http://www.techdom.nl Dominique Hermans

      Hi Chris,

      Glad the article helped you out! Would love to hear the results on Monday.

      Have a nice weekend,
      Dominique