Exchange Event 1023 IMAP4SVC Error

One of the services we offer to our clients is remote server monitoring. A few days ago my Inbox was flooded with alerts from our monitoring server. The alerts reported the following error:
Source: IMAP4SVC
Category: Content Engine
Event ID: 1023
User (If Applicable): N/A
Computer: EX2k3Svr
Event Description: Error 0x800cce44 occurred while rendering message 0001-000001e2f3d8 for download for user GFI@acme.com.

This client has an Exchange Server 2003 server running with SP2. This error message was occurring approximately every 30 seconds. I went to Google and searched for the error message but didn't find anything. I did see a few posts from Exchange admins who were having similar problems, but no one responded to their posts. I did find some references that this problem can be caused by improperly configured antivirus software. This particular Exchange 2003 server is running Norton AntiVirus Corporate Edition and Symantec Mail Security. If you’re running both of these antivirus products, makes sure to exclude the Exchange data files from scanning by adding the appropriate exclusions in the Norton AntiVirus configuration. For more information on configuring these exclusions, refer to http://entsupport.symantec.com/docs/n2005040513412648. I double-checked the Norton AntiVirus configuration and the program was already configured to exclude the proper folders. I checked the Application Event log and tried to correlate this error with the application of any patch or service pack, but no patch or service pack was applied around the time that this error appeared in the Application Event log.

The mailbox gfi@acme.com is used to archive email messages using GFI MailArchiver for Exchange. This package archives every message that hits an Exchange database. In Exchange 2003, you can designate an archive mailbox where every message that enters the Exchange Database Store is also copied to this archive mailbox. GFI MailArchiver then moves any messages from the archive mailbox (in this case gfi@acme.com) to a Microsoft SQL Server database. At a later date you can use the GFI Web interface to query email messages stored in the SQL Server database. The reason why the error messages were showing up every 30 seconds is because that's how often GFI MailArchiver was configured to move mail messages from the archive mailbox to the SQL Server Database. Because Exchange was unable to deliver any messages to the GFI MailArchiver (GFI MailArchiver uses IMAP to obtain the messages from the Exchange Server), messages were not being properly archived. I verified this by using the Exchange System Manager (ESM) to look at the number of messages stored in the GFI mailbox. Normally you would expect this number to increase as messages build up in the mailbox and reduced every 30 seconds as GFI MailArchiver moves the messages to the SQL Server machine. In this case the size and the total items reported by the ESM remained constant.

During the research of this problem, I did find some references to encrypted messages not being properly displayed in Outlook Web Access (OWA). On a hunch, I opened the mailbox using regular Outlook (not OWA) and deleted the messages in the GFI mailbox--there were only two spam messages in the mailbox. After I deleted the messages, I noticed that messages would appear and disappear after 30 seconds. This was a good sign that GFI MailArchiver was properly archiving messages again. After deleting the messages, I checked the Application Event log and the IMAP error messages were gone. As far as I can tell one or both of the messages in the GFI mailbox were corrupted and were preventing GFI MailArchiver from properly obtaining messages from Exchange, which prevented them from being archived. If you run into a situation like this, open up the mailbox using Outlook and try deleting any messages in the Inbox. It could save you a lot of troubleshooting time.

Tip

With the lack of a free Daylight Saving Time (DST) patch for Exchange 2000 Server, we’re encouraging our clients to upgrade to Exchange Server 2007, instead of paying $4000 for the Exchange 2000 CDO patch. Unfortunately, if you’re using third-party backup software, you’re probably still waiting for the backup vendors to support Exchange 2007. As of this writing, both Symantec’s Backup Exec and Computer Associate’s BrightStor ARCServe have announced support for Exchange 2007, but have not released an agent to support Exchange 2007. As a workaround you can use NTBackup, which ships with Windows Server 2003 to back up Exchange 2007. For more information on backing up Exchange 2007 refer to http://technet.microsoft.com/en-us/library/bb123693.aspx.