Most Ongoing store.exe calls are waiting for a response from the Virus Scanner

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2006-07-13

The Microsoft® Exchange Server Analyzer Tool examines the Exchange Function Call Log (FCL), the Store.fcl file, for events that indicate a predominance of ongoing cross component calls from the Exchange Information Store service (Store.exe) to the Virusscan Virus API (VAPI) component.

Ongoing calls are requests from the Microsoft Exchange Information Store service (Store.exe) to other components that have not received a response at the time the Exchange FCL data is written to the Store.fcl file.

If the Exchange Server Analyzer finds that events in the Store.fcl logging file reflect a predominance of ongoing calls from the Microsoft Exchange Information Store service (Store.exe) to the Virusscan VAPI component, the Exchange Server Analyzer displays an error.

When cross-component calls from the Microsoft Exchange Information Store service (Store.exe) wait for a response, remote procedure call (RPC) threads can back up behind these requests and lead to Exchange Server performance issues such as delays in server responses to clients.

Ongoing calls from the Microsoft Exchange Information Store service to the Virusscan VAPI component can be caused by the following conditions:

  • Updates to a virus scanner that generate a re-scan of items in the information store.

  • A misconfigured virus scanner

  • Virus scanner software processes a large message or attachment

To resolve this error, take the following steps:

  • Schedule updates to your virus engine for times when resource consumption is low, that is, off-peak demand hours.

  • Consider reinstalling the virus scanning software, but reinstall at off-peak demand intervals.

  • Examine the configuration of your virus scanning engine for the correct thread configuration, file level exclusions, and so on. See Microsoft Knowledge Base article 823166, "Overview of Exchange Server 2003 and antivirus software" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=823166).

  • Review the articles in the For More Information section of this document.

For More Information

For more information about virus-scanning programs that are typically used with Microsoft Exchange Server 2003, see the Microsoft Knowledge Base article 823166, "Overview of Exchange Server 2003 and antivirus software" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=823166).

For more information about virus-scanning programs that are typically used with Microsoft Exchange 2000 Server, see the Knowledge Base article 328841, "Exchange and Antivirus Software" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=328841).

For more information about Exchange Server performance, see the "Performance and Scalability Guide for Exchange Server 2003" (https://go.microsoft.com/fwlink/?LinkId=47576).

For more information about how to troubleshoot Exchange Server performance issues, see "Troubleshooting Microsoft Exchange Server Performance" (https://go.microsoft.com/fwlink/?LinkId=47588).

For more information about how to troubleshoot information store performance, see Microsoft Knowledge Base article 257725, "XADM: How to Collect Diagnostic Data for Information Store Troubleshooting" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=257725).