Symantec Mail Security for Exchange (SMSMSE) 6.5.5 and Higher Administration Console is Unable to Connect to Remote Server When Remote Server Does not have Internet Access or Some Sites are Blocked While Performing Certificate Revocation Checks
|Article:TECH168751|||||Created: 2011-09-02|||||Updated: 2013-10-24|||||Article URL http://www.symantec.com/docs/TECH168751|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
Unable to connect a remote SMSMSE Administration console.
1. Start the remote SMSMSE Administration Console.
2. The SMSMSE Administration Console attempts to connect to the remote server.
3. The SMSMSE Administration Console "times out" and displays a dialog box to enter authentication credentials.
4. Enter the credentials.
5. The SMSMSE Administration Console attempts to authenticate but fails.
At this point the remote console is unable to connect to the SMSMSE services on the remote server.
- The Windows Application Event log on the server with the SMSMSE Administration console contains the following error event:
Event Type: Error
Event Source: Symantec Mail Security Managed Components
Event Category: None
Event ID: 0
Time: 12:40:12 PM
Time : Friday, May 13, 2011 11:31:01 AM
Outer Exception Type: System.Net.WebException
Outer Exception Message: Unable to connect to the remote server
Outer Exception Source: System.Web.Services
---Outer Exception Stack Trace---
asyncResult, Object& internalAsyncState, Stream& responseStream)
Inner Exception Type: System.Net.Sockets.SocketException
Inner Exception Message: A connection attempt failed because the connected
party did not properly respond after a period of time, or established connection
failed because connected host has failed to respond 192.168.1.110:8081
Inner Exception Source: System
Inner Exception Stack Trace: at
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure,
Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState
state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
Source : System.Threading.ExecutionContext::Run Thread:13
Run at offset 155 in file:line:column <filename unknown>:0:0
- Version of SMSMSE on remote server is 6.5.5 or higher.
The binaries for SMSMSE are digitally signed. Windows attempts to validate that the certificate used to sign the binaries has not been revoked. If the remote server does not have Internet access or a firewall or proxy is blocking access to the sites used for certificate revocation Windows waits until a timeout period is encountered. The SMSMSE Administration console times out during this process.
Turn off Certificate Revocation Checking for IIS using the following steps:
Note: If the server experiencing the problem is running Windows Server 2003, a patch must be applied for this configuration change to take effect, see "FIX: A .NET Framework 2.0 managed application that has an Authenticode signature takes longer than usual to start" for details and to download the patch.
1. Use a plain-text editor such as Windows Notepad to create a configuration file that contains the following lines:
2. Save the file as w3wp.exe.config in the same folder as w3wp.exe. For example:
This turns off checks by all web applications on the server.
3. Restart IIS by going to Start, Run, and type in CMD. In the command prompt type "iisreset" and wait for the restart to complete.
The remote console should now connect and authenticate without excessive delay.
For more information on the generatePublisherEvidence element see the following Microsoft article: MSDN <generatePublisherEvidence> Element.
Article URL http://www.symantec.com/docs/TECH168751