Symantec Mail Security for Exchange (SMSMSE) 6.5.5 and Higher Administration Console is Unable to Connect to Remote Server When Remote Server Does not have Internet Access or Some Sites are Blocked While Performing Certificate Revocation Checks

Article:TECH168751  |  Created: 2011-09-02  |  Updated: 2013-10-24  |  Article URL http://www.symantec.com/docs/TECH168751
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



Unable to connect a remote SMSMSE Administration console.

1. Start the remote SMSMSE Administration Console.
2. The SMSMSE Administration Console attempts to connect to the remote server.
3. The SMSMSE Administration Console "times out" and displays a dialog box to enter authentication credentials.
4. Enter the credentials.
5. The SMSMSE Administration Console attempts to authenticate but fails.

At this point the remote console is unable to connect to the SMSMSE services on the remote server.

 

 


Error



  • The Windows Application Event log on the server with the SMSMSE Administration console contains the following error event:

Event Type:    Error
Event Source:    Symantec Mail Security Managed Components
Event Category:    None
Event ID:    0
Date:        5/16/2011
Time:        12:40:12 PM
User:        N/A
Computer:    SMSMSE179
Description:

Time : Friday, May 13, 2011 11:31:01 AM
 Outer Exception Type: System.Net.WebException
 Outer Exception Message: Unable to connect to the remote server
 Outer Exception Source: System.Web.Services
 ---Outer Exception Stack Trace---
   at System.Web.Services.Protocols.WebClientAsyncResult.WaitForResponse()
   at System.Web.Services.Protocols.WebClientProtocol.EndSend(IAsyncResult
asyncResult, Object& internalAsyncState, Stream& responseStream)
   at
System.Web.Services.Protocols.SoapHttpClientProtocol.InvokeAsyncCallback(IAsyncResult
result)
 **************************************
 Inner Exception Type: System.Net.Sockets.SocketException
 Inner Exception Message: A connection attempt failed because the connected
party did not properly respond after a period of time, or established connection
failed because connected host has failed to respond 192.168.1.110:8081
 Inner Exception Source: System
 Inner Exception Stack Trace:    at
System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure,
Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState
state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
 **************************************


Source : System.Threading.ExecutionContext::Run Thread:13
Run at offset 155 in file:line:column <filename unknown>:0:0

 

 


Environment



  • Version of SMSMSE on remote server is 6.5.5 or higher.

Cause



The binaries for SMSMSE are digitally signed.  Windows attempts to validate that the certificate used to sign the binaries has not been revoked.  If the remote server does not have Internet access or a firewall or proxy is blocking access to the sites used for certificate revocation Windows waits until a timeout period is encountered.  The SMSMSE Administration console times out during this process.

 


Solution



Turn off Certificate Revocation Checking for IIS using the following steps:

Note: If the server experiencing the problem is running Windows Server 2003, a patch must be applied for this configuration change to take effect, see "FIX: A .NET Framework 2.0 managed application that has an Authenticode signature takes longer than usual to start" for details and to download the patch.
 

1. Use a plain-text editor such as Windows Notepad to create a configuration file that contains the following lines:

    <configuration>
      <runtime>
        <generatePublisherEvidence enabled="false"/>
      </runtime>
    </configuration>


   
2. Save the file as w3wp.exe.config in the same folder as w3wp.exe. For example:

        %windir%\system32\inetsrv

        This turns off checks by all web applications on the server.

3. Restart IIS by going to Start, Run, and type in CMD. In the command prompt type "iisreset" and wait for the restart to complete.

The remote console should now connect and authenticate without excessive delay.

 

Technical Information

For more information on the generatePublisherEvidence element see the following Microsoft article: MSDN <generatePublisherEvidence> Element.



 

 




Article URL http://www.symantec.com/docs/TECH168751


Terms of use for this information are found in Legal Notices