Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Community Blog

Troubleshooting Mail Security for MSE with clustering

Created: 04 Aug 2009
mon_raralio's picture
0 0 Votes
Login to vote

Here's the scenario:
You have an MS cluster with MS exchange and SMSMSE (Symantec Mail Security for Microsoft Exchange). And you're having problems with the Exchange because SMSMSE is in a stopping state. There is nothing in the logs that says otherwise except for an error in clustering (error 1460).

After checking on Symantec Knowledge base, I found out that it has something to do with the timing. For clustered environment, it is not advisable to make SMSMSE dependent upon another service. Check if the current setup have the SMSMSE dependent on another service that is forcing the Symantec service to stop is-as one admin (someone I know) said "would be a tedious process and is not an option". i.e. it would make things worse. Anyway, waiting for the service to stop really may do the trick.

Then I also found this while Googleing on the probable causes for the clustering side...
"
Problem:

The IIS, SMTP, POP3 and WWW services crash frequently on the Exchange with Symantec Antivirus servers and they took Exchange down. This happens with a frequency of once or twice an hour - or maybe more.

Resolution:

This issue is caused due to the Symantec Brightmail 5. The recommended workaround is to modify brightmail to no longer use the rulesets that are causing the issue.

Please Call Symantec to resolve this issue. Here is what they will probably tell you - to modify the bmiconfig.xml file.

To modify bmiconfig.xml to work around the issue:

Open the services menu by going to Start -> Run and typing services.msc
Stop the Symantec Mail security for Microsoft exchange service, and the Symantec Mail security spam statistics service, if they are started
Open :\Program iles\Symantec\SMSMSE\5.0\Server\SpamPrevention\bmiconfig.xml in a text editor such as notepad
Go to the File menu, choose save as, and save the file as bmiconfig.old
Delete the following 5 strings:
header_regex
body_regex
lang_header_regex
lang_body_regex
bodysig

Once those entries are deleted, go to the File menu, and choose save as, save the file as bmiconfig.xml

Restart the Symantec mail security for Microsoft exchange service; it is not necessary to restart the Spam statistics service

- An easier way is to save the bmiconfig.xml to your Desktop first. Edit it as per the instruction above. THEN stop the Symantec Services, Rename the bmiconfig.xml file and Copy the edited file back to it's original folder. THEN restart the Symantec AV Service(s).
"

And since this came from the Internet, it comes with a "do it at your own risk" clause attached to it.

Additional info for Symantec on clustering is found here. http://service1.symantec.com/support/ent-gate.nsf/...