Video Screencast Help

Mail Security 7.0 Exchange, Object reference not set to an instance of an object

Created: 24 Dec 2012 • Updated: 24 Dec 2012 | 21 comments

I have a the same problem as the following article:

http://www.symantec.com/business/support/index?page=content&id=TECH84031&actp=search&viewlocale=en_US&searchid=1356362699092

The SID in question is S-1-18-1 (AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY), which is new for Windows Server 2012.

My Environment:
Windows Server 2012 Native AD
Windows Server 2008 R2, Exchange Server 2010 SP2, with Symantec Mail Security 7.0
Windows 8 Client

The Mail Security console on the Exchange Server cannot launch, due to Windows 2008 R2 not being able to convert the SID S-1-18-1.

My workaround is to use Mail Security console on Windows 8 launches fine, as Windows 8 can conver the SID.  But, I have not access to Quarantine, as it's local to the Exchange Server, so not good as a workaround.

Any ideas on getting the console to launch on Windows 2008 R2?  or viewing remote Quarantine?

NOTE: I cannot migrate Exchange or move it onto Windows 2012, due to the requirement of Exchange Server 2010 SP3 (not out yet).

 

Comments 21 CommentsJump to latest comment

Bharat.Khetani@gntl.co.uk's picture

Just an update, the Console on the Windows 8 machine can now see the Quarantine folder.  Must have been some sort of refresh issue.  My workaround is my working.

Bharat.Khetani@gntl.co.uk's picture

another update, Quarantine folder has now dis-appeared, after rebooting the Windows 8 workstation.  Any ideas anyone?

ksattler's picture

I have the same issues at one of our customer with version 6.5.8. I thought that this issue is only related to this version, but after upgrading to version 7.0.0.x, which is now supported for Server 2012 environments, the problem still persists.

Environment:

Two Server 2012 DCs, one Server 2008 R2 DC

Exchange 2010 SP2 on Server 2008 R2 SP1

 

Sometimes the login to the SMSMSE console is successful, when the 2008 R2 domain controller is used for authentication. I have verified this by checking the %LOGONSERVER% variable. The 2008 R2 domain controller don't return that SID, when an authentication attempt occurs...

 

Probably you could open a case?

Bharat.Khetani@gntl.co.uk's picture

I have not opened a case, as I am evaluating this in a Dev environment.  We will look for a solution if and when we go into production.

Maybe the workaround we are using is good for you?

ksattler's picture

The problem is that most of our customer don't have a Windows 8 license. At this customer there is currently a migration from XP to Windows 7. So this isn't a workaround.

Bharat.Khetani@gntl.co.uk's picture

How about a Windows Server 2012 machine, do you have a member server where you can install this on?

ksattler's picture

No, the customer does not have Windows Server 2012 licenses...

groberts's picture

HI Bharat,

 

I've brought this behavior up to our developers, and we're looking into what may need to change on our side to react to this change on the Microsoft side. Thanks for bringing this situation to our attention. I will post here as soon as new information is available.

PETE SOFTWARE's picture

Same issue here with Windows Server 2012 DC and installation of Mail Security 7.0 on Mailserver with Windows Server 2008 R2.

Problem is the SID: S-1-18-1 (AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY)

jweek's picture

I'm seeing the same problem, any updates on a resolution?

Bharat.Khetani@gntl.co.uk's picture

Exchange 2010 SP3 came out a few weeks back, and we've now migrated all Windows 2008 Servers to 2012, and Exchange 2010 servers to 2013, so not a problem for us.

I know it's not a resolution to the original issue, but it may be an option for you guys, even though it could be a complex migration depending on your userbase.

ksattler's picture

Hi,

I have upgraded the customer to SP3 and SMSMSE to 7.0.1.66. The issue still persists.

Can anyone confirm this?

 

Bharat.Khetani@gntl.co.uk's picture

I don't think 7.0.1.66 fixes the issue. For now, you need to install the console on Windows 8 or Windows 2012.

SuneerWARAQ's picture

 

I have same scenario, 2012 DC, Exchange on 2008 Server SP1 and exchange version 2010. I installed the management console on Windows 7 SP1 its working fine.

After updating the console installed on windows 7 I can manage the quarantine as well.

 

chewin71's picture

Hotfix from Microsoft - going to install this on the exchange server and report back what happens:  http://support.microsoft.com/kb/2830145

 

chewin71's picture

The microsoft hotfix worked like charm.  I did however need to restart the server, so keep that in mind.

Skipton's picture

For those that are running Mail Security for Microsoft Exchange 7.0.1 and do not have the luxury of rebooting the server, there has been a patched dll released that will fix the issue. The file to download is at the bottom of http://www.symantec.com/docs/TECH202495 .

ETH0's picture

Has this issue been fixed in version 7.02? I checked the release notes and could not find any reference about this issue. Reason I am asking is that Microsoft does not provide a hotfix for server 2008. Only for Server 2008 R2 and the patched dll is only for version 7.01

groberts's picture

The issue is not resolved in 7.0.2, but we do have a patch for 7.0.2, take a look at http://www.symantec.com/docs/TECH202495. This will work for any customer that is not able to install the Microsoft patch.

ETH0's picture

Many thanks. This hotfix will help a lot during our upcoming migration from Server 2008 to Server 2012 R2, because there is no Hotfix from Microsoft for Server 2008 (only for Server 2008 R2)

This means I can upgrade my AD servers to Server 2012 R2 and still be able to access the Mail Security console on our Exchange Server (Server 2008) until the mail servers are also migrated to Server 2012 R2 and Exchange 2013.