Endpoint Protection

 View Only

  • 1.  Symantec Mail for Exchange 6.5

    Posted Jun 04, 2020 09:17 AM
    Hi

    We have received a new license file for Symantec Mail For Exchange 6.5. The new license file only activates the Anti-Virus part of SMSMSE and does not activate the Premium Anti Spam part of SMSMSE.

    Error log: 
    SERVER.local 2020/06/03 09:32:48 AM Error Premium AntiSpam Symantec Premium AntiSpam registration failed on the server SERVER.
    Unable to communicate with Symantec to register. Please check your connection settings, and try again.
    Connection error 60: SSL certificate problem: unable to get local issuer certificate.

    Internet connection on server working 100%. Premium Anti Spam was working fine before installing new license.

    Have logged a case(31945088) but no luck in resolving the issue.

    Please assist

    Regards
    Pieter


  • 2.  RE: Symantec Mail for Exchange 6.5

    Posted Jun 05, 2020 12:21 PM

    I have the same issue with Symantec Mail Security for Microsoft Exchange 7.9.  My license is for Premium AntiSpam as well though.  I see the same error message:

    Unable to communicate with Symantec to register. Please check your connection settings, and try again. 
     Connection error 60: SSL certificate problem: unable to get local issuer certificate.

    For me, all was working fine until we updated to the newest Exchange CU.  That might have just caused SMSMSE to have to re-register and just been a coincidence though.


    Original Message


  • 3.  RE: Symantec Mail for Exchange 6.5

    Posted Jun 22, 2020 05:21 PM
    I am seeing the same issue on my Mail Security for MS Exchange 7.9.  Opened a ticket a week ago and all they reply back with is that they have a 2 week backlog.  Any luck with a fix.  I am looking at all sorts of things, like the certificates in IIS and the firewall.  Went through the steps on  https://knowledge.broadcom.com/external/article?legacyId=tech85367.  This has fixed issues in the past, but no go this time.  Still searching for the answer.
    Original Message


  • 4.  RE: Symantec Mail for Exchange 6.5

    Posted Jun 23, 2020 07:43 AM
    Received the following email message from Broadcom support over night.  Basically, the certificates are expired and you need to update to fix this problem properly. 

    Case Update:

    As of April 30, 2020 an older set of CA certificates used to communicate with the following servers: aztec.brightmail.com or register.brightmail.com have expired across previous versions of Microsoft Mail Security for Microsoft Exchange 7.9.0.30 and older. This means that updating the product will be necessary to fix the impacted registration, definition update and anti-spam features. Upgrading to the most recent version 7.9.1_MP1 is our best recommendation.

    Here are links to the latest versions of the product and the product documentation where the Implementation Guide can be located:

    Download portal - https://support.broadcom.com/download-center/product-files.html?sku_code=MAI70929&release=7.9&gen_level=0&language=EN

    Product documentation - http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/information-security/symantec-mail-security-for-microsoft-exchange-server/7-9-1/Related-Documents.html

    If there are issues following and signing in for these links; then our GCA team can provide additional guidance with existing account details within the support portal.

    Note: Internal product references to build 7.9.2.62 refer to the published version which was released as 7.9.1_MP1. This maintenance pack served to update the assemblies in use by the product to versions that make use of .NET 4.5 As such please ensure that .NET 4.5.1 or newer is installed before upgrading. The previous version for 7.9.1 may be also be utilized if there is some need to continue using the old assemblies.





    ------------------------------
    Bill
    GWS
    VA
    ------------------------------

    Original Message


  • 5.  RE: Symantec Mail for Exchange 6.5

    Posted Jun 22, 2020 09:11 PM
    Edited by Voodoo Jun 22, 2020 09:23 PM
    I have same issue and same error as OP
    Environment - SBS2011\Exchange 2010SP3 RU30\SMSME 7.5.6.152

    Tried the information in the followingc:
    https://knowledge.broadcom.com/external/article/177123/how-to-manually-register-the-license-for.html

    Nothing in the doc worked for me, every time it generated same error including the command line at the end of the doc, but noticed at the end of the doc some registry entries and started poking around, and it seems to have worked (at least as far as as i can tell, see below).

    Assuming you have copied a valid license file to the server and attempted to deploy via GUI, mine accepted the file but got "failed to register error" and was unable to check the box "Enable Symantec Premium AntiSpam":

    1. Change the following registry entries to 0 (zero), they were both set to 1

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\<version>\Licensing\SpaDisabled
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\<version>\Licensing\SpaRunRegister

    2. Stopped "Symantec Mail Security Utility Service" service
    3. Restarted "Symantec Mail Security for Microsoft Exchange" service
    4. Started "Symantec Mail Security Utility Service" service
    5. Checked box "Enable Symantec Premium AntiSpam"

    Checked status under Monitors > Server Status > Symantec Premium AntiSpam: Enabled Last Update 5/27/2020 9:21:35PM

    I checked several other servers I manage that have similar environment and they all have the same 5/27/2020 date so am waiting see some statistics or event logs to see if it is really working or not. Trying to get help from Broadcom is near impossible, took me 6 months of phone calls and emails just to get this license, will be my last.

    Hope this helps others,


    EDIT:

    After a few minutes I restarted the services again and go the following in the application log so looks like its not working sorry:

    "Symantec Premium AntiSpam registration failed on the server FS1."

    "Unable to communicate with Symantec to register. Please check your connection settings, and try again.
    Connection error 60: SSL certificate problem: unable to get local issuer certificate."

    It also changed the registry setting SPARunRegister back to 1

    ------------------------------
    SBSBOX
    ------------------------------

    Original Message


  • 6.  RE: Symantec Mail for Exchange 6.5

    Posted Jun 23, 2020 02:35 AM
    Same here have opened case 32063971

    Suspect Broadcom forgot to renew SSL certificate for site that anti-spam is is trying to register against, but just a guess.
    Original Message


  • 7.  RE: Symantec Mail for Exchange 6.5

    Broadcom Employee
    Posted Jun 23, 2020 10:54 AM
    I know that we changed the SSL certificates for the registration servers a few weeks ago. I support Messaging Gateway, and versions earlier than 10.6.6 cannot register due to not having the cert chain needed to confirm the new certs. I don't know 100% what the remediation is on SMSMSE, but I do know that version 7.9.2 does not have this issue and registers with the new certificates. I'm going to have to apologize, but you will have to wait for support for confirmation.

    ------------------------------
    Kris Gainsforth
    Solutions Engineer
    Broadcom
    ------------------------------

    Original Message


  • 8.  RE: Symantec Mail for Exchange 6.5

    Posted Jun 23, 2020 10:13 PM
    Edited by Briana Chica Jun 23, 2020 10:13 PM
    Can confirm in our environment updating to 7.9.1 MP1 has fixed the registration issue, this also exposed for us the fact that our other 7 deployments have not updated the Premium Anti-spam portion since 5/27 same as reported by Voodoo above. So Broadcom, appears like updating your SSL certs has broken all existing deployments, so thanks for that :(
    Original Message