Issues that are caused when Symantec Mail Security 4.x for Microsoft Exchange is installed on a server that is running Exchange 2000 Server or Exchange Server 2003

When you have Symantec Mail Security 4.x for Microsoft Exchange installed on a server that is running Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003, you may experience one or more of the following symptoms.

Server performance decreases

The server that is running Exchange Server experiences a decrease in performance while the server performs regular operations. The system becomes non-responsive. Additionally, CPU usage is high. Detailed symptoms are as follows:

• The Inetinfo.exe process uses 50% or 100% of CPU when the process is viewed in Task Manager. To resolve this issue, see Resolution 1: Install the latest version of Mail Security for Microsoft Exchange.
• The SAVFMSESp.exe process uses 100% of CPU when the process is viewed in Task Manager. To resolve this issue, see Resolution 1: Install the latest version of Mail Security for Microsoft Exchange
• Store.exe and Savfmsesjm.exe spike the CPU every 60 minutes. To resolve this issue, see Resolution 2: Increase the update interval for Mail Security for Microsoft Exchange
• The Savfmsectrl.exe process slowly increases in memory usage until the server stops or until you restart the Mail Security for Microsoft Exchange service. This is a memory leak situation. To resolve this issue, see Resolution 3: Install Windows 2000 Server Service Pack 4, or edit the CheckForSerialScanAndHeartBeatBool registry key

Mail flow performance decreases

The Exchange Server mail flow experiences a decrease in performance. Microsoft Outlook clients are slow to deliver messages. Additionally, the clients stop responding (hang) for 30 seconds. SMTP queues, such as the Directory Lookup queue and the Local Delivery queue, back up. Additionally, the following event may be logged in the Application log:

Event ID : 2013
Source : smtpsvc
Type : Error
Message : SMTP could not connect to any DNS server. Either none are configured, or all are down.

Event ID : 2012
Source : smtpsvc
Type : Warning
Message : SMTP could not connect to the DNS server 'xx.xx.xx.xx'. The protocol used was 'xx'. It may be down or inaccessible.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: Exchange Store Driver
Event ID: 326
Description: Service Account failed to logon to the store as /O=OrganizationName/OU=Administrative Group Name/cn=Configuration/cn=Connections/cn=SMTP(ServerName)/cn={MBX STORE GUID}.
Error code : 0xc0040132.

To resolve this issue, see

Messages are not sent or are sent incorrectly

Exchange Server experiences the following symptoms when it sends messages:

• When a message is sent that has no subject or has a blank subject, the internal message may disappear. Additionally, nothing is in the queue. To resolve this issue, see Resolution 1: Install the latest version of Mail Security for Microsoft Exchange
• When a message is sent to multiple people within the Exchange Server organization, some people receive a blank message body. However, other people receive the whole message. To resolve this issue, see Resolution 1: Install the latest version of Mail Security for Microsoft Exchange
• When a message is sent to some domains, Outlook clients immediately receive the following non-delivery report (NDR):
  5.7.1 Requested action not taken: message refused.
  To resolve this issue, see Resolution 3: Add domains and senders to the allow list
• All incoming e-mail is refused. Additionally, you receive the following NDR:
  <x.x.x #5.2.1 smtp;550 5.2.1 Mail from x.x.x.x refused: spam site.>
  This issue occurs when Mail Security for Microsoft Exchange cannot contact the Blocked Senders list server. When this occurs, Mail Security for Microsoft Exchange rejects all incoming e-mail. Regardless of how many other servers are listed in the Blocked Senders list, this issue occurs even if only one server is unreachable. To resolve this issue, see Resolution 10: Disable Mail Security for Microsoft Exchange, or contact Symantec support

Message preview is unsuccessful in Outlook or in Outlook Web Access

When you preview a message in Outlook or in Microsoft Outlook Web Access, you may experience the following symptoms:

• You are running Mail Security for Microsoft Exchange on Exchange Server 2003, and you try to view a message in the Outlook preview pane. When you do this, you may receive the following error message:
  This item contains active content that cannot be displayed in the preview pane. Open the item to read its contents.
  When you try to open the message, you may receive the following error messages:
  Can't open this item. Could not complete the operation because the service provider does not support it.
  Path does not exist. Make sure path is correct.
  When you try to view the message in Outlook Web Access, you may receive the following error messages:
  HTTP/1.1 501 not implemented.
  Page cannot be displayed.
• You configure a basic virus rule to "Delete entire message" in Symantec Mail Security 4.5.x for Microsoft Exchange. On an Exchange Server 2003 server that uses the Preview option in Outlook 2003, some messages cause the following Outlook message to appear:
  Microsoft Office Outlook Can't open this item. The item was found to contain a virus that could not be cleaned. For more information, contact your Exchange server Administrator.

To resolve these two issues, see Resolution 5: Install Exchange Server 2003 Service Pack 1, and disable Cached Exchange Mode

Other symptoms

• You cannot connect to the server. Additionally, the Microsoft Exchange Information Store service cannot be stopped. You may receive error 1053. This error indicates that the service did not respond in a timely manner. However, all services are running, and all Exchange Server resources are online. To resolve this issue, see Resolution 1: Install the latest version of Mail Security for Microsoft Exchange
• On a network that includes Exchange 2000 Server servers or Exchange Server 2003 servers, transaction logs generate quickly when the Auto-Protect option is enabled for Mail Security for Microsoft Exchange. To resolve this issue, see Resolution 1: Install the latest version of Mail Security for Microsoft Exchange
• When the Scan SMTP messages leaving the server Auto-Protect option is enabled on an SMTP gateway or a front-end server, messages accumulate in the �Messages pending submission� queue. To resolve this issue, see Resolution 6: Remount the mailbox store
• In Outlook or in Outlook Web Access, you create a recurring appointment that has no end date. You then update a single occurrence of this appointment. When you do this, the whole series is deleted. This issue occurs for new users also.
  
  This issue may occur when Mail Security for Microsoft Exchange is installed on Microsoft Exchange Server 2003 Service Pack 1 (SP1) as antivirus software (AV). To resolve this issue, see Resolution 7: Verify whether the message is deleted by a filtering trigger
• You try to move a mailbox from one server to another when the following conditions are true:
  • Exchange Server 2003 SP1 is running on Microsoft Windows Server 2003.
  • Symantec Mail Security 4.0.10.461 for Microsoft Exchange is installed.
  When you do this, you receive the following error message in the "move mailbox XML summary":
  <summary isWarning="false" errorCode="0x80070005">
  Additionally, the following events are recorded in the Application log:

  Event Type: Error
  Event Source: MSExchangeAdmin
  Event Category: Move Mailbox
  Event ID: 9170
  Description:
  Failed to update mailbox on Active Directory server 'ServerName'.
  homeMDB: /dc=xxx/cn=Configuration/cn=Services/cn=Microsoft Exchange/cn=OrganizationName/cn=Administrative Groups/cn=Administrative Group Name/cn=Servers/cn=ServerName/cn=InformationStore/cn=StorageGroupName/cn=StoreName
  homeMTA: /dc=xxx/cn=Configuration/cn=Services/cn=Microsoft Exchange/cn=OrganizationName/cn=Administrative Groups/cn=Administrative Group Name/cn=Servers/cn=ServerName/cn=Microsoft MTA
  msExchHomeServer: /o=OrganizationName/ou=Administrative Group Name/cn=Configuration/cn=Servers/cn=ServerName
  Error: Access denied.

  Event Type: Error
  Event Source: MSExchangeAdmin
  Event Category: Move Mailbox
  Event ID: 1008
  Description:
  Unable to move mailbox 'MailboxName'.
  Error: Access denied.

  To resolve this issue, see Resolution 8: Verify the account permissions
• You see ghosted instances of the SMTP virtual server in Exchange System Manager even after the virtual server is deleted. This issue occurs when Symantec Mail Security 4.5 for Microsoft Exchange or a later version of Mail Security for Microsoft Exchange was installed on the system while the ghosted server instance existed.
  
  When Mail Security for Microsoft Exchange is installed, it hardcodes the script that is used to register event sinks. Therefore, when you delete an existing server, and the server is no longer in the Active Directory directory service or in Metabase, Mail Security for Microsoft Exchange still tries to register the event sinks for the deleted server. Therefore, when you start the system or restart the Mail Security for Microsoft Exchange service, you see the ghosted server. To resolve this issue, see Resolution 9: Reinstall Mail Security for Microsoft Exchange
• After an undetermined time, an autoreply rule on a public folder stops working. To resolve this issue, see Resolution 10: Disable Mail Security for Microsoft Exchange, or contact Symantec support
• You cannot open Outlook Web Access from the front-end server against a mailbox which is on a new back-end server. You are prompted three times, and then you receive the following error message in the Web browser:
  HTTP 1.1 401 Unauthorized
  Additionally, substatus code 401.5 is logged in the World Wide Web service (W3SVC) log. This issue occurs when the front-end server is running Exchange Server 2003 on Windows Server 2003, and Mail Security for Microsoft Exchange is installed.
  
  This issue occurs because Mail Security for Microsoft Exchange does not enable the front-end server to connect to the newly added back-end server.
  
  To resolve this issue, see Resolution 10: Disable Mail Security for Microsoft Exchange, or contact Symantec support

These issues occur when you have Symantec Mail Security 4.x for Microsoft Exchange installed.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Resolution 1: Install the latest version of Mail Security for Microsoft Exchange

Because most of the known issues are fixed by the latest version of Mail Security for Microsoft Exchange, we recommend that you install this version. Currently, the latest version is Symantec Mail Security 4.6.3 for Microsoft Exchange.

For more information about how to obtain the most current update of Mail Security for Microsoft Exchange, visit the following Symantec Web site:To upgrade Mail Security for Microsoft Exchange, follow these steps.

Note These steps are from the Symantec Web site.

1. Stop the Mail Security for Microsoft Exchange service.
2. Uninstall the service.
3. Delete the MessageDeletionQueue registry subkey from the registry. This subkey is found in the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\4.0\Server\Components\MsgDeletionQueue
4. Install the most current version of Mail Security for Microsoft Exchange.

To resolve some of the issues that are described in "Symptoms" section, use one or more of the following methods.

Resolution 2: Increase the update interval for Mail Security for Microsoft Exchange

Store.exe and Savfmsesjm.exe spike the CPU every 60 minutes when Mail Security 4.x for Microsoft Exchange is installed.

To resolve this issue, edit the registry to increase the interval time from 60 minutes to a larger interval, such as 120 minutes. The interval can be between 60 minutes and 24 hours. To increase the interval time, follow these steps:

1. Exit all programs.
2. Click Start, click Run, type regedit in the Open box, and then click OK.
3. Locate one of the following registry keys, as appropriate for the version of Mail Security for Microsoft Exchange that you are running: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\4.0\Server HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\4.5\Server HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\4.6\Server
4. In the right pane, double-click the following value:
   RefreshListTimeInMinutes
5. In the Value data box, type the following DWORD Value:
   00000078
   This DWORD value sets the interval time to 120 minutes. Other examples of DWORD values are as follows:
   0000003c (60 minutes)
   000005A0 (24 hours)
6. Exit Registry Editor.

Resolution 3: Install Windows 2000 Server Service Pack 4, or edit the CheckForSerialScanAndHeartBeatBool registry key

The Savfmsectrl.exe process slowly increases in memory usage until the server stops or until you restart the Mail Security for Microsoft Exchange service. This issue occurs when you have one of the following versions of the service installed on Exchange 2000 Server or on Exchange Server 2003:

• Symantec Mail Security 4.0.x for Microsoft Exchange
• Symantec Mail Security 4.5.x for Microsoft Exchange
• Symantec Mail Security 4.6.x for Microsoft Exchange

Which resolution you should use depends on the version of Windows Server that Mail Security for Microsoft Exchange is installed on.

Windows 2000 Server

To resolve this issue, install Microsoft Windows 2000 Service Pack 4 (SP4) for Mail Security 4.0.x for Microsoft Exchange.

For Mail Security 4.5.x for Microsoft Exchange and later versions of Mail Security for Microsoft Exchange, Windows 2000 SP4 is a system requirement.

When you install Mail Security 4.6.x for Microsoft Exchange, install build 107 or a newer build.

For more information about how to obtain the latest service pack for your version of Windows, click the following article numbers to view the articles in the Microsoft Knowledge Base:

Windows Server 2003

Edit the registry for the version of Mail Security for Microsoft Exchange that you have installed. To do this, follow these steps:

1. Exit all programs.
2. Click Start, click Run, type regedit in the Open box, and then click OK.
3. Locate one of the following registry keys, as appropriate for the version of Mail Security for Microsoft Exchange that you are running:
   HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\4.0\Server\Components\ HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\4.5\Server\Components\
4. In the left pane, right-click Components, click New, click Key, and then type the following name for the new key:
   NaveCtrl
5. Right-click NaveCtrl, click New, click DWORD Value, and then type the following name in the right pane:
   CheckForSerialScanAndHeartBeatBool
6. Right-click CheckForSerialScanAndHeartBeatBool, and then click Modify.
7. In the Value Data field, type 0.
8. Exit Registry Editor.

Resolution 4: Add domains and senders to the allow list

When a message is considered to be spam by Mail Security for Microsoft Exchange, the sender may receive the following NDR: Note Outlook clients may use an e-mail signature that is created in Microsoft Word as a Rich Text Format (RTF) file, and Outlook may use this file as the signature. In this case, Mail Security for Microsoft Exchange considers the message to be spam. To work around this issue, you can remove the signature from the Outlook client. Alternatively, you can add the sender to the allow list.

To enable messages from specific domains or senders, add the domains or the senders to the allow list. To do this, follow these steps.

Step 1: Create a virtual allow list

1. Click Start, click Programs, click Symantec MS for Microsoft Exchange, and then click Symantec Mail Security for Exchange.
2. In the left pane, click Configuration.
3. Click Match Lists.
4. In the right pane under Match Lists, click Add new.
5. Under Add Match List, type a name in the Match list name box. For example, type allow list
   
   Note Do not use punctuation (a period or other characters) at the end of a name. If you do use punctuation, you receive the following error message when you click Save:
   The field Match list name contains invalid characters (&%^\:/*?.|><'#@+=")
6. In the Match list description box, you may describe the function of the match list. This description does not affect the function of any rule or of the match list itself.
7. Under This List Contains, click DOS wild card style expressions.
8. In the Match list filter box, type the domain names that are known to originate spam. Each domain name that is entered occupies a single line in the Match list filter box. You can use the following symbols and characters in the Match list filter box:
   ! @ # $ % ^ & * ( ) _ + } { " : > < ? | ~ , . / ; ] [ = -
   Note Type the entries by using one of the following formats:
   *@domain.com
   domain.com
   Mail Security for Microsoft Exchange does not correctly process entries that are in the "@domain.com" format.
9. Click Save.

Step 2: Create a content filtering rule

1. In the left pane of the single-server user interface, click Policies, and then click Standard Policy.
2. Under Subpolicies in the right pane, make sure that the Filter Subpolicy check box is selected.
3. In the left pane, click Filtering subpolicy.
4. Under Rules in the right pane, click Add new.
5. Under Add Filtering Rule, type a name in the Filtering rule name box. For example, type spam
   
   Note Do not use punctuation (a period or other characters) at the end of a name. If you do use punctuation, you receive the following error message when you click Save:
   The field Match list name contains invalid characters (&%^\:/*?.|><'#@+=")
6. Make sure that the Enable rule check box is selected.
7. Under This rule applies to, click Sender.

Step 3: Configure the "Create expression" section of the content filter rule

1. In the Choose conditional list, click Unless.
2. In the Choose attribute list, click Sender.
3. In the Choose comparison list, leave the box set to Contains.
4. In the Choose comparison box, click to select the Whole words only check box.
   
   Note By default, the Ignore case check box is selected.
5. To the right of the Choose value list, click A member of Match List.
6. In the A member of Match List list, click allow list.
7. Click Add.

Resolution 5: Install Exchange Server 2003 Service Pack 1, and disable Cached Exchange Mode

If you experience issues when you preview messages in Outlook, first make sure that you have installed Exchange Server 2003 SP1. This service pack contains updates and improvements that address the situations that are described in the Symptoms section. For more information, click the following article number to view the article in the Microsoft Knowledge Base: If you still experience issues when you view saved e-mail in the personal folders file (.pst file) after you install Exchange Server 2003 SP1, use the workaround in the Workaround section.

Issues when you preview messages in Outlook occur when you configure a basic virus rule to "Delete entire message" in Symantec Mail Security 4.5.x for Microsoft Exchange, and Outlook 2003 is configured to use Cached Exchange Mode. To resolve this issue, disable Cached Exchange Mode in Outlook.

How to disable Cached Exchange Mode in Outlook

1. On the Tools menu, click E-mail accounts, and then click to select View or change existing e-mail accounts.
2. Click Next.
3. Click to select the Exchange Server e-mail account, and then click Change.
4. Click More Settings, and then click Advanced.
5. Under Mailbox Mode, click to clear the Cached Exchange Mode check box.

Note You can also search for and then delete all files that end in the extension ".ost."

Resolution 6: Remount the mailbox store

The Scan SMTP messages leaving the server Auto-Protect option in Exchange Server 2003 uses the Microsoft VSAPI 2.5 TransportAVAPI protocol. This protocol requires that a local store must be available to scan SMTP traffic. An SMTP gateway or a front-end server may have the local Information Store service disabled and the mailbox store not mounted. In this case, all messages will be stuck in the SMTP �Messages pending submission� queue. To submit these messages for scanning after the store is remounted, use the Force connection option in Exchange System Manager.

More information about TransportAVAPI scanning

The TransportAVAPI protocol uses the SMTP mailbox as a temporary location when the protocol scans SMTP messages for viruses. The SMTP mailbox name uses the following syntax: Each message body and attachment is submitted to Mail Security 4.5 for Microsoft Exchange from a subfolder of this mailbox. The subfolder has the following name: When you select an action, such as "quarantine," when an item is viral, a log entry and a message are created. The log entry and the message show that the viral item is located in the subfolder.

Resolution 7: Verify whether the message is deleted by a filtering trigger

The recurring appointment message may be deleted by a filtering trigger in the AV. View the Mail Security for Microsoft Exchange logs to see whether any policy settings are violated. If policy settings are violated, a filtering trigger in the AV deletes the message. To resolve this issue, modify the trigger.

Resolution 8: Verify the account permissions

The �Access denied� error indicates that there might be a permissions issue when you move a mailbox between servers. Verify that the account that is used to move the mailbox has the correct permissions. Additionally, make sure that the account is not a member of the SMSMSEADMINS group.

Note The SMSMSEADMINS group is created by Symantec Mail Security 4.0.10.461 for Microsoft Exchange during installation.

Resolution 9: Reinstall Mail Security for Microsoft Exchange

To do this, follow these steps:

1. Make sure that the ghosted server is gone from Metabase or Active Directory.
2. Uninstall Mail Security for Microsoft Exchange, and then restart the server.
3. Look for the ghosted server. If it still exists, delete it by using MetaEdit 2.2 or Metabase Explorer. Restart the computer to make sure that the ghosted server no longer exists.
4. Reinstall Mail Security for Microsoft Exchange.

If additional help is required, contact Symantec support. To do this, visit the following Symantec Web site:

Resolution 10: Disable Mail Security for Microsoft Exchange, or contact Symantec support

To contact Symantec support, visit the following Symantec Web site:

To view e-mail that is saved to the personal folders (.pst) file, use the following method as a temporary workaround:

1. Reset Outlook. To do this, follow these steps.
   
   Note This procedure loads the .pst file into Outlook so that the e-mail can be viewed. The .pst file loads automatically every time that you open Outlook.
   1. Save the .pst file locally. Alternatively, copy the .pst file to a network resource.
   2. In Outlook, click File, click Open, and then click Personal Folders File (.pst).
   3. In the Open Personal Folders dialog box, locate and then click to select the .pst file.
   4. Click OK.
2. Forward the message to the Exchange Server 2003 store. To do this, follow these steps:
   1. Open the message in Outlook.
   2. Click Forward.
   3. Click To.
   4. In the Select Names dialog box, select the user to whom you want to forward the message, and then click OK.
   5. Click Send.
3. Undo the workaround.
   
   To do this, right-click the personal folders (.pst) file in Outlook, and then click Close Personal Folders.

For more information about the known issues of Mail Security for Microsoft Exchange and about how to resolve these issues, see the topics that are discussed in the following Symantec Web sites:

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.