We have two MS Exchange Servers 2019 CU11 (v15.2.986.5) where WithSecure Email and Server Security v15.10.3009 is installed. Each of the Exchange server has Hub and Edge role installed, both share common DAG. The DAG is active only on one of the Exchange servers. The other Exchange is in passive mode. Each of the Exchange servers has its own mail database, which is synchronized between them.
Now I have two problems running email storage scanning (ESS):
1. When I try to run manual ESS on the Exchange server in passive mode, the scan completes in a few seconds and scans nothing. In ods.log there is this:
2022-05-27 02:43:49.475 [55bc.0001] I: *** LOGGING STARTED *** (UTC+02:00, session: 0x0)
2022-05-27 02:43:49.569 [55bc.0001] I: * Assembly version: 5.1.130.0
2022-05-27 02:43:49.569 [55bc.0001] I: FSecure.Ess.Ods.Program: Current user name: %DOMAIN%\%FSecure-EMA-Account%
2022-05-27 02:43:49.569 [55bc.0001] I: FSecure.Ess.Ods.CommandLineArguments: Manual scan mode
2022-05-27 02:44:00.919 [55bc.0001] I: FSecure.Ess.Ods.App: Start processing
2022-05-27 02:44:01.524 [55bc.0001] I: FSecure.Ess.Ods.Factory: Settings for manual scanning was got successfully
2022-05-27 02:44:01.524 [55bc.0001] I: FSecure.Ess.Ods.App: Process task with ID: '', is test mode: 'True', is restore mode: False
2022-05-27 02:44:01.568 [55bc.0001] I: FSecure.Ess.Ods.App: Start processing of task request
2022-05-27 02:44:01.568 [55bc.0001] I: FSecure.Ess.Ods.App: Start processing of mailboxes
2022-05-27 02:44:01.840 [55bc.0001] I: FSecure.Ess.Ods.ElementProcessor: Items list is empty
2022-05-27 02:44:01.840 [55bc.0001] I: FSecure.Ess.Ods.App: End processing of mailboxes
2022-05-27 02:44:01.840 [55bc.0001] I: FSecure.Ess.Ods.App: Start processing of public folders
2022-05-27 02:44:01.840 [55bc.0001] I: FSecure.Ess.Ods.ElementProcessor: Scanning is disabled
2022-05-27 02:44:01.840 [55bc.0001] I: FSecure.Ess.Ods.App: End processing of public folders
2022-05-27 02:44:01.840 [55bc.0001] I: FSecure.Ess.Ods.App: Stop processing of task request
2022-05-27 02:44:02.322 [55bc.0001] I: FSecure.Latebound.LateboundManager: Loaded resources from 'C:\ProgramData\F-Secure\NS\default\latebound\localization\EssScanner.Strings.xaml' successfully.
2022-05-27 02:44:02.348 [55bc.0001] I: FSecure.Ess.Ods.ReportsCreator: Path to report file: 'C:\ProgramData\F-Secure\NS\default\EssOdsReports\scan_report.htm'
2022-05-27 02:44:02.411 [55bc.0001] I: FSecure.Ess.Ods.ReportsCreator: HTML report created
2022-05-27 02:44:02.713 [55bc.0001] I: FSecure.Ess.Ods.ReportsCreator: Report to PM was sent
2022-05-27 02:44:02.729 [55bc.0001] I: FSecure.Ess.Ods.App: Stopping
2022-05-27 02:44:02.752 [55bc.0001] I: *** LOGGING ENDED ***
I have intentionally modified the account information in the log dump on the line 3, but in fact there is a correct account dedicated to F-Secure.Ess.Ods.Service with all the requirements according to the manual (member of the local administrator group & Organization Management role group and so on...)
In odsService.log there is this:
2022-05-27 02:43:48.772 [1640.0009] I: FSecure.Ess.Ods.Service.IpcServer: New message received, type = ScanManual
2022-05-27 02:43:48.772 [1640.0026] I: FSecure.Ess.Ods.Service.OdsProcessController: Starting ods process with args: --mode manual
2022-05-27 02:44:02.842 [1640.002c] I: FSecure.Ess.Ods.Service.OdsController: Ods process has finished with code: 0
2. When I try to run manual ESS on the Exchange server in active mode, the scan process starts. The progress can be seen In the web console ESS (no. of processed mailboxes, items and so on is growing). In ods.log there is this:
2022-05-27 03:37:35.290 [40bc.0001] I: *** LOGGING STARTED *** (UTC+02:00, session: 0x0)
2022-05-27 03:37:35.365 [40bc.0001] I: * Assembly version: 5.1.130.0
2022-05-27 03:37:35.365 [40bc.0001] I: FSecure.Ess.Ods.Program: Current user name: SEVITECH\F-Secure_EMA
2022-05-27 03:37:35.365 [40bc.0001] I: FSecure.Ess.Ods.CommandLineArguments: Manual scan mode
2022-05-27 03:37:44.453 [40bc.0001] I: FSecure.Ess.Ods.App: Start processing
2022-05-27 03:37:44.993 [40bc.0001] I: FSecure.Ess.Ods.Factory: Settings for manual scanning was got successfully
2022-05-27 03:37:44.993 [40bc.0001] I: FSecure.Ess.Ods.App: Process task with ID: '', is test mode: 'True', is restore mode: False
2022-05-27 03:37:45.036 [40bc.0001] I: FSecure.Ess.Ods.App: Start processing of task request
2022-05-27 03:37:45.036 [40bc.0001] I: FSecure.Ess.Ods.App: Start processing of mailboxes
2022-05-27 03:37:45.270 [40bc.0001] I: FSecure.Ess.Ods.MailboxProcessor: Mailboxes to be processed: 234
the list of scanned items continues...
In odsService.log there is this:
2022-05-27 03:37:34.681 [5bb0.0007] I: FSecure.Ess.Ods.Service.IpcServer: New message received, type = ScanManual
2022-05-27 03:37:34.681 [5bb0.0044] I: FSecure.Ess.Ods.Service.OdsProcessController: Starting ods process with args: --mode manual
But after about 26 hours, over 200 mailboxes and over 200000 items are processed and the scan stops. No report is send to Policy Manager, no report can be seen in the web console ESS by pressing the button View manual scanning report. In odsService.log this line is added:
2022-05-27 01:26:53.830 [5bb0.004c] I: FSecure.Ess.Ods.Service.OdsController: Ods process has finished with code: -532462766
ods.log ends with the latest items processed by scan. Nothing more.
