F-Secure E-mail and Server Security 11.00 stops entire mailflow!

F-Satan

Today I upgraded on SBS 2011 STD (patched to the top) both Policy Manager&Console and Email and Server Security to the latest versions. Email and Server Security version to install was 11.00 plus Heartbleed patch and Policy Manager was 11.20. I started by upgrading Policy Manager, rebooted and upgraded Email and Server Security (with spam control). After reboot I thought a job well done. After an hour I started to receive complaints that email is not running, it cannot be nor received or sent. Also mobile mail is not working. I started to harvest the logs, test sending and receiving emai and synchronize Outlook. In Outlook I found numerous synchronizing errors and comparing Outlook with OWA showed that many email items were not sync'ed. Also sending inbound and outbound email was not possible, outlook didn't sync and OWA testmails went to draft -folder. Application log was piling with errors " F-Secure Content Scanner Server Cannot receive content from the agent due to error: Socket error 10060. Connection timed out." I uninstalled the whole Email and Server Security 11.00 and even before reboot mail started flowing. After reboot I installed the whole package again and before reboot, tested the mailflow. Everythin seemed to be in order. After reboot nothing worked. No incomin or outgoing mail and application log was filled with "F-Secure Content Scanner Server Cannot receive content from the agent due to error: Socket error 10060. Connection timed out." What is this crap!? I uninstalled the whole thing and started to wonder wether to move to Symantec or go back to previous version. The local Finnish support told me that I was on the 5th place on the queue...

F-Satan

OK, here's an update. I installed previous version of ESS, namely 10.50.119-rtm. I doublechecked the quarantinedatabase. SQL-express version is SQL Server 2008 R2 Service Pack 1 which should be supported. I even destroyed the earlier quarantinedatabase so the table should have had been clean. Install itself went fine, with elevated priviledges - of course. After install I started to examine logs - I didn't boot the server just yet. To my misery I found events with id 103 and source F-Secure Content Scanner Server: "One of the database files is invalid. The file did not pass the integrity check or it is incompatible with the current engine version.". And after the database files had been updated: "Scanning the file was unsuccessful; Transaction: 1 Protocol: unknown Source: Destination: File name: unknown File size: 533536 bytes Error: Scan failed" That was the testemail which went through nicely. Needless to say I didn't boot. I'm pretty sure that after boot the mail doesn't flow - not in nor out. Looking back the logs I found similar events just at the time of ESS 11.00 first upgrade. Something is badly corrupted in this install package. It simply breaks the whole system! Now I'm out of virusprotection as long as email is concerned - brilliant! In another thread some other binaries were mentioned - I think I could use them now!

IvanD

Hi F-Satan,

 

Thank you for the information provided. From your description though, we really need to take a look to the logs to understand what is failing during your upgrade.

 

We would appreciate if you could please open a support ticket here:

http://www.f-secure.com/en/web/business_global/support/contact/request

 

Attaching the FSDiag to your support request:

http://www.f-secure.com/en/web/home_global/support/contact/fsdiag

 

Upon doing so, please update this community thread so we can prioritize that case.

F-Satan

Hello everybody,

 

As a matter of fact I opened a support ticket on tuesday morning and attached the fsdiag -file run on the server. An email as a reply announced that the case was opened.

 

Nothing have I heard from F-Secure ever since.

Federico

Hi F-Satan,

 

Did you receive a reply from support about this case? Please let us know and we will investigate further.

 

Thanks.

etomcat

Hello,

 

When upgrading from FSAV (E)SS 10.50 to 11.00, there is a possibility of known error. If the upgrade install is unsuccessful, it may be necessary to ask F-Secure support for a custom MSI format installer package.

 

Best Regards: Tamas Feher, Hungary.

F-Satan

Hello,

F-Secure support is working on this case now. I have sent the fsdiag once more to support because through the website you can send only a 10 mb attachment.

We shall see what will be the final recommended action to this problem.

Dandy-Power

Is there a solution for this Problem?

 

I have exact the same problem with new version 11
and the socket error 10060 timed out.

I also use SBS2011

 

 

regards dandy

F-Satan

Hello Dandy!

 

My case was first escalated to 2nd tier support and after couple of fsdiags and debug rounds run to R&D department. In my case there are 5 SQL instances (!) running plus mysql in addition to normal SBS 2011 crap.

What I myself have done: I have disabled the SBS 2011 Firewall alltogether - there is a sound firewall on the edge of the network. The support advised me to restart Microsoft transport agent service and set F-Secure Quarantine Manager service startup to automatic.In addition it is adviseable to restart SQL browser service.

Fortunately this environment is quite small, only 10 users/maliboxes.

 

-S

Dandy-Power

Hello F-Satan,

 

thx for your answer, can u please tell me step by step what i must do to fix this problem?

My english is not so good to understand what i have to do step by step.

 

I had undestand that i should deactivate the Microsoft Firewall, and i had understand that i sould make automatic start for F-Secure Quarantine Manager service

 

But when i should restart the Microsoft transport agent service, and when i should restart the SQL browser service, after every reboot? I do not understand this in your description.

 

 

Dandy

F-Satan

Hello Dandy,

 

As for now you must restart those services after server reboot IF email is NOT running. The symptoms are - as for me - that you cannot send email from Outlook nor OWA. It's easy to test this by logging into OWA and try to send email to outside recipient - gmail for example. If the email sticks to drafts -folder then I restart those services and test again.

 

I'm sure that F-Secure generates a fix for this problem soon.

 

Dandy-Power

Hello F-Satan,

 

and after that you restart Microsoft transport agent service and SQL browser service, you do not have the Socket error 10060 anymore? Does it stop to to get this error every second?

 

 

Dandy-Power

Hello,

 

it does not help.

 

I had restart the server, look in the log and see that i get the socket 10060 error. Restart Microsoft-Exchange-Transport service. SQL Browser ist deactivated and F-Secure Quran. Manager is set to automatic.

 

But i get after transport service is restart the same socket 10060 error and all emails will be save in draft folder. When i login in OWA i get the message, that the post box can not be used complete :-(

 

 

fptech

thanks for sharing

F-Satan

Hello Dandy

 

I strongly recommend that you  submit an online support request. Your case can be unique concerning the environment.

 

-S

Dandy-Power

Hey,

 

i had made some steps.

Reboot Server. stop all F-Secure services, restart transport service and after that start the F-Secure Services.

 

And it works now.

 

Hope they can fix this problem soon.

 

THX for your help

glump

Hi,

 

i have the same problem with SBS2011. Wenn i get the error: Cannot receive content from the agent due to error: Socket error 10060 all E-Mails in this time are lost.

 

Is there a solution yet ?

 

How i can restore the E-Mails are received while error ?

 

thanks!

 

Regards,

 

Joe

 

Niklas

Hi,

 

Sorry for no reply.

If you still have a problem with this please submit a support request:

http://www2.f-secure.com/en/web/business_global/support/support-request

 

Regards

Niklas