Symantec Mail Security for Microsoft Exchange (SMSMSE) Service Does Not Start When Service is Unable to Write to the Windows Application Event Log
Article ID: 152715
Updated On:
Products
Issue/Introduction
Symantec Mail Security for Microsoft Exchange service does not start.
- Debug log shows error message "Failed to write to the NT Event Log with error [0x6]"
1. Obtain a DebugView log during service startup as per this document ‘How to Obtain a Debug Logs for Symantec Mail Security for Microsoft Exchange (SMSMSE)’.
2. Look for entries like the following:
SAVFMSESrv(AEC)[968] 2010-08-09 16:28:40 0368ms:
..\..\..\src\Server\SAVFMSESRV\SAVFMSESrv.cpp(1441) :
START Thread-968(2408) Doing-[navesrv] main
SAVFMSESrv(AEC)[A60] 2010-08-09 16:28:40 0383ms:
..\..\..\src\Server\SAVFMSESRV\SAVFMSESrv.cpp(125) :
Service START requested
SAVFMSESrv(AEC)[F30] 2010-08-09 16:28:40 0383ms:
..\..\..\src\Server\SAVFMSESRV\SAVFMSESrv.cpp(420) :
START Thread-f30(3888) Doing-TNAVEService::Init
SAVFMSESrv(AEC)[F30] 2010-08-09 16:28:40 0383ms:
..\..\..\src\Server\SAVFMSESHARED\baselog.cpp(335) :
Failed to write to the NT Event Log with error [0x6].
Conditions
- The registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD does not contain the following values:
(A;;CCDCLCSDRCWDWO;;;SY)
(A;;CCDC;;;IU)
(A;;DC;;;BA)
Cause
The Local System account does not have permission to write to the application event log which prevents the Symantec Mail Security for Microsoft Exchange service from starting.
Resolution
Add permission to allow the local system account to write to the application event log by modifying the custom security descriptor.
Warning: This process can prevent your server from booting correctly if the steps are not performed correctly. Symantec recommends backing up your registry prior to performing these steps. To back-up your registry automatically, use the tool in this document ‘Backing up the Windows registry’.
- Open the registry editor (Start > Run >
regedit). - Open the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD.
- For each of the following security descriptors that are not present in the key add them to the end:
(A;;CCDCLCSDRCWDWO;;;SY)
(A;;CCDC;;;IU)
(A;;DC;;;BA)
For example if the value was the following:
O:BAG:SYD:(D;;CCDCLCSDRCWDWO;;;AN)(D;;CCDCLCSDRCWDWO;;;BG)(A;;CCDCLC;;;BA)(A;;CCDCLC;;;SO)(A;;CCDC;;;IU)(A;;CCDC;;;SU)(A;;CCDC;;;S-1-5-3)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1113)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1114)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1113)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1114)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1113)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1114)
After the change it should be
O:BAG:SYD:(D;;CCDCLCSDRCWDWO;;;AN)(D;;CCDCLCSDRCWDWO;;;BG)(A;;CCDCLC;;;BA)(A;;CCDCLC;;;SO)(A;;CCDC;;;IU)(A;;CCDC;;;SU)(A;;CCDC;;;S-1-5-3)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1113)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1114)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1113)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1114)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1113)(A;;CC;;;S-1-5-21-2719419356-2943313272-601898849-1114)(A;;CCDCLCSDRCWDWO;;;SY)(A;;CCDC;;;IU)(A;;DC;;;BA)
4. Restart the Exchange server.
5. Restart the SMSMSE Service.
Feedback
