Symantec Encryption Management Server Web Email Protection Troubleshooting

book

Article ID: 153269

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

This article will go over several of the known troubleshooting steps when working with Web Email Protection from Symantec Encryption Management Server.



 

Resolution

Scenario 0: Web Email Protection Customized templates are not applying properly.  For more information on this, see article 208629.

Scenario 1: For information you can send to your Web Email Protection end users (Quick Reference Guide) on how to use this functionality, see the following article:
How to use your Symantec Web Email Protection account for secure communications with your client


Scenario 2: For information on how to troubleshoot password reset links that use "click security" solutions, see the following article:
Encryption Management Server Web Email Protection and PDF Email Protection users cannot reset their passwords
 

Scenario 3: When WEP users go to reset their link and fails, there is an obscure message to "Contact your administrator" leaving the end user wondering who the administrator is.  You can customize this message to be more descriptive and if you wish to do this, see the following article:
Encryption Management Server Web Email Protection password reset message has incorrect Subject

Scenario 4: SEMS 10.5 and previous would allow only one password lock reset per 24-hours.  Starting with SEMS 10.5 MP1, SEMS can send multiple unlock emails in 1-hour intervals.
SEMS will also send an email to unlock the account if the account is locked, and a user has attempted to login. See also article 165174 for information on why this is configured with this message.

Scenario 5: Sometimes the Web Email Protection emails go into the spam folder for some vendors such as Gmail as the address by default is "[email protected]".  This can be changed to "do.not.reply" to avoid this issue.  For assistance with this, please contact Symantec Support.


Scenario 6: Symantec Encryption Management Server sends the Web Email Protection (WEP) email, but the recipient domain rejects the message and does not arrive.
When an internal user sends a WEP email to an end user, the "New Message Notification" messages come from that sender.  If you click the "forgot passphrase" link, those come from the server itself, so the address configured should also be setup as an actual email account on the server and appropriate records are set as per below:

There are several security checks that recipient mailservers will be doing:
*Ensure the SEMS FQDN DNS resolves both forward and reverse.
*Ensure SPF records have been configured for SEMS sending WEP messages.
*Ensure  DMARC/DKIM records have been configured
Note: Many mailservers will check whether the email address it receives email from is a valid email address.  Below is an example of what one mailserver checks:


If these above are not added, some mailservers may reject the messages.


Scenario 7: For useful information on the Web Email Protection account expiration behavior, see the following article:
Configure Web Email Protection account expiration reminders in Symantec Encryption Management Server


Scenario 8:
How come all users can't send to anyone from within their WEP account? For more information on this, see the following article:
How can users respond to Symantec Encryption Management Server via Web Email Protection?


Scenario 9: For information on how to troubleshoot the templates, see the following details.

Note: Symantec does not offer customization services, and would rely on your expertise to customize the web portion.  For basic assistance and additional help, please contact Symantec Support.

Template Validation Errors

Advanced and complete custom templates allow you to edit the images and/or HTML files used by PGP Universal Web Messenger. After you upload your files, there are two levels of validation: file validation and tag validation.

File Validation

During advanced customization file upload, the zipped image file is validated to make sure all required files are present. During complete customization, the zipped file is validated to make sure all required image, HTML, and other files are present and located in the correct directory. When you download the default file set, all necessary files are present. The same files must be present, although edited, during upload. You can add more files, but you cannot remove any.

File validation runs before tag validation. If the template fails file validation and you make corrections, the template may still fail validation at the tag validation stage.

To correct invalid files:

If validation of the uploaded files fail, the File Validation Error screen displays a list of missing or misplaced files.

Use the following steps to correct any error(s) and upload the new files.

 

  1. Click Export Validation Error Log to export and view the error log offline. The error log is exported as a text file.
  2. Click Cancel to save the template in the error state.
  3. Repair the invalid files on your own computer desktop, using the exported error log as a reference. You can download the default set of files and use them as a reference when replacing and re-organizing missing and incorrectly located customized files.
  4. When you are ready to upload the corrected files, click the template. The template opens to the validation page.
  5. Click Upload New File to upload the .zip files.

Tag Validation

During complete customization file upload, the zipped file is validated to make sure all required files are present. A compiler converts the HTML pages to an internal format, and then the validation process makes sure that all required HTML tags and tag attributes are present in the HTML and are correctly positioned in relation to each other.

Validation checks that specific code necessary to PGP Universal Web Messenger functionality has not been modified, moved, or deleted. Tag attributes that mark specific locations on each page, such as ID attributes, are particularly important.

If your files failed the validation process, compare the default set of files with your edited versions to find the errors listed in the validation error log.

Make sure that you have not deleted any HTML tags, IDs, and other elements that use the "Required" attribute. HTML tags necessary to PGP Universal Web Messenger functionality are marked with the Required attribute, so if you delete a tag that was marked as Required, validation will fail and an error message appears. If the Required attribute is "true," the tag is required.

Example:

<h2 id="loginWelcome" required="true">

Look for incorrectly nested HTML tags, attributes, and other elements. Make sure you have not moved or deleted elements containing the "Within" attribute. The content of the attribute is the element in which it should be nested.

Example:

<tr id="trTemplateRow" required="true" within="taInbox">

<td class="first" width="20"><input id="deleteCheckbox" required="true" within="trTemplateRow" type="checkbox" name="deletedMessages" value="runtime_replace" onclick="highlightRow(this);"></td>


To correct invalid files

If validation fails, the Tag Validation Error page appears. The Tag Validation Error page shows a list of missing or misplaced files.

 

  1. Click Export Validation Error Log to export and view the error log offline. The error log is exported as a text file.
  2. Click Cancel to save the template in the error state.
  3. Repair the invalid files on your own computer desktop, use the exported error log as a reference.

    Note: You can download the default set of files and use them as a reference when replacing and re-organizing missing and incorrectly located customized files and repairing the HTML.


     
  4. When you are ready to upload the corrected files, click the template. The template opens to the validation page.
  5. Click Upload New File to upload the .zip files. The files are validated.

 

Scenario 9: Web Email Protection Reminders and PDF Messenger Reminders
Web Email Protection reminders have a scheduled routine to send reminders to WEP users when their accounts are close to reaching the expiration date of their account.  At this time, the WEP user must login to the account to validate the account is still active.  In some environments, these reminders are not needed and can be disabled in the scheduled tasks of SEMS.  For information on how to do this, please contact Symantec Encryption Support and we can help you do this (Refer to  EPG-23265 when you log the new case). 

PDF Messenger Reminders are not available in the current release, but are being considered for a future release.  If you would like to have reminders available for PDF Messenger Emails, please contact Symantec Encryption Support and reference ISFR-1447 to be added to this request. 

 

Attachments