Symantec Encryption Management Server 3.3.1 Modifying Web Email Protection Time Outs

book

Article ID: 158235

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Due to a security fix implemented by Microsoft (10.0.9200.16635), Web Email Protection users who exit their session by clicking the Close button (X) instead of logging out using the Logout link remain logged in to their session. The default timeout for this is now 15 minutes, however you can change this setting by changing the properties settings. Note that this setting also affects the timeout on inactivity however. Note that the previous logout timeout was 30 minutes.

Resolution

To change the logout timeout from the default of 15 minutes, set the web.messenger.max.idle.minute.before.auto.logout in the omf.properties file to a higher setting. Note that changing this setting also affects the auto logout setting. To change this setting, you must access the server via a secure SSH client.

Caution: Before making this type of change through the command line you should ensure that you have a current backup on your Symantec Encryption Management Server and have tested the backup to ensure that it will restore correctly before proceeding.

  1. Stop the Apache Tomcat server. Type the following at the command line prompt:
    pgpsysconf --stop tomcat
  2. Change to the directory where the omf.properties file is located and edit the file:
    cd /etc/ovid
    vi omf.properties
  3. Edit the web.messenger.max.idle.minute.before.auto.logout setting:
    web.messenger.max.idle.minute.before.auto.logout =15
    For example, to change the setting back to the previous default of 30 minutes, change the setting to:
    web.messenger.max.idle.minute.before.auto.logout =30
  4. Save and exit the omf.properties file.
  5. Restart the Apache Tomcat server:
    pgpsysconf --tomcat
    pgpsysconf --apache

 

Accessing the Symantec Encryption Management Server (SEMS) command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.

Any changes made to SEMS via the command line must be:

  • Authorized in writing by Symantec Support.
  • Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/customization on the Symantec Encryption Management Server itself.

Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on SEMS back to a default state when troubleshooting new issues.


Applies To

  • Symantec Encryption Management Server
  • Microsoft Internet Explorer 10