Symantec Mail Security for Microsoft Exchange installation fails with the error "Failed to verify user has mailbox" or "Failed to install SMSMSE transport agents"

book

Article ID: 159153

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Symantec Mail Security for Microsoft Exchange installation fails with the error "Failed to verify user has mailbox" or "Failed to install SMSMSE transport agents"

Cause

When a group policy is configured for “Allow only signed scripts” OR another policy to block the Remote PowerShell execution, the SMSMSE installation will fail. As SMSMSE uses different PowerShell scripts during the installation process like checkMailbox.ps1, setRbacUser.ps1, script execution would fail as a result of execution policy restrictions and hence the installation will also fail. This behavior is documented in Error: "Failed to verify user has mailbox, exit code 100" when installing Symantec Mail Security for Microsoft Exchange to a server within a Windows Server 2008 domain.

Various other underlying problems can cause these errors to occur, but the mechanism built in to 7.5 and later will bypass all possible root causes as well.

 

Resolution

With SMSMSE 7.5 and later, the SMSMSE Installer can be run from command line to bypass script execution and seperate any possible script execution errors from the installation of the main service. If this method is used, the steps normally completed by scripts must be executed manually as described in the Post Installation steps.

To bypass script execution during installation of SMSMSE:

  1. Open a command prompt as administrator (Select the command prompt executable, right click, and choose "Run as administrator").
  2. Navigate to the location of the SMSMSE install files by using the command "cd <drive>:\<filepath where setup.exe is located>" For example, if the installation materials were located at the root of C:\ the filepath would be C:\7.9\SMSMSE\Install.
  3. Run the following command:
    Setup.exe /v"/lvx* c:\setup.log NOT_FROM_ARP=1 REMOTEINSTALL=1 REINSTALLMODE=voums REINSTALL=ALL EXCLUDE_PS_SCRIPTS_EXECUTION=1 SMSMSE_RBAC_USERNAME=<domain>\<username> SMSMSE_RBAC_PASSWORD=<password>" /s
    Where <domain> <username> and <password> are the domain name, user name and password of the user account that will be used for SMSMSE service logon.
  4. The wizard will run through the rest of the installation silently. This may take several minutes. After installation completes, complete the post install steps below.

Post installation steps:

Once the installation is successful verify that the transport agents are installed properly and application impersonation rights are given to the SMSMSE service account user.

To Verify/Install the transport agents manually:

  1.  Open the Exchange Management Shell.
  2.  Run the command "Get-TransportAgent; This command will list the transport agents installed in transport, verify that the SMSMSERoutingAgent and SMSMSESMTPAgent are listed. If not run the following commands to install and enable the transport agents. Note this only applies to servers running the Exchange Transport Service (Hub and Edge role for 2007 and 2010, Hub Mailbox and Edge role for 2013).
  3. Install-Transportagent -Name SMSMSERoutingAgent -TransportAgentfactory Symantec.MailSecurity.Server.TransportAgent.SMSMSERoutingAgentFactory -Assemblypath  "C:\Program Files\Symantec\SMSMSE\7.9\Server\Symantec.MailSecurity.Server.TransportAgent.dll" 
  4. Install-Transportagent -Name SMSMSESMTPAgent -TransportAgentfactory Symantec.MailSecurity.Server.TransportAgent.SMSMSESMTPAgentFactory -Assemblypath  "C:\Program Files\Symantec\SMSMSE\7.9\Server\Symantec.MailSecurity.Server.TransportAgent.dll"
  5. Enable-TransportAgent   -Identity SMSMSERoutingAgent
  6. Enable-TransportAgent   -Identity SMSMSESMTPAgent
  7. Restart-Service  msexchangetransport

 

Once all above commands are run the transport agents for SMSMSE will be installed and enabled.

To Verify/Enable Application impersonation rights for the SMSMSE service:

  1. Open the Exchange Management Shell
  2. Run the command Get-ManagementRoleAssignment; this command will list all the roles, look for a role with the name "SMSMSE_RBAC_<domainname>\<username>", where <domainname> is name of the domain and <username> is name of the SMSMSE service account.
  3. If the RBAC role is not present then run the following command to assign the RBAC role to SMSMSE service account: "New-ManagementRoleAssignment  -Name  SMSMSE_RBAC_<domainname>\<username>"  -Role ApplicationImpersonation  -User <SMSMSE service account name>

 

Uninstalling/upgrade SMSMSE:

Note that if SMSMSE installed and configured using this method, please uninstall the SMSMSE transport agents manually if they are installed using above mentioned commands, because the underlying failure condition in installation can also affect the ability to uninstall successfully.

To uninstall the transport agents run the following commands in Exchange Management Shell:

  1. Uninstall-TransportAgent  -Identity  SMSMSERoutingAgent
  2. Uninstall-TransportAgent  -Identity  SMSMSESMTPAgent
  3. Restart-Service  MSExchangeTansport

Once these steps are complete SMSMSE can be safely removed using the Programs and Features control panel.