SMTP service fails to accept e-mails when SMTP properties is configured to allow encrypted connections only

book

Article ID: 100048085

calendar_today

Updated On:

Description

Error Message

A restart of the Enterprise Vault Admin Service generates the following event:

Event ID: 4280 Unable to synchronize configuration settings for Enterprise Vault SMTP Archiving.|Error:|An error occurred when reading Enterprise Vault SMTP Archiving configuration settings in the Directory. |Enterprise Vault will attempt to synchronize these settings each time the Admin service starts.

A Dtrace of the AdminService process shows the following error:

EV-H {MSwitchServer.InvokeHelper} Exception: Unable to cast object of type.| Info:Error occured while calling method: Void b__32(). Failed to set TLS. Diag: Type:System.Security.SecurityException ST: at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn, SafeAccessTokenHandle& safeTokenHandle)| at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)| at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)| at Symantec.EnterpriseVault.SmtpCommon.SmtpHelper.GetVSAUserName()| at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetPermissionsOnFile(String fileName)| at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetServerPassword()| at Symantec.EnterpriseVault.Smtp.Config.TlsConfiguration.Configure()| at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.<>c__DisplayClass33.b__32()| at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.InvokeHelper(Action act, String errorMessage) Inner:None

EV-H {MSwitchServer.InvokeHelper} Exception: The encryption type requested is not supported by the KDC.| Info:Error occured while calling method: Void b__46(). Failed to Synchronize SMTP Settings in configuration file from directory database. Diag: Type:System.Security.SecurityException ST: at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn, SafeAccessTokenHandle& safeTokenHandle)| at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)| at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)| at Symantec.EnterpriseVault.SmtpCommon.SmtpHelper.GetVSAUserName()| at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetPermissionsOnFile(String fileName)| at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetServerPassword()| at Symantec.EnterpriseVault.Smtp.Config.TlsConfiguration.Configure()| at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.<>c__DisplayClass33.b__32()| at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.InvokeHelper(Action act, String errorMessage)| at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.SetTls(EV_SMTP_TLS tlsType, Object certificate, String encryptedPassphrase)| at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.b__46()| at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.InvokeHelper(Action act, String errorMessage) Inner:None

EV:H {CSmtpConfigHelper::SyncSettingsFromDB:#47} Failed to sync MtaTailor setting with DB. Error: <0x8013150a>

Note: Executing the Enterprise Vault Management Shell command Sync-EVSMPServerSettings results in the following error: Could not synchronize the configuration settings for Enterprise Vault SMTP Archiving. Exception: An error relating to security occurred.0x8013150A>

Cause

This can occur when Local Security Policies (SECPOL) on the Enterprise Vault Server is restricting the encryption types

Resolution

On the Enterprise Vault Server - launch SECPOL - Local Policies - Security Options - Network security: Configure encryption types allowed for Kerberos.

Ensure that RC4_HMAC_MD5 encryption method is enabled

RC4_HMAC_MD5

Note: A reboot of the Enterprise Vault server may be required.

Issue/Introduction

The Enterprise Vault SMTP Server fails to receive e-mails from MTA sources when the SMTP service is configured to 'Allow encrypted connections only'.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"