Microsoft KB Archive/934286

= Outgoing mail delivery stops working on an Exchange Server 2007 Hub Transport server after you install Forefront Security for Exchange =

Article ID: 934286

Article Last Modified on 4/3/2007

-

APPLIES TO

 Microsoft Forefront Security for Exchange Server, when used with:  Microsoft Exchange Server 2007 Enterprise Edition

 Microsoft Exchange Server 2007 Standard Edition 

-



SYMPTOMS
After you install and configure Microsoft Forefront Security for Exchange on a Microsoft Exchange Server 2007-based computer that is running the Hub Transport role, you experience the following symptoms:  Exchange 2007 accepts and delivers incoming e-mail messages as expected. However, Exchange 2007 no longer sends outgoing e-mail messages. Outgoing messages remain in the submission queue. The following information is logged in the Forefront Security for Exchange ProgramLog.txt file:

<pre class="fixed_text">&quot;ERROR: Unable to retrieve internet monitor interface.&quot; &quot;ERROR: SybLicense: Failed to create MSXML instance: -2147221008&quot; &quot;ERROR: LICENSING: Invalid initialization parameters!&quot; &quot;ERROR: CoCreateInstance failed in GetLists (0x800401F0)&quot;

Note The ProgramLog.txt file is located in the Forefront Security for Exchange installation folder.</li></ul>

If you disable Forefront Security for Exchange, Exchange 2007 sends outgoing e-mail messages successfully.

<div class="cause_section">

CAUSE
This problem may occur if one of the following conditions is true:
 * The SELF account does not have the correct DCOM permissions assigned.
 * The Microsoft Exchange Transport service is configured to log on by using the Local System account instead of by using the Network Service account.

<div class="resolution_section">

RESOLUTION
To resolve this problem, follow these steps:

Step 1: Assign the appropriate DCOM permissions to the SELF account

 * 1) On the Exchange 2007-based server that is running the Hub Transport role, click Start, click Run, type dcomcnfg, and then click OK.
 * 2) Expand and then click Component Services.
 * 3) Under Component Services, expand Computers, right-click My Computer, and then click Properties.
 * 4) Click the COM Security tab, and then click Edit Default under Access Permissions.
 * 5) If SELF does not appear in the Group or user names list, click Add, type SELF, click Check Names, and then click OK.
 * 6) Click SELF, and then click to select the following check boxes in the Allow column:
 * 7) * Local Access
 * 8) * Remote Access
 * 9) Click OK two times. Then restart the Exchange-related services and the Forefront Security for Exchange-related services.

Step 2: Configure the log on account for the Microsoft Exchange Transport service

 * 1) On the Exchange 2007-based server that is running the Hub Transport role, click Start, click Run, type services.msc, and then click OK.
 * 2) In the list of services, right-click Microsoft Exchange Transport, and then click Properties.
 * 3) Click the Log On tab, and then click This account.
 * 4) Click Browse, type Network Service, click Check Names, and then click OK.

Note Microsoft Windows automatically generates a password for the Network Service account. Therefore, you do not have to specify a password for this account.
 * 1) Click OK. Then restart the Exchange 2007-related services and the Forefront Security for Exchange-related services.

Additional query words: XADM Antigen

Keywords: kbtshoot kbprb KB934286

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.