Mcafee Security for Exchange 8.5 Patch 1 Update fails on 2010 SP3 CAS with HUB roll

Problem: Mcafee Security for Exchange 8.5 Patch 1 Update fails on 2010 SP3 CAS with HUB roll

Product: McAfee Security for Microsoft Exchange -- Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.

Migration Groupshield Mcafee Security for Exchange 8.6 to Patch 1

We first thought this was related to a permission problem but afterwards did see that it also happens with a n account which has highest Security.

Exchange/Local/Schema/ads etc.

 

Make sure you have a backup of Groupshield before you start the update process. You can export it within Groupshield

Product: McAfee Security for Microsoft Exchange -- Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.

 

Logfile Windows Installer

MSI (s) (C4:AC) [08:50:13:980]: Executing op: ServiceControl(,Name=MSExchangeIS,Action=1,Wait=1,)

StartServices: Service: MSExchangeIS

Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.

MSI (s) (C4:AC) [08:51:38:394]: Product: McAfee Security for Microsoft Exchange -- Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.

 

Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.

MSI (s) (C4:AC) [08:52:52:544]: Product: McAfee Security for Microsoft Exchange -- Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.

 

Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.

MSI (s) (C4:C4) [08:56:40:966]: I/O on thread 2460 could not be cancelled. Error: 1168

MSI (s) (C4:C4) [08:56:40:966]: I/O on thread 8360 could not be cancelled. Error: 1168

MSI (s) (C4:C4) [08:56:40:982]: I/O on thread 8428 could not be cancelled. Error: 1168

MSI (s) (C4:C4) [08:56:40:982]: I/O on thread 9132 could not be cancelled. Error: 1168

MSI (s) (C4:C4) [08:56:40:982]: I/O on thread 7128 could not be cancelled. Error: 1168

MSI (s) (C4:C4) [08:56:40:982]: I/O on thread 5440 could not be cancelled. Error: 1168

MSI (s) (C4:AC) [08:56:40:982]: Product: McAfee Security for Microsoft Exchange -- Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services.alert

 

Solution:

Press Cancel, it will do a small rollback of Windows Installer.

Start Setup again.

Fill out the paths for the Install and the Database as you had them before!

Choose the Option IMPORT as last step and all will stay.

 

Run the installation again.

 

Complex IT-Support in Germany

Leitfaden für komplexen technischen Telefon-IT-Support bei einer deutschen Firma.

 

From listening several hours of German IT-support we have found a formula to shorten

Complex Enterprise problems into a few steps. This SOP is valid for all environments and

for all ranges of IT management. ;-)

Just follow this rule and you can work in every German IT company.

Exchange 2013/2016

Dump all permission of the Exchange Virtual Directory (iis). This will help to get an overview of the permission set on IIS and within Exchange.

The Russian blog has an excellent description of this script:

http://sysmagazine.com/posts/204454/

http://msbro.ru/index.php/archives/4705

 

get-website | ForEach-Object -Process {

$xSite="IIS:\sites\"+$_.Name

cd $xSite

$xSite

$myWebApp=get-webApplication

$myWebApp | Format-Table -AutoSize Path ,

@{Label= "anonim:" ; Expression = {(Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Name Enabled -PSPath $xSite -location $_.Path).value }},

@{Label= "Basic:"; Expression = {(Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/basicAuthentication -Name Enabled -PSPath $xSite -location $_.Path).value }},

@{Label= "ClientCert:"; Expression = {(Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/clientCertificateMappingAuthentication -Name Enabled -PSPath $xSite -location $_.Path).value }},

@{Label= "Digest:"; Expression = {(Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/digestAuthentication -Name Enabled -PSPath $xSite -location $_.Path).value }},

@{Label= "IIS client Cert:"; Expression = {(Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/iisClientCertificateMappingAuthentication -Name Enabled -PSPath $xSite -location $_.Path).value }},

@{Label= "Windows"; Expression = {(Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/windowsAuthentication -Name Enabled -PSPath $xSite -location $_.Path).value }},

@{Label= "SSL Flags"; Expression = {(Get-WebConfigurationProperty -Filter /system.webServer/security/access -Name * -PSPath $xSite -location $_.Path).SSLflags }}

}

IE11 GPO Settings, PROXY Explained F5-F8

Internet Explorer, Group Policy, Gruppenrichtlinien, IE11 GPO Settings, PROXY Explained F5-F8

  1. IE11 has to be installed so you see the IE10 Option
  2. There is not IE11 Option > That's ok > Choose IE10 it will work fir IE11
  3. You are on a SRV 2012 R2 or W8 to see this option or W7 with installed updated
  4. You did try it always fails or you get too MUCH Gpo settings from the GUI Mode.

     

This is what we talk about and seems to make confusions. People set if with it and at the end did with HKCU keys.

You can configure the options with F5, F6, F7 and F8 keys from the GUI. Only choose the options you want to change.

ALL RED > Will not be touched (Like GPO Settings DEFAULT)

ALL GREEN > Will be touched or changed (Like GPO setting ENABLE/DISABLE) depending on the GUI if you have a checkbox selected or not.

GREEN = Stuff you want to change

RED = LEAVE IT at it is

Some sample settings

If you go back one step on the GPO Console and do an F5 / Refresh

You should only see the option which you marked GREEN with F7 or F8

 

Lets make a sample (That i don't want touched)

See forgot two things and not clear how to select under security

Back in GPO Console one step, Update F5, Refresh

The above mentioned is RED THUS Gone / Not touched

We recommend to enable a check if you DO Registry KEYS or such Settings with GPO and not deployment.

Make sure you have a WMI Filter to also capture IE11

Check out I11 LINKS:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

http://www.butsch.ch/post/Internet-Explorer-911-GPO-old-IE9-not-visible-WMI-checks.aspx

http://www.butsch.ch/post/IE11-Umsetzen-Unternehmensmodus-Enterprise-Mode.aspx

 

 

 

 

   

    

 

Exchange 2013 CU 10, unable Logon /OWA with user, Something went wrong

Absolute fresh Exchange 2013 CU 10 install on Server 2012 R2 English with DC 2008 R2. Not updated! Direct installed from the Update 10. Only thing done Self signed SAN-CERT from 2008R2 CA integrated and Virtual Directory's bent to that.

  • Event 3008
  • You are unable to Logon to /OWA with a user
  • You get a waring "Something has failed"
  • All Exchange Services are up
  • You are able to logon with /ECP and the Admin account you made
  • You checked the File: AntiXSSLibrary and it's there where it should be
  • Your Browser URL after Logon try shows ErrorFE.aspx?httpCode=500
  • With Activesync Debug Tools like MD MobilityDojo.net EAS you get The remote server returned error (500) Internal Server error

This is how it looks:

"Something went wrong". Yes I test migrated from 2010 to 2013. Or I take a look at 2013 went wrong ;-) No just it's a new 3 year old MS product ;-)

This should appear:

 

Event 3008

C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\web.config line 107

Could not load file or assembly 'AntiXSSLibrary, Version=4.2.0.0, Culture=neutral, PublicKeyToken=d127efab8a9c114f' or one of its dependencies. The system cannot find the file specified.

Event code: 3008

Event message: A configuration error has occurred.

Event time: 13.10.2015 15:13:18

Event time (UTC): 13.10.2015 13:13:18

Event ID: 80f73be924da451895c60d1e3e8be77e

Event sequence: 1

Event occurrence: 1

Event detail code: 0

 

Application information:

Application domain: /LM/W3SVC/2/ROOT/owa-4-130892155979061374

Trust level: Full

Application Virtual Path: /owa

Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\

Machine name: SRV2013

 

Process information:

Process ID: 9380

Process name: w3wp.exe

Account name: NT AUTHORITY\SYSTEM

 

Exception information:

Exception type: ConfigurationErrorsException

Exception message: Could not load file or assembly 'AntiXSSLibrary, Version=4.2.0.0, Culture=neutral, PublicKeyToken=d127efab8a9c114f' or one of its dependencies. The system cannot find the file specified. (C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\web.config line 107)

at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)

at System.Web.Configuration.AssemblyInfo.get_AssemblyInternal()

at System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig)

at System.Web.Compilation.BuildManager.CallPreStartInitMethods(String preStartInitListPath, Boolean& isRefAssemblyLoaded)

at System.Web.Compilation.BuildManager.ExecutePreAppStart()

at System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException)

 

Could not load file or assembly 'AntiXSSLibrary, Version=4.2.0.0, Culture=neutral, PublicKeyToken=d127efab8a9c114f' or one of its dependencies. The system cannot find the file specified.

at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean forIntrospection)

at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)

at System.Reflection.Assembly.Load(String assemblyString)

at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)

 

Request information:

Request URL: https://localhost:444/owa/proxylogon.owa

etc....

 

Warning: Here is a "Solution" which we don't like because the config file as it says is a configuration file for a web service. Copying such things on a security product? But it solves the error!

Solution:

Copy the file from:

SharedWebConfig.config

From: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\

To: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\

Cmd > iisreset

Or reboot Exchange

You are able to logon with users

 

Activesync Test