PureMessage for Microsoft Exchange: spam digest email links give 'Server Side Error'

  • Article ID: 15845
  • Updated: 22 Feb 2011

Issue
With PureMessage for Microsoft Exchange, clicking the link in a spam digest email produces the error:

A server-side error has occurred
Error: Failed to create object (SavexSrvc.SavexMgr)
Code: -2147024891
Description: 006~ASP 0178~Server.CreateObject Access Error~The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
FYI: Error -2147024891 resolves to 0x80070005 (Access is denied)

Sophos product and version
PureMessage for Microsoft Exchange

What to do

  1. Check that the IUSR_%SERVER% and IWAM_%SERVER% users are enabled within 'Active Directory Users and Computers'.
  2. Check that the IUSR_%SERVER% user is allowed to access the PureMessage service. Depending on which operating system you have, do one of the following:
    (Note: Depending on how your system is set up, you may have to add the IUSR account under Launch and Activation Permissions with 'Access' and 'Activation' rights as well.)

    On Windows 2003
    Run DCOMCNFG.EXE

    Component Services:

    • Computers
    • My Computer
    • DCOM Config

    1. Right-click PureMessage service and select Properties.
    2. Under Security tab, on Access Permissions click Edit.
    3. Ensure the IUSR account is there and has Access Permissions set to 'Allow'.

    On Windows 2000
    Run DCOMCNFG.EXE

    1. On the Applications tab, select PureMessage Service, and select Properties.
    2. Under Security tab, on Access Permissions click Edit.
    3. Ensure the IUSR account is in the list and is Allowed Access.

Further Troubleshooting

If the digest mails are still not resolving, try disabling the anonymous user and thereby forcing the user to authenticate each time the link is followed. If this is succesful, then the problem might be with the anonymous user.

To disable the anonymous user:

Windows 2003

  1. From Administrative Tools, load IIS.
  2. Right-click 'Quarantine Digest' site and select Properties|Directory Security tab.
  3. Within 'Authentication and access control' click Edit, deselect 'Enable anonymous access'.

Windows 2000

  1. From Administrative Tools, load Internet Services Manager.
  2. Right-click 'Quarantine Digest' site and select Properties|Directory Security tab.
  3. Within 'Authentication and access control' click Edit, deselect 'Enable anonymous access'.

If you wish to create a new user to test if there is a problem with the IUSR account, do so as follows:

Creating a new user to be used as anonymous user, (if required) example below uses a user call SOPHOS_IUSR

  1. Create a user SOPHOS_IUSR. Ensure 'Password never expires' and 'User cannot change password' are selected.
  2. In the Domain Controller Security Policy, give the user 'Access this computer from the network' rights. If it is not an AD server, use local policy.
  3. Give user 'Launch permissions on PureMessage Service' (DCOM) (as above).
  4. Right-click the PureMessage service, select Properties|Security tab.
  5. In 'Access Permissions', ensure the IUSR account is there and has Access Permissions set to Allow.
  6. Modify the properties of the Digest site to use SOPHOS_IUSR account as the anonymous access user.
  7. Restart the PureMessage service.
  8. Follow the digest link from email.

NEW: Further testing

Check the PureMessage directory permissions:

It should have admin & system with full control, and users with read list and exe. if users is missing you will see the above error add users and push it down to all sub directories.

If this continues to fail in dcom add everyone to SavexWebAgent\Security\Launch and Activation and Access permissions.

Either of these should resolve the issue

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments