After upgrading to F-Secure Email and Server Security 14.00, emails are no longer quarantined. Error

Issue:

After upgrading to F-Secure Email and Server Security 14.00, emails are no longer quarantined. Error message: 159 Access denied

Resolution:

Note: When you upgrade to F-Secure Email and Server Security 14.00, you can run the installer locally or using F-Secure Policy Manager "policy based upgrade" option. Read more about this topic. However, you still need to configure few sections, as the admin guide advises to do so.

In this case, you can see the lack of permissions and configurations are not completed after the upgrade.

You can identify this behavior, by checking the logs. The product writes all logs into C:\ProgramData\F-Secure\
If you open the quarantine.log, you may be able to see a similar line:

Unable to download quarantine item because of access denied error in E-mail and Server Security
2020-01-31 17:21:06.585 [0a4c.0010] I: FQM: Deleting Qid 11518 from storage 
2020-01-31 17:21:06.585 [0a4c.0010] *E: FQM: Failed to delete Qid 11518 from storage System.IO.DirectoryNotFoundException: A part of the path "C:\Program Files (x86)\F-Secure\Quarantine Manager\quarantine\XXXXXX\Q20190906_000001\Q20191209104816_11518.[eml]" could not be found.
   for System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   for System.IO.File.InternalDelete(String path, Boolean checkHost)
   for FSecure.Ess.Fqm.Impl.QuarantineStorage.DeleteMail(String storagePath)
   with FSecure.Ess.Fqm.Impl.QuarantineProcessor.Delete()


Beside the permissions, the quarantine path was not found, so either it is not configured or it does not exist.

If you check the TransportAgent.log, you will see another error which denies the access, so the Agent can not process the items.
Exception rethrown at [0]: 

   for System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   for System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at FSecure.Ess.FqmApi.IQuarantineManager.QuarantineMail(Mail mail)
   for FSecure.AntiVirus.Exchange.Transport.QuarantineManager.QuarantineMail(Mail mail)
   for FSecure.AntiVirus.Exchange.Transport.FSMessageScanner.QuarantineMail(String strPathToSavedMail, Int64 lSavedMailSize, QuarantineReason reason, String reasonDetails, Int64& resQuarantineId, String& resErrorDescription)
2020-01-31 17:20:39.958 [36f8.0007] *E: FSecure.AntiVirus.Exchange.Transport.FSMessageScanner: QuarantineMail() Failed System.ServiceModel.Security.SecurityAccessDeniedException: Access was denied.


If you check the F-Secure.Ess.Config.log:

FSecure.ESS_Installer.ViewModel.WizardPageViewModel: Could not set user 'fqmuser' as owner for db 'FSMSE_Quarantine'. Reason: The database principal owns a schema in the database, and cannot be dropped. 2020-01-31 17:20:05.929 [39d4.0001] I: FSecure.ESS_Installer.ViewModel.WizardPageViewModel: Setected quarantine method is 'Local

To solve the issue, follow these steps: 

  1. Run F-Secure.Ess.Config.exe from the target server.  F-Secure.Ess.Config.exe is located at C:\Program Files (x86)\F-Secure\Email and Server Security\ui
  2. Configure the setup for an existing database or create a new database. For the database setup/deployment, please refer to the admin guide
  3. Make sure that permissions are set correctly. You can refer to this F-Secure Community article for more details
After you have run/entered the configuration locally and the authorizations are checked as in the article. Open the Email and Server Security web console and test the connection to the quarantine database.

Article no: 000020341

Sign In or Register to comment.