Outgoing mail delivery stops working on an Exchange Server 2007 Hub Transport server after you install Forefront Security for Exchange

Article ID: 934286 - View products that this article applies to.

SYMPTOMS

After you install and configure Microsoft Forefront Security for Exchange on a Microsoft Exchange Server 2007-based computer that is running the Hub Transport role, you experience the following symptoms:

Exchange 2007 accepts and delivers incoming e-mail messages as expected. However, Exchange 2007 no longer sends outgoing e-mail messages. Outgoing messages remain in the submission queue.

The following information is logged in the Forefront Security for Exchange ProgramLog.txt file:

"ERROR: Unable to retrieve internet monitor interface."
"ERROR: SybLicense: Failed to create MSXML instance: -2147221008"
"ERROR: LICENSING: Invalid initialization parameters!"
"ERROR: CoCreateInstance failed in GetLists (0x800401F0)"

Note The ProgramLog.txt file is located in the Forefront Security for Exchange installation folder.

If you disable Forefront Security for Exchange, Exchange 2007 sends outgoing e-mail messages successfully.

Back to the top | Give Feedback

CAUSE

This problem may occur if one of the following conditions is true:

The SELF account does not have the correct DCOM permissions assigned.
The Microsoft Exchange Transport service is configured to log on by using the Local System account instead of by using the Network Service account.

Back to the top | Give Feedback

RESOLUTION

To resolve this problem, follow these steps:

Step 1: Assign the appropriate DCOM permissions to the SELF account

On the Exchange 2007-based server that is running the Hub Transport role, click Start, click Run, type dcomcnfg, and then click OK.
Expand and then click Component Services.
Under Component Services, expand Computers, right-click My Computer, and then click Properties.
Click the COM Security tab, and then click Edit Default under Access Permissions.
If SELF does not appear in the Group or user names list, click Add, type SELF, click Check Names, and then click OK.
Click SELF, and then click to select the following check boxes in the Allow column:
- Local Access
- Remote Access
Click OK two times. Then restart the Exchange-related services and the Forefront Security for Exchange-related services.

Step 2: Configure the log on account for the Microsoft Exchange Transport service

On the Exchange 2007-based server that is running the Hub Transport role, click Start, click Run, type services.msc, and then click OK.
In the list of services, right-click Microsoft Exchange Transport, and then click Properties.
Click the Log On tab, and then click This account.
Click Browse, type Network Service, click Check Names, and then click OK.

Note Microsoft Windows automatically generates a password for the Network Service account. Therefore, you do not have to specify a password for this account.
Click OK. Then restart the Exchange 2007-related services and the Forefront Security for Exchange-related services.