Error: "Failed to set SMSMSE registry or file security" appears during installation of Mail Security for Microsoft Exchange
Last Updated May 31, 2017
During install, the Symantec Mail Security for Microsoft Exchange (SMSMSE) installer reports "Failed to set SMSMSE registry or file security. Please set the registry and file permissions manually after installation is completed"
During installation of SMSMSE, the following dialog box may be displayed
If this error is displayed, follow the instructions below to set permissions manually.
Set the permissions manually for the SMSMSE Admins and SMSMSE Viewers groups.
SMSMSE Folder permissions:
The SMSMSE Admins group should have Full rights on following folders, and SMSMSE Viewers would have read permissions.
<SMSMSE Install path>\SMSMSE\<version>\Server
<Microsoft.NET Framework path>\v2.0.50727\Temporary ASP.NET Files
C:\Program Files (x86)\Symantec\SMSMSE\7.5\Server
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
SMSMSE Registry permissions:
The SMSMSE Admins group should have Full Control permission to following registry keys, and SMSMSE Viewers should have read permissions on the same registry keys.
Locate the components SMSMSEGUI class and SAVFMSEStatsManager.
Go to the properties of these components and check “Launch and Activation Permissions” and “Access Permissions” as shown in the picture below.
SMSMSE Admins and SMSMSE Viewers should have following permissions on SAVFMSESpamStatManager and SMSMSEGUI Class DCOM components.
Launch and activation permission:
SMSMSE Permission on SMSMSE Web service:
As per the above picture make sure that SMSMSE Admins have full rights and SMSMSE Viewers have read rights on “Symantec Mail Security for Microsoft Exchange” web service. Also make sure that Windows Authentication is enabled on this web service.
Exchange 2010, 2013 and 2016 service account permission requirements:
On Exchange 2010, 2013 and 2016 the SMSMSE service runs under a domain user service account; the following are the permissions granted during the installation process and some are pre-requisite:
Service account should be member of Exchange Organization Management security group – pre-requisite
The “Application Impersonation” RBAC role should be assigned to the service account – Installer creates this role for service account
The service account should have a mailbox for Public folder enumeration and scanning to work – pre-requisite
The service account should be member of SMSMSE Admins group – This is post installation task to be performed by user.
The SMSMSE console can be installed on any machine which is a member of the same domain as the server install. Give full permissions to both SMSMSE Admins and SMSMSE viewers group on “<Install path>\Symantec\CMaF\<version>” folder.
Imported Document ID: TECH208745
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe