PureMessage "Failed to create the virus engine while processing message"

I have Exchange 2013 at sites A, B and C. The PureMessage DB is in site A. Everything works in site A, but sites B and C only generate errors and deliver e-mail with the "UNSCANNED" header.

 

The log file is an endless list of the same three errors (EventID 68, 70 and 72):

05.12.2019 14:38:38 Failed to create the virus engine while processing message '<669a88a0-7f76-49b4-aa73-68248c8677f6@northwind.com>' (error: '0x800706BE')
05.12.2019 14:38:38 Failed to create the content engine while processing message '<669a88a0-7f76-49b4-aa73-68248c8677f6@northwind.com>' (error: '0x800706BA')
05.12.2019 14:38:38 Failed to create the spam engine while processing message '<669a88a0-7f76-49b4-aa73-68248c8677f6@northwind.com>' (error: '0x800706BA')
05.12.2019 14:38:50 Failed to create the virus engine while processing message '<5374f3fc35ce457ea93813d877fbc0ca@acme.org>' (error: '0x800706BE')
05.12.2019 14:38:50 Failed to create the content engine while processing message '<5374f3fc35ce457ea93813d877fbc0ca@acme.org>' (error: '0x800706BA')
05.12.2019 14:38:50 Failed to create the spam engine while processing message '<5374f3fc35ce457ea93813d877fbc0ca@acme.org>' (error: '0x800706BA')

 

Unfortunately, there's few to find about this subject ( or about PureMessage, for that matter). This post about Scheduled Tasks not functioning (they do) is the only one actually. More generally, 0x800706BA means the remote procedure server cannot be reached and 0x800706BE means the remote procedure call failed. 

 

Any ideas? I'm thinking of a Windows Firewall issue maybe and am experimenting with that.

  • Hi  

    Would you please suggest whether you have clustered Exchange server and if yes, please suggest which Pure-message for Exchange version you are using in your environment?

  • In reply to Jasmin:

    Hello. No, it's three Exchange servers with three different databases in three different countries - no DAGs. All servers are on PureMessage version 4.0.4.

  • In reply to J.Janssens:

    Hi  

    Thank you for the information.

    Please suggest if all the three pure message for exchange servers are having all three different databases or if they are connected to the same database, have you checked the connectivity between pure message for exchange server and the database server?

  • In reply to Jasmin:

    Hello Jasmin. There is one DB in site A and sites B and C connect to that DB. I can see (and manage) all three PureMessage servers. 1433/tcp and 1434/udp have been allowed for SQL communication and both beacon.exe and SavexSrvc.exe have been allowed explicitly through the Windows firewall.

  • In reply to J.Janssens:

    Hi  

    Please advise if you already had the Anti-Virus client available on the servers B and C before installing the Pure message for Exchange. 

    If yes, please suggest if you uninstalled them and then installed the Pure Message for Exchange on the machine.

    If Pure Message for Exchange is installed after the uninstallation of the older client, would you please suggest what is the update source of the client on server B and server C.

    Ideally, the source should be Sophos and username and password should be provided with your license to you.

  • In reply to Jasmin:

    Hello Jasmin. Thank you. Sophos Endpoint Protection was installed before PureMessage yes. So I should uninstall the AV client and PureMessage and then install them again but PureMessage first?

  • In reply to J.Janssens:

    Hi  

    Yes, you will need to uninstall AV client first and then install Puremesssage, let me know if that helps you. 

  • In reply to Shweta:

    Hello. I uninstalled the AV client and PureMessage on both Server B and C and then reinstalled in the other order. Exactly the same happens. 

     

  • In reply to J.Janssens:

    Hi  

    It seems that this would require an in-depth investigation alongwith logs. I would request you to open a support case and PM me the case number once done. 

  • In reply to Shweta:

    Thank you. I sent the case number by PM.

  • In reply to J.Janssens:

    Hi  

    Thank you for providing the case number. I will keep an eye on the same and shall let you know if there is anything required from your end. 

  • In reply to Shweta:

    Hi  

    Just wanted to follow up on this thread, are you still facing this issue?

  • In reply to Shweta:

    Hello Shweta,

    No, but I am not entirely sure why not. When Sophos looked at the install with me, the problem was gone. Less than 10% of email traffic was not scanned, but that is apparently acceptable. before it was nearly 100% unscanned. The fact that on the main mail server, where most traffic is but also the DB, unscannable objects is nearly 0, makes me think in reality the issue is performance related. I suspect that this error happens if Server B and Server C query the DB in Server A and the reply doesn't come fast enough. I'll see how it goes in January. Right now, because of the holidays, there's few traffic and much bandwidth. 

  • In reply to J.Janssens:

    Hi  

    Sure, if you need any help from our side, please let us know. We'll help you to resolve your issue.