ME020478 - TRB: "Access Denied" error is returned when starting MailEnable services after running the MailEnable Lockdown Utility


SYMPTOMS

An "Access Denied" error is reported when attempting to start MailEnable services after running the MailEnable Lockdown Utility.

Can get an error (5) in the Pop Service logs, here is an example of the log error;

01/09/08 08:26:15	Error creating lock file for postoffice example.com
mailbox mailbox@example.com. Error (5)

CAUSE

If using the SWsoft's Plesk product on Windows 2000, there may be issues that occur after running the MailEnable lockdown utility (ME-10031). The cause of the issue is an incorrect ordering of the Windows ACLs applied to the objects/files in the MailEnable \bin directory. The issue arises because of security settings relevant to Plesk that are applied to the MailEnable \bin directory and a weakness in the Windows CACLS command.

The order of ACLs for inherited by child objects of the \bin directory are likely to be incorrectly ordered because of a conflict between Plesk and MailEnable ACLs.

RESOLUTION

The solution to this problem is to access the directory using Windows Explorer and allow it to correctly re-order the permissions to the directory.

This is done as follows:

1. Navigate to the MailEnable \bin directory (this is usually located under the Plesk\Mail Servers\Mail Enable directory)
2. Right click on the directory and open the Properties of the \bin directoy
3. Select the Security tab and select the Advanced button
4. Tick the checkbox to Replace permission entries on all child objects
5. Click OK to any warnings

It is possible that this issue may also occur for other MailEnable folders that have complex or non-standard ACLs applied. For example, if the same issue occurs for the MailEnable message store, then there may be problems with MailEnable's Web Mail in that it can duplicate messages.

For more information on the CACLS and to obtain a hotfix for CACLS please refer to this Microsoft Knowledge Base Article:  http://support.microsoft.com/kb/q268546

MORE INFORMATION

MailEnable Security Whitepaper: http://www.mailenable.com/security/lockdown.asp



Product:MailEnable (All Versions)
Category:Integration
Module:General
Keywords:Plesk ACLs Access denied incorrectly ordered lock down lockdown error sw soft
Class:TRB: Troubleshooting (Configuration or Environment)
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable