This article contains information to assist with troubleshooting the Mimecast Synchronization Engine (MSE) client software and its configurations.
Installation Troubleshooting
If any of the required component(s) are shown with a red X, make a note of the name and version of any missing component(s) and follow the process below:
- Note the missing component(s) from your target installation machine.
- Close and exit the installer wizard.
- Install the required missing component(s).
- Restart the installation process again.
MSE Binding Issues
This section describes potential binding issues that may arise when MSE was previously bound to Exchange On-Premise and must be updated to bind to M365.
Issues around MSE binding can be encountered when users present in Exchange On-Premise, are moved to Exchange Online/M365. In this scenario, MSE Permission Sync tasks may break for delegated accounts, as the MSE will still be attempting to sync these delegate mailboxes from the Exchange On-Premise server. Technically, the MSE binding works in this scenario. However, the tasks will fail and show there are "no mailboxes."
The binding issue can be resolved by installing the MSE on Windows Server 2022 or later.
Administration Console Status Issues
Not Yet Active
This section provides information about the causes and resolutions for On-Premises Active Directory (MSE version 2.8.0.6217 and later) integrations showing a status of Not yet Active.
The Cause
The Directory Integration status Not Yet Active indicates that the Directory Sync has not yet been completed. If this status does not change for 24 hours after creating the integration, there is a problem with the configuration. There are several factors to consider:
- The MSE service is not running.
- The configuration for the Integration has yet to be finalized.
- A permissions error is preventing the MSE client from connecting to Active Directory.
- A local networking error where your MSE site cannot connect to Mimecast.
- The date and time on the host machine need to be corrected or in sync with your Domain Controller.
The Resolution
- Ensure your installation of MSE is correctly set up by reviewing the steps in the installation guide: Installation & Upgrade Guide.
Active or Bound (wrong date/time)
If the status is Active but the Last Active time is not up to date, or the status is Bound, the date and time showing is out of date or incorrect.
The Cause
This indicates that the Mimecast Synchronization Engine service is not running on your server.
The Resolution
- To start the service, connect to the server where the Mimecast Synchronization Engine is installed in your environment, launch the Site Configure utility, and click the play button on the General tab.
- Once the service status runs on your server, return to the Services | Synchronization Engine Sites menu in the Administration Console and validate that the status is active and the Last Active time is up to date.
Once your service status is resolved, wait for the next scheduled sync to run and re-check the Directory Integration status. If the status does not update, move on to the next troubleshooting step.
If the Mimecast Synchronization Engine service fails to start, please check the siteconfigure.log file and/or the Windows Event Viewer for more details on why the service is failing.
Troubleshooting Tasks
Log Files
Within 2 minutes of saving a configuration in the Administration Console, your Mimecast Synchronization Engine server should pick up the new configuration and schedule Active Directory Sync. To check this:
- Login into the Mimecast Synchronization Engine server that the Active Directory Sync connection is configured to use and navigate to the service log directory by default C:\Program Files\Mimecast\SynchronizationEngine\log\service.
- Open the log file for the current day and search for the string "calling siteConfig."
- Following this, you should see a line similar to the one below showing Active Directory Sync being applied and the next time the synchronization is scheduled to start:
DEBUG|02062015 08:46:37,319| 4|mseservice|AntiCorruptionScheduler|+ event taskId: 2972, name: Task Description, next occurrence: 02/06/2015 13:00:00
If you do not see this line, you should see an error message indicating why Active Directory Sync cannot be applied. Typically, this is caused by a networking issue preventing the Mimecast Synchronization Engine from connecting to the Mimecast API. To run a sync before the next scheduled execution, use the Sync All button in the Mimecast Administration Console's Users & Groups | Directory Synchronization page.
Common Log File Errors
The tables below show common errors and potential causes for their respective environments you may encounter when troubleshooting logs.
| Error | Possible Cause |
| Mailbox validation failed. code: PowershellConnectionFailed. |
This indicates that the Powershell v3 module is not installed. |
| Error | Possible Cause |
| Mailbox validation failed. code: MailboxUnreachable. |
This can indicate a couple of issues; one might be a block on the firewall, or it could simply be something wrong with that mailbox. |
Task Permissions (Microsoft Mailbox)
If a Scheduled Task status results in an Error, check that your Microsoft Mailbox has the correct permissions. You can do this using Powershell by following the steps below, depending on the version of Exchange.
If the cmdlet in the steps below is not complete successfully, take steps to resolve the issue. The Mailbox Permission Sync feature uses this cmdlet programmatically. Therefore, as long as this executes successfully, the scheduled task should also.
Microsoft 365
To check your permissions in Microsoft 365:
- Open a Powershell Window.
- Run the following command to connect to Microsoft 365.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Use the Microsoft Mailbox Credentials in the popup dialog.
-
Import the new Powershell Session using the following command:
Import-PsSession $session
- Check that the Get-MailboxPermission cmdlet completes successfully using the following command (where "a_user" is the user name of a user in your organization):
Get-MailboxPermission -Identity a_user
Exchange On-Premises
To check your permissions in Exchange On-Premises:
- Log on to an Exchange Server as the Microsoft Mailbox.
- Open the Exchange Management Shell.
- Check the Get-MailboxPermission cmdlet completes successfully by using the following command (where "a_user" is the user name of a user in your organization):
Get-MailboxPermission -Identity a_user
Active Directory Sync Permissions
For the Mimecast Synchronization Engine to connect to Active Directory and extract data, the user you have specified to run the Mimecast Synchronization Engine service or the user you have specified in the "Replicate Different Domain" settings of the Directory Integration requires read permissions to Active Directory.
Managed Folders, Not Deleting Messages
Unless the Delete Unmatched Items setting is used, Managed Folder policies will only take action on messages matching the conditions in your policy that are found in the Mimecast archive. If a message is not found in the archive, a property is added to the message indicating that the message should not be considered the next time the mailbox is processed, consequently leaving the message in the mailbox. This can happen if you used Managed Folders before ingesting your legacy data into the archive.
If you find that your Managed Folder policy is not deleting messages that you have ingested into the archive, you can override this property by following these steps:
- Create a file in the DAT directory on your Mimecast Synchronization Engine server named global.ini. By default, the path is:
C:\Program Files\Mimecast\SynchronizationEngine\dat
- Add this line and save the file:
IngoreTakeNoActionStamp=true
- The next time the Managed Folder policy task runs, items with take no action properties will not be considered.
Comments
Please sign in to leave a comment.