cancel
Showing results for 
Search instead for 
Did you mean: 

MSME 8.5 - 'EWSWrapper failure while CoCreateInstance'. Error 0xffffffff. Error.

Hello,

I have a Win 2012R2 VM, with Exchange 2013 SP1 installed (Mailbox and CAS)

I have the MSMEODUser account in AD, with the email address of MSMEODUser@MyCompanyDomain.co.uk

I try and run the On-Demand Scan and get the following error: 15 September 2016 10:37:02 2173 On-demand scan task failed due to 'EWSWrapper failure while CoCreateInstance'. Error 0xffffffff. Error.

I check in the Registry and I can see the ODUserid in the \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\MSME\SystemState. The email address assigned to it in the registry is MSMEODUser@MyCompanyDomain.co.uk.

I generate a report from MSME and it sends, but from email address: MSMEODuser@example.org and not my MSMEODUser@MyCompanyDomain.co.uk.

I called support and was told that because I have this config in my IIS, then MSME cannot reach the EWS service at https://MyServerName:444/EWS/Services.wsdl and is trying to get to https://MyServerName/EWS/Exchange.asmx (Service - You have created a new service)

So I don't know now if its my exchange build or the installation of MSME which is at fault.

Many thanks

4 Replies
Reliable Contributor Aidan
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: MSME 8.5 - 'EWSWrapper failure while CoCreateInstance'. Error 0xffffffff. Error.

There can be several contributing factors.

e.g. When MSME does the discovery for MSMEUser dteails it received a UPN instead of possibly an e-mail address that is in the mailbx properties.

the fact that you say the item is "mydomain.co.uk" I take that to mean the systemstate user id entry is a valid e-mail address that does exist in mailbox properties

Second it is verified against EWS .. if you look in your registry HKEY_LOCAL_MACHINE\Software\McAfee\MSME\OnDemand

You will see the discovered EWS urls the product got from enquiring from environmemt.

Have you checked the info received is valid for your env???

(You should be able to open those urls using the admin and msmeoduser accounts)

Third if you have MSME 8.51 then strong recommendation for MSME85P1HF1111610 + MSME85P1HF1144496 - the latter has improvements to detection of the systems  in your environment.

Did you supply MER and debug logs of the failed ODS to support??? 

Re: MSME 8.5 - 'EWSWrapper failure while CoCreateInstance'. Error 0xffffffff. Error.

Hi Aidan,

I have checked the mailbox details of the MSMEODUser account in the SystemState of the Registry and the email address and user account is correct.

I have got the URLS's from the reg key you gave and it gives me the EWS sites of the old 2007 exchange (still in use, will be de-commissioned once 2013 is good.) and my 2013 box. I can access all the sites with my credentials, but none of them using the MSMEODUser account details.

I supplied support with debug logs.

Thanks

Reliable Contributor Aidan
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: MSME 8.5 - 'EWSWrapper failure while CoCreateInstance'. Error 0xffffffff. Error.

So this is a pilot test box??

In Ex Mgmt Shell  - is cmdlet  "Get-WebServicesVirtualDirectory | fl Server, *url" returning same information???

Try

Remove all the old E2007 details from the key - leaving ONLY the correct E2013 information

In <msme install folder>\msme\bin\e2007 agents\  folder - rename gethubtxdetails.ps1  to .old  (in meantime this will stop it getting the old E2007 info again).

If you have an account lockout policy and you have tested msmeoduser many times with failures it could get locked out.

Check the dsa.msc and ensure account is not locked out.

In MSME interface - Settings & Diagnostics - On Demand Settings

Enter and confirm a new Password that conforms to your Password Policy  - Place tick in "Reset This Password in LDAP"

Click Apply. 

Test again

Re: MSME 8.5 - 'EWSWrapper failure while CoCreateInstance'. Error 0xffffffff. Error.

Sorry about the late reply and thank you for your help.

Ill try your advice and report back

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center