I have a Win 2012R2 VM, with Exchange 2013 SP1 installed (Mailbox and CAS)
I have the MSMEODUser account in AD, with the email address of MSMEODUser@MyCompanyDomain.co.uk
I try and run the On-Demand Scan and get the following error: 15 September 2016 10:37:02 2173 On-demand scan task failed due to 'EWSWrapper failure while CoCreateInstance'. Error 0xffffffff. Error.
I check in the Registry and I can see the ODUserid in the \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\MSME\SystemState. The email address assigned to it in the registry is MSMEODUser@MyCompanyDomain.co.uk.
I called support and was told that because I have this config in my IIS, then MSME cannot reach the EWS service at https://MyServerName:444/EWS/Services.wsdl and is trying to get to https://MyServerName/EWS/Exchange.asmx (Service - You have created a new service)
So I don't know now if its my exchange build or the installation of MSME which is at fault.
There can be several contributing factors.
e.g. When MSME does the discovery for MSMEUser dteails it received a UPN instead of possibly an e-mail address that is in the mailbx properties.
the fact that you say the item is "mydomain.co.uk" I take that to mean the systemstate user id entry is a valid e-mail address that does exist in mailbox properties
Second it is verified against EWS .. if you look in your registry HKEY_LOCAL_MACHINE\Software\McAfee\MSME\OnDemand
You will see the discovered EWS urls the product got from enquiring from environmemt.
Have you checked the info received is valid for your env???
(You should be able to open those urls using the admin and msmeoduser accounts)
Third if you have MSME 8.51 then strong recommendation for MSME85P1HF1111610 + MSME85P1HF1144496 - the latter has improvements to detection of the systems in your environment.
Did you supply MER and debug logs of the failed ODS to support???
I have checked the mailbox details of the MSMEODUser account in the SystemState of the Registry and the email address and user account is correct.
I have got the URLS's from the reg key you gave and it gives me the EWS sites of the old 2007 exchange (still in use, will be de-commissioned once 2013 is good.) and my 2013 box. I can access all the sites with my credentials, but none of them using the MSMEODUser account details.
I supplied support with debug logs.
So this is a pilot test box??
In Ex Mgmt Shell - is cmdlet "Get-WebServicesVirtualDirectory | fl Server, *url" returning same information???
Remove all the old E2007 details from the key - leaving ONLY the correct E2013 information
In <msme install folder>\msme\bin\e2007 agents\ folder - rename gethubtxdetails.ps1 to .old (in meantime this will stop it getting the old E2007 info again).
If you have an account lockout policy and you have tested msmeoduser many times with failures it could get locked out.
Check the dsa.msc and ensure account is not locked out.
In MSME interface - Settings & Diagnostics - On Demand Settings
Enter and confirm a new Password that conforms to your Password Policy - Place tick in "Reset This Password in LDAP"