Manage Email Signatures Centrally - For All Users

Neil Jordan · Posted: Thu Jun 12, 2008 2:02 pm Post subject: OWA Error - Unhandled Exception

I must have done something wrong. I have got through the instructions as far as Item 3.

When I run signowa I get this:
Unhandled Exception: System.Security.SecurityException: That assembly does not allow partially trusted callers.
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at SignOWA.Program.Main(String[] args)
The action that failed was:
LinkDemand
The assembly or AppDomain that failed was:
SignOWA, Version=2.4.1.1, Culture=neutral, PublicKeyToken=56390b2257d4df72
The method that caused the failure was:
System.String get_Url()
The Zone of the assembly that failed was:
Intranet
The Url of the assembly that failed was:
file:///F:/eMailSignature/OWA/SignOWA.exe

Jesper Frier · Posted: Thu Jun 12, 2008 2:20 pm Post subject:

Please debug OWA and post here (not sure if the post is the debug).
_________________
</Jesper> | Test Email Signature | Showcase |

Neil Jordan · Posted: Thu Jun 12, 2008 2:50 pm Post subject:

Yes it is what I get with that -v command.

For reference, server is Windows 2003 Small Business server, with ISA 2004

Jesper Frier · Posted: Thu Jun 12, 2008 3:09 pm Post subject:

SignOWA.exe is not tested on SBS. Not sure if it works ...This is from the documentation:

Neil Jordan · Posted: Fri Jun 13, 2008 8:13 am Post subject:

Oh dear - that is not good Sad

Can it be run from another server in the same domain? If not, I will need to alter the signature settings manually, so can you tell me what I need to know?

Jakob Christensen · Posted: Fri Jun 13, 2008 8:39 am Post subject:

SignOWA works fine on SBS.

Are you running signOWA from a network share (i.e. \\server\folder\signowa.exe or from a mapped network drive)? As per default the .NET framework does not grant full trust to programs run from shares which is giving you the SecurityException error.

To overcome this you need to either grant full trust to the intranet zone or to signOWA.exe specifically using the .NET configuration tool or to run signOWA from a local drive.

Let me know, if you need any help doing this Smile

Neil Jordan · Posted: Fri Jun 13, 2008 10:41 am Post subject:

Hi.

Glad about the SBS compatibility. Great

I get the same error when I either use the network share or mapped drive.

I have had a quick look at the .NET configuration tool, and will need to get some help from you about where I should look to change things, if you would be so kind. Looks a bit of a minefield.

Thanks

Jakob Christensen · Posted: Fri Jun 13, 2008 11:46 am Post subject:

If you copy all signOWA files to the harddrive of your server and run them from there, this will solve your problem.

If this is not an option, you need to use the .NET configuration tool. Start the configuration tool from "Control Panel" -> "Administrativ Tools" -> "Microsoft .NET Framework 2.0 Configuration". Then do the following:

1. Expand the tree: "My Computer" -> "Runtime Security Policy" -> "Machine" -> "Code Groups" -> "All Code".
2. Right-click "LocalIntranet_Zone" and choose "Properties".
3. Click the "Membership" tab.
4. Change the permission set from "Local intranet" to "FullTrust".
5. Click "Ok".

That's it Smile

Neil Jordan · Posted: Fri Jun 13, 2008 12:13 pm Post subject:

I seem to have .NET 1, 1.1, 2 and 3 installed on the server, but can only find configuration tools for the first two.

I have looked in the relevent folders, and can't find what I would think would be their tools.

If you have an idea of what the 2.0 shortcut would be, I can have a look to see if it is there.

TIA

Jakob Christensen · Posted: Fri Jun 13, 2008 1:21 pm Post subject:

I forgot that for some reason the configuration tool is not installed with the .NET 2.0 distributable. Sorry.

You will have to configure the .NET security manually from the command prompt using the caspol.exe tool. This tool is usually located at
"%windir%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe".

Start a command prompt and run caspol with the following parameters:

Neil Jordan · Posted: Fri Jun 13, 2008 1:53 pm Post subject:

Yes that worked, thanks.

I had to amend the connection string as I had quotes around it, like in the example.

I now have got as far as it running through the mailboxes, but comes up with the Login Timeout, which I guess is due to no permissions.

I tried looking at the instruction list, and this user (domain/administrator) already has Receive As rights...

Neil Jordan · Posted: Fri Jun 13, 2008 2:06 pm Post subject:

I found a Deny for Domain and Enterprise admins for Receive As, and have now removed it as it was being propogated, but now I have some users that fail and some that work, strangely enough the last ones it tries.

Neil Jordan · Posted: Fri Jun 13, 2008 2:20 pm Post subject:

Is it madness to keep answering yourself??? Laughing

I had a play with the permissions, and would appear that there was and still is an inherited deny above the server level, but I can't see where it actually is.

Anyway, after having a few attempts at unticking the box for inheritence, it now seems to work, so I am not now touching it!

Thanks for your help

Jakob Christensen · Posted: Fri Jun 13, 2008 5:17 pm Post subject:

I am glad you got it working Smile

Have a nice weekend.