Views:

SMEX 12.5 Master Service start failure is caused by the same known issue existing in these three Windows Security Updates.

This Microsoft known issue is resolved in KB4057401 (available for Windows Server 2012 R2) and KB4057142 (available for Windows Server 2016). To avoid ScanMail Master Service start failure, make sure to cover these two Windows Security Updates during deployment.

  • KB4056895 and KB4056898 (available for Windows Server 2012 R2)

    Known issues in this update:

    SymptomWorkaround
    When calling ColnitializeSecurity, the call fails if passing RPC_C_IMP_LEVEL_NONE under certain conditions.
    When calling ColnitializeSecurity, the call may fail when passing RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error message that's returned on the failure is: STATUS_BAD_IMPERSONATION_LEVEL.
    This issue is resolved in KB4057401.
  • KB4056890 (available for Windows Server 2016)

    Known issues in this update:

    SymptomWorkaround
    When calling ColnitializeSecurity, the call will fail when passing RPC_C_IMP_LEVEL_NONE under certain conditions.
    When calling ColnitializeSecurity, the call may fail when passing RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on failure is STATUS_BAD_IMPERSONATION_LEVEL.
    This issue is resolved in KB4057142.

References:

January 3, 2018—KB4056890 (OS Build 14393.2007)

January 8, 2018—KB4056895 (Monthly Rollup)

January 3, 2018—KB4056898 (Security-only update)