FSEMailPickup service does not start after applying Rollup 4

This issue is starting to pop up in a few environments with connectivity issues to https:\\crl.microsoft.com

It looks like we implemented code access security into our Mail Pickup service.

The issue is some firewalls or proxies might not allow this site to be accessed by network service or they might outright block the site.

The issue manifests itself as the FSEMailPickup service trying  to start and then stopping.

If you are starting the service from the services panel you get a “Service did not respond” error.

Your Security auditing might show access denied or some other error for winhttp.

Quick workaround.

Disable CAS checking by modifying the “FSEMailPickup.exe.config” file

Add the following line under  <runtime>

              <generatePublisherEvidence enabled="false"/>

This will bypass the issue.

Long term.

As this is implemented in more products you should make sure you allow the crl site to be accessed by adding an exclusion to whatever is blocking it in your environment.

Tracking what is blocking this might have to be done by getting a network trace while it is trying to start.