Diskeeper 12 & Space reclamation

After running with all of the features enabled on a VM for a week I noticed that Forefront started to pickup random viruses being written to the root of the C-drive. Every time the filename was BzEngineTempFile followed by some number and a .dk file extension. After some digging the Space Reclamation feature within Diskeeper is actually writing temporary files with all 0’s to the root of the volume where Space Reclamation is occurring. However antivirus products (Forefront & McAfee have been confirmed so far) trigger a random virus as the source.

, , ,
June 19, 2012 at 6:39 am Comments (0)

Forefront Protection Security Management Console (FPSMC) Hotfix 1 adds Internet Explorer 9 support

Well it looks like Microsoft is finally supporting IE9 for use with FPSMC under Hotfix 1 (released 6/5/2012). Outside of the aforementioned IE9 support, there a few other bug fixes with this update but otherwise it is pretty quiet.

The new update can be downloaded at:

This update will remove the existing installation prior to installation and can install over the top of the existing SQL database, no reboot is required.

, ,
June 18, 2012 at 10:44 am Comments (0)

Forefront Endpoint Protection 2010 Reporting Services

Over the last few days I’ve been working on a Forefront Endpoint Protection 2010 Deployment on top of an existing Server 2008 SP2 (64-bit) with SQL Server 2005 (64-bit) Standard Edition with SP3 and a production version of SCCM 2007 with R3 and SP3. While working through the pre-requirements and had a number of failures with the SQL server portion. The bulk of these revolved around being unable to detect the version of the Integration Services that were installed. Installing SP4 for SQL Server 2005 did not clear up this issue. The next step was do an in place upgrade to SQL Server 2008 R2 w/SP1, after completing this upgrade the Integration Services version issue was resolved (later the source of the problem was an unknown prior SQL Express install on the server originally which during the install never cleaned up properly).

With all the pre-requirements done, it appeared as life was good but this eventually was met with a failed install with the install going as planned with the exception of the Reporting/Alerting services. To step through this a custom install was done to install everything but the Reporting Services (this install worked). Then followed by a custom install of the Reporting Services only with again another failure. Below is a sample of what the FepReport_*.log created located C:\ProgramData\Microsoft Forefront\Support\Server\

MSI (s) (C8:48) [14:19:50:481]: Product: Microsoft Forefront Endpoint Protection 2010 Reporting — Installation operation failed.

MSI (s) (C8:48) [14:19:50:482]: Windows Installer installed the product. Product Name: Microsoft Forefront Endpoint Protection 2010 Reporting. Product Version: 2.1.1116.0. Product Language: 1033. Installation success or error status: 1603.

MSI (s) (C8:48) [14:19:50:484]: Deferring clean up of packages/files, if any exist
MSI (s) (C8:48) [14:19:50:484]: MainEngineThread is returning 1603
MSI (s) (C8:98) [14:19:50:485]: RESTART MANAGER: Session closed.

While the 1603 is very generic and when looking up this product there were references to TCP 1433 being blocked (which would be odd considering the SQL install was on the same server). Then an attempted manual install from the fepreport.msi was attempted with the below error.

Now at this point it would seem odd that all the pre-requirements foundwere met, the domain server account was even added to the local administrators group and UAC disabled during troubleshooting.

At this point what should be enough for permissions fails, so an attempt with a domain admin level account was done and worked without an issue.

Now doing this method in a production environment introduces many security issues so you’ll need to perform the below steps to change the credentials post-install for the reporting service.

  1. In a web browser, open the Report Manager. By default, the URL is: http:// ReportingServerURL /Reports Where ReportingServerURL is the URL of the reporting server in your organization.
  2. Click Forefront Endpoint Protection_XXX, where XXX is your Configuration Manager site code.
  3. Click Show Details and then click DataSources.
  4. Click DefaultDataSource, under Credentials stored securely in the report server, in the Password box type the new password, and then click Apply.
  5. Verify that the new password is correct by opening a Forefront Endpoint Protection report.

The above is taken from

, , ,
November 21, 2011 at 11:03 pm Comments (0)