Description of Hotfix Rollup 2 for Microsoft Forefront Security for Exchange Service Pack 2

Article translations Article translations
Article ID: 2270641 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

Microsoft has released Hotfix Rollup 2 for Forefront Security for Exchange Service Pack 2. This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup.

MORE INFORMATION



Issues that are fixed in Hotfix Rollup 2 for Forefront Security for Exchange Service Pack 2

This hotfix rollup fixes the following issues:
  1. The FSCTransportScanner.exe process in Forefront Server Security for Exchange may stop responding, and this generates a Dr. Watson crash that references Bucket ID 1211603866
  2. The FSECCRService.exe process in Forefront Server Security for Exchange may stop responding, and this generates a Dr. Watson crash that references Bucket ID 1076269539
  3. Forefront Server Security for Exchange fails to write a crypto checkpoint in the RSA\Machine Keys folder
  4. The FSCController.exe process in Forefront Server Security for Exchange may stop responding, and this generates a Dr. Watson crash that references Bucket ID 1229588505
  5. The Forefront Security for Exchange GetEngineFile process crashes and Forefront is unable to perform a scan engine update
  6. Kaspersky scan engine in Forefront Security for Exchange does not update on a CCR cluster
  7. Forefront Security for Exchange does not install on Windows Server 2008 R2
  8. Forefront Security for Exchange now supports the Kaspersky 8 engine

Details of the issues that are fixed in the hotfix rollup

  1. The FSCTransportScanner.exe process in Forefront Server Security for Exchange may stop responding, and this generates a Dr. Watson crash that references Bucket ID 1211603866
    Symptoms

    Dr. Watson reports Bucket ID [1211603866] when this issue occurs. Additionally, the following information may be reported by Dr. Watson:

    -----------------   Stack Dump   ------------------

    Bucket ID                 -> 1211603866

    Cab ID      -> XXXXXXXXX

    OS Version              -> XXXXXXXXX

    [0]           RARNAVIGATOR.DLL!unknown              [unknown]

    [1]           RARNAVIGATOR.DLL!unknown              [unknown]

    [2]           RARNAVIGATOR.DLL!unknown              [unknown]

    [3]           RARNAVIGATOR.DLL!unknown              [unknown]

    [4]           RARNAVIGATOR.DLL!unknown              [unknown]

    [5]           RARNAVIGATOR.DLL!unknown              [unknown]

    [6]           FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [7]           FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [8]           FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [9]           FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [10]         FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [11]         RPCRT4.DLL!Invoke [unknown]

    [12]         RPCRT4.DLL!NdrStubCall2      [unknown]

    [13]         RPCRT4.DLL!CStdStubBuffer_Invoke      [unknown]

    [14]         OLEAUT32.DLL!CUnivStubWrapper::Invoke           [unknown]

    [15]         OLE32.DLL!SyncStubInvoke     [unknown]

    [16]         OLE32.DLL!StubInvoke            [unknown]

    [17]         OLE32.DLL!CCtxComChnl::ContextInvoke                [unknown]

    [18]         OLE32.DLL!MTAInvoke            [unknown]

    [19]         OLE32.DLL!STAInvoke             [unknown]

    [20]         OLE32.DLL!AppInvoke             [unknown]

    [21]         OLE32.DLL!ComInvokeWithLockAndIPID                [unknown]

    [22]         OLE32.DLL!ComInvoke            [unknown]

    [23]         OLE32.DLL!ThreadDispatch    [unknown]

    [24]         OLE32.DLL!ThreadWndProc    [unknown]

    [25]         USER32.DLL!InternalCallWinProc           [unknown]

    [26]         USER32.DLL!UserCallWinProcCheckWow              [unknown]

    [27]         USER32.DLL!DispatchMessageWorker  [unknown]

    [28]         USER32.DLL!DispatchMessageW           [unknown]

    [29]         FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [30]         FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [31]         FSCTRANSPORTSCANNER.EXE!unknown               [unknown]

    [32]         NTDLL.DLL!__RtlUserThreadStart          [unknown]

    [33]         NTDLL.DLL!_RtlUserThreadStart            [unknown]


    Cause

    This crash occurs when the RARNavigator.dll does not correctly handle invalid metadata.

  2. The FSECCRService.exe process in Forefront Server Security for Exchange may stop responding, and this generates a Dr. Watson crash that references Bucket ID 1076269539
    Symptoms

    Dr. Watson reports Bucket ID [1076269539] when this issue occurs. Additionally, the following information may be reported by Dr. Watson:

    -----------------   Stack Dump   ------------------

    Bucket ID                 -> 1076269539

    Cab ID      -> XXXXXXXXX

    OS Version              -> Windows 2003 Service Pack 2 (build 3790)

    [0]           FSECCRSERVICE.EXE!unknown               [unknown]

    Cause

    This crash occurs when a resource type string is changed without first checking for API success.
  3. TheForefront Server Security for Exchange fails to write a crypto checkpoint in the RSA\Machine Keys folder


    Problem
    Upon installation, or upon failover on a SCC or CCR cluster, Forefront Server Security for Exchange fails to write a crypto checkpoint in the RSA\Machine Keys folder


    Symptoms

    The following error may be present in the Forefront Server Security for Exchange installation log (ForefrontInstall.log):


    szErrorDesc = Error SetupFSEEVS: SetupFSEMSCSEVS: ClusterResourceControl(CLUSCTL_RESOURCE_ADD_CRYPTO_CHECKPOINT, ExchISVirusScan) failed or checkpoint exist already.

    SetupFSEMSCSEVS: OpenClusterResource(pszRegRep) failed



    The following System event log error may occur when the cluster in being brought online:


    Event Type: Error


    Event Source: ClusSvc


    Event Category: Checkpoint Mgr


    Event ID: 1121


    User: N/A


    Description: The crypto checkpoint for cluster resource 'Exchange Information Store Instance
    could not be restored to the container name 'C44FBC30-1445-11d3-8CAA-00104B9C5823'. The resource may not function correctly.
    Additionally, if you use Process Monitor to track this issue, you will see an access denied event on the following machine keys folder:
    clussvc.exe
         CreateFile        
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47bea955279d0bff4b03ff43cad2cab7_80331190-c9c2-4bc8-b3da-6baffb106058
       
    ACCESS DENIED


    Cause
    This issue is caused by incorrect permissions on a crypto container
  4. FSCController.exe process in Forefront Server Security for Exchange may stop responding, and this generates a Dr. Watson crash that references Bucket ID 1229588505

    Symptoms

    Dr. Watson reports Bucket ID [1229588505] when this issue occurs. Additionally, the following information may be reported by Dr. Watson:

    -----------------   Stack Dump   ------------------

    Bucket ID                 -> 1229588505

    Cab ID      -> XXXXXXXXX

    OS Version              -> Windows 2003 Service Pack 2 (build 3790)

    [0]           FSCController.exe!unknown   [unknown]

    Cause

    This crash occurs when an unallocated date is returned from the incidensts database.
  5. The Forefront Security for Exchange GetEngineFile process crashes and Forefront is unable to perform a scan engine update

    Symptoms

    The ProgramLog.txt will contain an error indicating the GetEngineFiles process stopped abnormally. The current engine update will fail. The next scheduled update for that engine, or any engine, will succeed.

    Cause

    A synchronization issue between two process threads within GetEngineFiles causes the current engine update to fail.

  6. The Kaspersky scan engine in Forefront Security for Exchange does not update on a CCR cluster

    Symptoms

    Kaspersky engine does not update on passive node

    Cause

    Because a CCR cluster contains no shared drive, Forefront Security for Exchange copies its own data between nodes. The Kaspersky files within Forefront’s LocalFileMapping.cab are not successfully copies to the passive node. Therefore, the passive node does not update the Kaspersky engine 

  7. Forefront Security for Exchange does not install on Windows Server 2008 R2

    Symptoms

    Error during install: Setup could not find the update.inf file needed to update your system.

    Cause

    Forefront Security for Exchange is unable to install on Exchange Service Pack 3 on Windows Server 2008 R2. Forefront Security for Exchange is not certified on this platform.

  8. Forefront Security for Exchange now supports version 8 of the Kaspersky scan engine.

    More Info.

    Forefront Security for Exchange provides version 8 of the Kaspersky scan engine by default upon install

Hotfix rollup information

Download information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

How to install the hotfix rollup

To install the hotfix rollup on any server that is not part of a SCC cluster, follow these steps:
  1. Run the installer. To do this, double-click the hotfix rollup executable file.

    Note When the installer is running, the Forefront services are stopped.
  2. After the installation is complete, and the Forefront services are restarted, make sure that Forefront is working correctly.

    Notes
    • The Forefront services are restarted automatically during the installation.
    • Forefront service packs or hotfix rollups can be installed by using the FFSMC Deployment job. For more information, see "Deployment Jobs" in the Forefront Server Security Management Console User's Guide. In this case, the installer runs in silent mode, and user input is not required. The rest of the process remains the same as when you double-click the executable file to run the installer .

To install the hotfix rollup on a SCC cluster, choose one of the following methods: 

Method 1

To install this particular hotfix on a SCC cluster, you should perform upgrades on all active nodes first. Setup will prompt you to allow it to take resources offline and bring them back online automatically. Check that all resources are online, and that all Forefront and Exchange services have been started afterwards. You should manually bring resources online / start services, if necessary. Once you have upgraded the active nodes, do not failover. Finally, upgrade each passive node in turn.

Installing on all active nodes first means that Forefront will be able to access the DatabasePath location, where it needs to copy a file to (LocalEngineMapping.cab). 


Method 2
If you prefer not to upgrade on active nodes, you may perform a “rolling upgrade” where you install on each node only when it is in a passive state. This involves performing a series of failovers, so that each node has a chance to become passive. Once all nodes have been upgraded, you must copy LocalEngineMapping.cab from each active node’s local installation to the shared disk folder for the CMS. Forefront needs this file in the following shared disk location, in order to be able to upgrade the Kaspersky engine to version 8. 

Copy LocalEngineMapping.cab from each active node’s local installation (source) to its shared disk folder (target):
Source location: <LocalDisk>\Program Files (x86)\Microsoft Forefront Security\Exchange Server
Target location: <SharedDisk>\ForefrontCluster\Engines\

Notes:
1. There is no need to restart any services or failover the cluster after you have copied LocalEngineMapping.cab to the shared disk folder.
2. If you do not copy LocalEngineMapping.cab to the shared disk folder, Forefront will continue to try to update version 5 of the Kaspersky engine (which will be retired by Microsoft after 31st January 2011).


Prerequisites

This hotfix rollup requires that Forefront Security for Exchange Service Pack 2 is installed. 


File information

This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.

The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Adonavigator.dll10.2.952.0421,23229-Jun-201018:08x86
Adonavigator64.dll10.2.952.0716,14429-Jun-201018:13x64
Adonavsvc.exe10.2.952.0154,99229-Jun-201018:13x64
Aexmladapter.dll10.2.952.0379,76029-Jun-201018:08x86
Custominstall.dll10.2.952.0923,50429-Jun-201018:08x86
Customuninstall.dll10.2.952.0342,38429-Jun-201018:08x86
Eventstrings-en_us.dll10.2.952.0118,64029-Jun-201018:08x86
Eventstrings.dll10.2.952.0118,64029-Jun-201018:08x86
Extractfiles.exe10.2.952.0338,28829-Jun-201018:08x86
Filterengine.dll10.2.952.0332,65629-Jun-201018:08x86
Fscadmarksvc.exe10.2.952.089,08829-Jun-201016:27x86
Fscappscanner.dll10.2.952.0334,70429-Jun-201018:08x86
Fsccodec.dll10.2.952.0195,44029-Jun-201018:08x86
Fsccommon.dll10.2.952.018,28829-Jun-201018:08x86
Fsccontroller.exe10.2.952.01,607,53629-Jun-201018:08x86
Fsccontrollerps.dll10.2.952.085,36029-Jun-201018:08x86
Fscdiag.exe10.2.952.0487,79229-Jun-201018:08x86
Fscexec.exe10.2.952.057,20029-Jun-201018:08x86
Fscmanualscanner.exe10.2.952.0899,95229-Jun-201018:08x86
Fscmonitor.exe10.2.952.0265,07229-Jun-201018:08x86
Fscmonitorps.dll10.2.952.051,05629-Jun-201018:08x86
Fscrealtimescanner.exe10.2.952.0882,54429-Jun-201018:08x86
Fscstarter.exe10.2.952.0249,20029-Jun-201018:08x86
Fscstatsserv.exe10.2.952.0270,70429-Jun-201018:08x86
Fsctransportscanner.exe10.2.952.0903,53629-Jun-201018:08x86
Fscutility.exe10.2.952.0494,96029-Jun-201018:08x86
Fseccrservice.exe10.2.952.0849,26429-Jun-201018:08x86
Fseimc.exe10.2.952.0324,46429-Jun-201018:08x86
Fsemailpickup.exe10.2.952.092,01629-Jun-201018:08x86
Fsevsapi.dll10.2.952.0616,81629-Jun-201018:13x64
Fsevsapiex.dll10.2.952.076,65629-Jun-201018:13x64
Fssaclient.exe10.2.952.01,221,48829-Jun-201018:08x86
Getenginefiles.exe10.2.952.0714,09629-Jun-201018:08x86
Gziparchive.dll10.2.952.0267,12029-Jun-201018:08x86
Installservice.exe10.2.952.049,00829-Jun-201018:08x86
Installtask.exe10.2.952.0226,67229-Jun-201018:08x86
Launcher.exe10.2.952.0400,24029-Jun-201018:13x64
Localenginemapping.cabNot Applicable6,39916-Jun-201021:14Not Applicable
Macbinnavigator.dll10.2.952.0241,52029-Jun-201018:08x86
Mimenavigator.dll10.2.952.0322,92829-Jun-201018:08x86
Multimapper.dll10.2.952.0677,23229-Jun-201018:08x86
Openxmlnavigator.dll10.2.952.092,52829-Jun-201018:08x86
Perfmonitorsetup.exe10.2.952.0294,76829-Jun-201018:08x86
Programlogmsg.dll10.2.952.0111,47229-Jun-201018:08x86
Rarnavigator.dll10.2.952.0333,68029-Jun-201018:08x86
Remotinglayer.dll10.2.952.082,28829-Jun-201018:08x86
Remotinglayer64.dll10.2.952.0115,56829-Jun-201018:13x64
Scanengines.dll10.2.952.0562,03229-Jun-201018:08x86
Scanenginetest.exe10.2.952.0359,79229-Jun-201018:08x86
Semsetup.exe10.2.952.0292,20829-Jun-201018:08x86
Sfxcab.exe10.2.952.039,42414-Jul-201015:31x86
Smimenavigator.dll10.2.952.0238,44829-Jun-201018:08x86
Statisticsmanager.dll10.2.952.0537,45629-Jun-201018:08x86
Structstgnavigator.dll10.2.952.0300,40029-Jun-201018:08x86
Synchelper.dll10.2.952.0507,24829-Jun-201018:08x86
Tararchive.dll10.2.952.0249,20029-Jun-201018:08x86
Tnefnavigator.dll10.2.952.0308,08029-Jun-201018:08x86
Uuencodenavigator.dll10.2.952.0256,88029-Jun-201018:08x86
Version.exe10.2.952.0309,61629-Jun-201018:08x86
Ziparchive.dll10.2.952.0304,49629-Jun-201018:08x86
Fscperfmonitor.dll10.2.952.0315,76029-Jun-201018:08x86
Fscperfmonitor.dll10.2.952.0544,62429-Jun-201018:13x64
Custom64.dllNot Applicable105,67224-May-201017:54x64
Updspapi.dll6.3.16.0463,72010-Oct-200816:42x64

Properties

Article ID: 2270641 - Last Review: December 22, 2010 - Revision: 10.0
APPLIES TO
  • Microsoft Forefront Security for Exchange Server
  • Microsoft Forefront Security for Exchange Server Service Pack 2
Keywords: 
kbautohotfix KB2270641

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com