Article ID: 2420644 - View products that this article applies to.
Microsoft has released Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2 . This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup.
Issues that are fixed in Hotfix Rollup 3 for Forefront Security for Forefront Security for Exchange Service pack 2This hotfix rollup addresses an issue found in Forefront Security for Exchange that may prohibit users from leveraging version 8 of the Kaspersky antivirus engine.
After updating to both Forefront Security for Exchange Hotfix Rollup 3 Service Pack 2 and Forefront Server Security Management Console (FSSMC) to Hotfix Rollup 5, the Kaspersky antivirus engine will not update. You also may see the following error in the Forefront programlog.txt:
These symptoms may also be seen when using an internal redistribution server, other than FSSMC, to distribute engine updates to FSE servers. (please see KB 950547)
ERROR: (0x00000002) The system cannot find the file specified. Failed to access: \\...\sybariredistribution$\x86\kaspersky5\xxxxxxx/x86/Kaspersky5/Package/manifest.cab
A naming convention change for the manifest.cab file that FSE looks for on either the redistribution server or FSSMC when attempting to update version 8 of the Kaspersky engine results in FSE being unable to locate that cab file. This results in an unsuccessful Kaspersky 8 update and the error detailed above.
Notice· If you have previously applied the work-around provided in KB 2410444
(http://support.microsoft.com/kb/2410444), you will have to reverse this workaround. To do so you can either rename the Localenginemapping.old back to Localenginemapping.cab or you can copy the new Localenginemapping.cab from the following directory on the Forefront Security for Exchange machine; C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\Data\Engines to the following directory on the FSSMC machine; C:\program files\Microsoft Forefront Security\Server\Server Management\Services\Redistribution\cache
You would not experience this issue on a Forefront Security for Exchange installation that is not leveraging a redistribution server or an FSSMC server to receive engine updates.
· The Kaspersky engine's names incorporates the version number '5'. Even after installing this hotfix rollup, the engine name for Kaspersky will still be "Kaspersky5" in both logs and within the Forefront Administrator client. This is purely a cosmetic issue and does not affect functionality. If you wish to confirm the version of the Kaspersky engine, check the Engine Version of Kaspersky under SETTINGS --> Scanner Updates in the Forefront Administrator client. Note that the Kaspersky engine must update at least once after this hotfix rollup has been installed, in order for Kaspersky 8 to be installed.
Apply Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2
Hotfix rollup information
Download informationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
How to install the hotfix rollupTo install the hotfix rollup on any server that is not part of a SCC cluster, follow these steps:
To install this particular hotfix on a SCC cluster, you should perform upgrades on all active nodes first. Setup will prompt you to allow it to take resources offline and bring them back online automatically. Check that all resources are online, and that all Forefront and Exchange services have been started afterwards. You should manually bring resources online / start services, if necessary. Once you have upgraded the active nodes, do not failover. Finally, upgrade each passive node in turn.
Installing on all active nodes first means that Forefront will be able to access the DatabasePath location, where it needs to copy a file to (LocalEngineMapping.cab).
If you prefer not to upgrade on active nodes, you may perform a “rolling upgrade” where you install on each node only when it is in a passive state. This involves performing a series of failovers, so that each node has a chance to become passive. Once all nodes have been upgraded, you must copy LocalEngineMapping.cab from each active node’s local installation to the shared disk folder for the CMS. Forefront needs this file in the following shared disk location, in order to be able to upgrade the Kaspersky engine to version 8.
Copy LocalEngineMapping.cab from each active node’s local installation (source) to its shared disk folder (target):
Source location: <LocalDisk>\Program Files (x86)\Microsoft Forefront Security\Exchange Server
Target location: <SharedDisk>\ForefrontCluster\Engines\
1. There is no need to restart any services or failover the cluster after you have copied LocalEngineMapping.cab to the shared disk folder.
2. If you do not copy LocalEngineMapping.cab to the shared disk folder, Forefront will continue to try to update version 5 of the Kaspersky engine (which will be retired by Microsoft after 31st January 2011).
This hotfix rollup requires that Forefront Security for Exchange Service pack 2 is installed.
File informationThis hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.
The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table