Hotfix Rollup 3 for Microsoft Forefront Server Security Management Console

Article translations Article translations
Article ID: 973919 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

Microsoft has released Hotfix Rollup 3 for Microsoft Forefront Server Security Management Console (FSSMC). This article contains information about how to obtain the hotfix and a list of issues that are fixed by the hotfix rollup.

This hotfix rollup includes all the fixes that are included in Hotfix Rollup 1 and Hotfix Rollup 2 for FSSMC. For more information about the fixes included in the previous hotfix rollups, click the following article number to view the article in the Microsoft Knowledge Base:
950320 Description of the Forefront Server Security Management Console Rollup 1 package
960814 Description of Hotfix Rollup 2 for Forefront Server Security Management Console

Note When you upgrade from an earlier version of FSSMC, you must redeploy the FSSMC Deployment Agents to your managed servers. For more information about how to do this, refer to the following section of the FSSMC User Guide:
http://technet.microsoft.com/en-us/library/bb878178.aspx#DeployingAgents

New Features and Fixes

New features in the Hotfix Rollup

  • Antigen version 9 with Service Pack 2 incorporates new anti-spam technology through a partnership with Cloudmark. FSSMC Hotfix Rollup 3 now supports Cloudmark engine update redistribution and Engine Version Reports.

    Note Hotfix Rollup 3 only supports Redistribution Jobs for Cloudmark engine updates and not signature updates. The Cloudmark anti-spam engine receives its signature updates directly from the vendor’s site and not through Microsoft. This means that the signature updates are not distributed through the FSSMC. An engine update refers to updating to a new version of a scan engine, which replaces the old version. A signature update refers to new signatures being added to an existing scan engine.

    For more information about this feature, visit the following Microsoft Web page:
    http://technet.microsoft.com/en-us/forefront/serversecurity/dd940095.aspx
  • FSSMC now can automatically provision the scan engines on managed Antigen and FSS servers. It does so by using the scan engine updates that are deployed to the managed servers through the Signature Redistribution Job. This feature gives customers the latest protection against malware by extending the updating capabilities of Antigen version 9 and Forefront Server Security (FSS) products. This feature can quickly notify users of the availability of a new threat scanning engine, or a planned change in the existing scan engines. These notifications advise administrators on how to make appropriate changes to their product configurations before any changes take effect. The notifications are registered in the Antigen and FSS event log entries and can also be configured for e-mail delivery through the "Virus Administrators" notification group.

    For more information about this feature, visit the following Microsoft Web page, and then click the Engine Revision Overview and FAQ hyperlink:
    http://technet.microsoft.com/en-us/forefront/serversecurity/dd940095.aspx

Issues that are fixed in the hotfix rollup

In addition to the fixes that are included in the previous hotfix rollups, this hotfix rollup fixes the following issues:

Details of the issues that are fixed in the hotfix rollup

Note All the fixes that are listed in this section apply to the following products:
  • Forefront Server Security Management Console
  • Hotfix Rollup 1 for Forefront Server Security Management Console
  • Hotfix Rollup 2 for Forefront Server Security Management Console
  • The keyword list in the FSSMC Operation Job fails to deploy to Forefront for SharePoint Servers
    Symptoms
    In the FSSMC Operation Job, you can change Keyword Filtering lists and deploy those changes to your managed servers. Before Hotfix Rollup 3, this feature did not function correctly when you deploy to Forefront Security for SharePoint managed servers.

    For more information about how to use the Operations Job, see the FSSMC User's Guide:
    http://technet.microsoft.com/en-us/library/bb878182.aspx#OperationJobs
    Cause
    FSSMC pushes an XML document to the deployment agent on the managed servers. This document is parsed by aexmladapter. The issue occurs because of an .fdb format issue between FSSMC and FSSP. This issue occurred because of a change that was made to the .fdb format for keyword deletion text. The change was made after the release of the FSSMC.
  • When you try to deploy Hotfix Rollup 3 for Forefront Security for Exchange Server (FSE) with Service Pack 1 to the passive node of a CCR cluster by using the FSSMC, the installation appears to fail with an error
    Symptoms
    When you install Hotfix Rollup 3 for FSE with Service Pack 1 on a CCR cluster, you have to deploy the package to the passive nodes in addition to the active node. Before Hotfix Rollup 3 for FSSMC, deploying the Hotfix Rollup 3 for FSE with Service Pack 1 on the passive node appears to fail with a returned status of "Installation Failed" in the FSSMC console. When this problem occurs, the following information is logged to the DeploymentAgent.txt file:
    DEBUG (3D0C) Process pid=#### terminated with exit code 3010
    ERROR Error executing the hotfix installer cab file packagelocation
    Cause
    The message that is returned to the FSSMC from the remote computer is "Restart_Required." However, this message is incorrectly treated as an "Error" by FSSMC. This causes the "Installation Failed" notification.
  • After you upgrade to FSSMC Hotfix Rollup 2, you cannot make configuration changes or deploy templates by using the FSSMC
    Symptoms
    After you upgrade to FSSMC Hotfix Rollup 2, you experience the following problems:
    • You cannot make any configuration changes in the FSSMC console.
    • You cannot deploy templates to managed servers by using the FSSMC.
    • When you try to configure the Polling Interval in the Global Configuration section, you may receive an error message that resembles the following:
      Failed to update scheduler for job StatisticsJob, Retrieving the COM class factory for component with CLSID {0E566B66-4D10-436B-80EE-E6B56FBCEE8D} failed due to the following error: 80070005."
    • The DCOM permissions on the Scheduler Service for the user SMGR_ServerName are missing.
    Workaround
    To work around this issue, manually add the necessary DCOM permissions on the Scheduler Service for the user SMGR_ServerName. To do this, follow these steps:
    1. Click Start, and then click Run.
    2. Type DCOMCNFG in the Open box, and then click OK.
    3. Under Console Root, expand Component Services, expand Computers, and then expand My Computer.
    4. Under My Computer, expand DCOM Config, right-click Scheduler Service, and then click Properties.
    5. Click the Security tab, and then make the following changes:
      • Under Launch and Activation Permissions, click Edit, highlight the SMGR_ServerName account, and then confirm that it has the Local Launch and Local Activation permissions set to Allow. If it does not, add these permissions, and then click OK.
      • Under Access Permissions, click Edit, highlight the SMGR_ServerName account, and then confirm that it has the Local Access permission set to Allow. If it does not, add this permission, and then click OK.
    Note This workaround is required only if you cannot upgrade to Hotfix Rollup 3.

    Cause
    During an upgrade of the FSSMC, the FSSMC version of the Scheduler Service is uninstalled and then reinstalled. This removes the permissions on SMGR_MachineName for that GUID. This occurs only on upgrade because the uninstall does not execute for the Scheduler Service if the Scheduler.config file does not exist.

  • The FSSMC Remote Log Generator does not collect the same logs on an Antigen server and an FSS server
    Symptoms
    When you use the FSSMC diagnostic log to collect remote information for managed Antigen or FSS servers, different data is collected from an Antigen server than from an FSS server. The same files are collected from Antigen and FSS servers with the following exceptions.

    The following files are not collected on Antigen servers:

    AntigenInstall.log
    StatisticsManagerServer.txt
    AntigenHRLog.txt
    ProgramLog.txt
    AEXMLAdapter.txt
    StatisticsManagerClient.txt
  • The FSSMC console still contains the FTP option for scan engine updates even though the FTP download site was decommissioned
    Symptoms
    In the FSSMC console, under Administration, there is a Global Configuration option. The Download Configuration section lets you configure the location where the FSSMC will download the scan engine updates. There is a drop-down box that contains two options: http and ftp. The ftp option is no longer valid because the ftp site was decommissioned.

    Cause
    This issue occurs because the FTP engine update site was decommissioned for engine updates. Before Hotfix Rollup 3, the FSSMC console does not reflect this change.

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Data1.cabNot Applicable6,862,35918-Jul-200902:14Not Applicable
Eula.rtfNot Applicable136,43215-Oct-200722:35Not Applicable
Fssmc.msiNot Applicable965,12018-Jul-200902:14Not Applicable
Settings.iniNot Applicable12225-Sep-200710:27Not Applicable
Setup.exe10.5.1241.28744,28818-Jul-200902:14x86
Dotnetfx.exe2.0.50727.4223,510,72025-Sep-200710:27x86
Mdac_typ.exe28.0.1022.35,556,61625-Sep-200710:27x86
Msxml6.msiNot Applicable1,521,15225-Sep-200710:27Not Applicable
Data.tagNot Applicable10925-Sep-200710:27Not Applicable
Data1.cabNot Applicable3,694,10425-Sep-200710:27Not Applicable
Data1.hdrNot Applicable7,83725-Sep-200710:27Not Applicable
Lang.datNot Applicable23,54125-Sep-200710:27Not Applicable
Layout.binNot Applicable60925-Sep-200710:27Not Applicable
Ocfile.iniNot Applicable43925-Sep-200710:27Not Applicable
Os.datNot Applicable45025-Sep-200710:27Not Applicable
Setup.exe5.52.164.073,72825-Sep-200710:27x86
Setup.iniNot Applicable10125-Sep-200710:27Not Applicable
Setup.insNot Applicable71,81725-Sep-200710:27Not Applicable
Setup.issNot Applicable35825-Sep-200710:27Not Applicable
Setup.jpgNot Applicable93,87225-Sep-200710:27Not Applicable
Setup.lidNot Applicable4925-Sep-200710:27Not Applicable
_inst32i.ex_Not Applicable296,67425-Sep-200710:27Not Applicable
_isdel.exe5.51.138.027,64825-Sep-200710:27x86
_setup.dll5.50.134.034,81625-Sep-200710:27x86
_sys1.cabNot Applicable175,46625-Sep-200710:27Not Applicable
_sys1.hdrNot Applicable3,90525-Sep-200710:27Not Applicable
_user1.cabNot Applicable55,30825-Sep-200710:27Not Applicable
_user1.hdrNot Applicable4,38425-Sep-200710:27Not Applicable
Sqlexpr.exe9.0.3042.038,220,65625-Sep-200710:28x86

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Properties

Article ID: 973919 - Last Review: July 30, 2009 - Revision: 1.3
APPLIES TO
  • Microsoft Forefront Server Security Management Console
Keywords: 
kbautohotfix kbhotfixserver kbexpertiseadvanced kbhotfixrollup kbsurveynew kbfix KB973919

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com