Microsoft has released Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2 . This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup.
Issues that are fixed in Hotfix Rollup 3 for Forefront Security for Forefront Security for Exchange Service pack 2
This hotfix rollup addresses an issue found in Forefront Security for Exchange that may prohibit users from leveraging version 8 of the Kaspersky antivirus engine.
After updating to both Forefront Security for Exchange Hotfix Rollup 3 Service Pack 2 and Forefront Server Security Management Console (FSSMC) to Hotfix Rollup 5, the Kaspersky antivirus engine will not update. You also may see the following error in the Forefront programlog.txt:
ERROR: (0x00000002) The system cannot find the file specified. Failed to access: \\...\sybariredistribution$\x86\kaspersky5\xxxxxxx/x86/Kaspersky5/Package/manifest.cab
These symptoms may also be seen when using an internal redistribution server, other than FSSMC, to distribute engine updates to FSE servers. (please see KB 950547)
A naming convention change for the manifest.cab file that FSE looks for on either the redistribution server or FSSMC when attempting to update version 8 of the Kaspersky engine results in FSE being unable to locate that cab file. This results in an unsuccessful Kaspersky 8 update and the error detailed above.
· If you have previously applied the work-around provided in KB 2410444
, you will have to reverse this workaround. To do so you can either rename the Localenginemapping.old back to Localenginemapping.cab or you can copy the new Localenginemapping.cab from the following directory on the Forefront Security for Exchange machine; C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\Data\Engines
to the following directory on the FSSMC machine; C:\program files\Microsoft Forefront Security\Server\Server Management\Services\Redistribution\cache
You would not experience this issue on a Forefront Security for Exchange installation that is not leveraging a redistribution server or an FSSMC server to receive engine updates.
· The Kaspersky engine's names incorporates the version number '5'. Even after installing this hotfix rollup, the engine name for Kaspersky will still be "Kaspersky5" in both logs and within the Forefront Administrator client. This is purely a cosmetic issue and does not affect functionality. If you wish to confirm the version of the Kaspersky engine, check the Engine Version of Kaspersky under SETTINGS --> Scanner Updates in the Forefront Administrator client. Note that the Kaspersky engine must update at least once after this hotfix rollup has been installed, in order for Kaspersky 8 to be installed.
Apply Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2
Hotfix rollup information
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix. Note
If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note
The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
How to install the hotfix rollup
To install the hotfix rollup on any server that is not
part of a SCC cluster, follow these steps:
- Run the installer. To do this, double-click the hotfix rollup executable file.
Note When the installer is running, the Forefront services are stopped.
- After the installation is complete, and the Forefront services are restarted, make sure that Forefront is working correctly.
- The Forefront services are restarted automatically during the installation.
- Forefront service packs or hotfix rollups can be installed by using the FFSMC Deployment job. For more information, see "Deployment Jobs" in the Forefront Server Security Management Console User's Guide. In this case, the installer runs in silent mode, and user input is not required. The rest of the process remains the same as when you double-click the executable file to run the installer .
To install the hotfix rollup on a SCC cluster
, choose one of the following methods: Method 1
To install this particular hotfix on a SCC cluster, you should perform upgrades on all active nodes first. Setup will prompt you to allow it to take resources offline and bring them back online automatically. Check that all resources are online, and that all Forefront and Exchange services have been started afterwards. You should manually bring resources online / start services, if necessary. Once you have upgraded the active nodes, do not failover. Finally, upgrade each passive node in turn.
Installing on all active nodes first means that Forefront will be able to access the DatabasePath location, where it needs to copy a file to (LocalEngineMapping.cab). Method 2
If you prefer not to upgrade on active nodes, you may perform a “rolling upgrade” where you install on each node only when it is in a passive state. This involves performing a series of failovers, so that each node has a chance to become passive. Once all nodes have been upgraded, you must copy LocalEngineMapping.cab from each active node’s local installation to the shared disk folder for the CMS. Forefront needs this file in the following shared disk location, in order to be able to upgrade the Kaspersky engine to version 8.
Copy LocalEngineMapping.cab from each active node’s local installation (source) to its shared disk folder (target):Source location:
<LocalDisk>\Program Files (x86)\Microsoft Forefront Security\Exchange ServerTarget location:
1. There is no need to restart any services or failover the cluster after you have copied LocalEngineMapping.cab to the shared disk folder.
2. If you do not copy LocalEngineMapping.cab to the shared disk folder, Forefront will continue to try to update version 5 of the Kaspersky engine (which will be retired by Microsoft after 31st January 2011).Prerequisites
This hotfix rollup requires that Forefront Security for Exchange Service pack 2 is installed.
This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.
The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone
tab in the Date and Time
item in Control Panel.
|File name||File version||File size||Date||Time||Platform|
|Localenginemapping.cab||Not Applicable||6,399||16-Jun-2010||21:14||Not Applicable|
Kapsersky, FSE, Forefront Security for Exchange, redistribution, sybariredistribution