Description of Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2
Issues that are fixed in Hotfix Rollup 3 for Forefront Security for Forefront Security for Exchange Service pack 2This hotfix rollup addresses an issue found in Forefront Security for Exchange that may prohibit users from leveraging version 8 of the Kaspersky antivirus engine.
You would not experience this issue on a Forefront Security for Exchange installation that is not leveraging a redistribution server or an FSSMC server to receive engine updates.
· The Kaspersky engine's names incorporates the version number '5'. Even after installing this hotfix rollup, the engine name for Kaspersky will still be "Kaspersky5" in both logs and within the Forefront Administrator client. This is purely a cosmetic issue and does not affect functionality. If you wish to confirm the version of the Kaspersky engine, check the Engine Version of Kaspersky under SETTINGS --> Scanner Updates in the Forefront Administrator client. Note that the Kaspersky engine must update at least once after this hotfix rollup has been installed, in order for Kaspersky 8 to be installed.
Hotfix rollup information
Download informationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
How to install the hotfix rollupTo install the hotfix rollup on any server that is not part of a SCC cluster, follow these steps:
- Run the installer. To do this, double-click the hotfix rollup executable file.
Note When the installer is running, the Forefront services are stopped.
- After the installation is complete, and the Forefront services are restarted, make sure that Forefront is working correctly.
- The Forefront services are restarted automatically during the installation.
- Forefront service packs or hotfix rollups can be installed by using the FFSMC Deployment job. For more information, see "Deployment Jobs" in the Forefront Server Security Management Console User's Guide. In this case, the installer runs in silent mode, and user input is not required. The rest of the process remains the same as when you double-click the executable file to run the installer .
To install this particular hotfix on a SCC cluster, you should perform upgrades on all active nodes first. Setup will prompt you to allow it to take resources offline and bring them back online automatically. Check that all resources are online, and that all Forefront and Exchange services have been started afterwards. You should manually bring resources online / start services, if necessary. Once you have upgraded the active nodes, do not failover. Finally, upgrade each passive node in turn.
Installing on all active nodes first means that Forefront will be able to access the DatabasePath location, where it needs to copy a file to (LocalEngineMapping.cab).
If you prefer not to upgrade on active nodes, you may perform a “rolling upgrade” where you install on each node only when it is in a passive state. This involves performing a series of failovers, so that each node has a chance to become passive. Once all nodes have been upgraded, you must copy LocalEngineMapping.cab from each active node’s local installation to the shared disk folder for the CMS. Forefront needs this file in the following shared disk location, in order to be able to upgrade the Kaspersky engine to version 8.
Copy LocalEngineMapping.cab from each active node’s local installation (source) to its shared disk folder (target):
Source location: <LocalDisk>\Program Files (x86)\Microsoft Forefront Security\Exchange Server
Target location: <SharedDisk>\ForefrontCluster\Engines\
1. There is no need to restart any services or failover the cluster after you have copied LocalEngineMapping.cab to the shared disk folder.
2. If you do not copy LocalEngineMapping.cab to the shared disk folder, Forefront will continue to try to update version 5 of the Kaspersky engine (which will be retired by Microsoft after 31st January 2011).
This hotfix rollup requires that Forefront Security for Exchange Service pack 2 is installed.
File informationThis hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.
The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
|File name||File version||File size||Date||Time||Platform|
|Localenginemapping.cab||Not Applicable||6,399||16-Jun-2010||21:14||Not Applicable|
Article ID: 2420644 - Last Review: 02/26/2011 10:59:00 - Revision: 3.0
- kbautohotfix KB2420644