Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Resources for IT Professionals
Click to Rate and Give Feedback
TechNet
TechNet Library

  Switch on low bandwidth view
Microsoft Forefront Client Security
Post-setup issues

This topic describes the following issues that might occur immediately after you complete the Setup wizard:

Unexpected CPU usage

Exclamation-point alert icon in the notification area after installation

Error 10002 occurs

Unable to access reports on a remote reporting server

Data transfer job fails with event ID 81

Client computers do not appear under Pending Actions

Event ID 10016 occurs

After installing a distribution server (with the prerequisites of SQL Server and WSUS), you might notice that SQL Server is using substantial amounts of processor time when no actions are being performed.

Background

Installing a distribution server causes WSUS to synchronize with the Microsoft Update servers. WSUS stores this update information in the SQL Server database.

Solution

WSUS should be allowed to complete synchronization before you install Client Security.

After Client Security is installed, the Client Security notification icon on the management server might be yellow with an exclamation point. Additionally, error 0x80240016 is logged in the WindowsUpdate.log file.

Background

This icon indicates that the Client Security agent is unable to download definition updates. However, the system does have the correct definitions.

Solution

Open the Client Security user interface and click Check for Updates Now. If this does not resolve the issue, either log off and log back on, or right-click the exclamation-point icon and choose exit, and then restart the Client Security program from the Start menu. This will launch the notification icon again.

Immediately after completing installation of Client Security, but before you run the Configuration wizard, you may see the following error in the System log of Event Viewer:

Error message

Event Type:Error

Event Source:FcsMs

Event Category:None

Event ID:10002

Date:2/27/2007

Time:9:27:24 AM

User:N/A

Computer:B3TSTX106

Description:

The Management Server Service could not import the updated antimalware definition. The component reporting the error returned the following details:

Cannot open database "OnePoint" requested by the login. The login failed.

The details may also contain the following sentence: "Could not find stored procedure 'fcs_Get_AM_Version_Information'."

Background

Error 10002 occurs due to the installation of Client Security not being fully configured.

Solution

Run the Configuration wizard by launching the Client Security console for the first time.

After installation of SQL Server Reporting Services, an attempt to access the remote Report Manager might result in the following message: "The current identity (NT AUTHORITY\NETWORK SERVICE) does not have write access to 'C:\Windows\Microsoft.Net\Framework\v2.0.50727\Temporary ASP.NET Files.'"

Background

This issue may occur on topologies with remote MOM reporting servers.

Solution

To resolve this problem, you must explicitly grant network service write permissions to the .NET Framework folder on the remote MOM reporting server.

To grant write permissions to the .NET Framework folder

  1. Open the following folder:C:\Windows\Microsoft.Net\Framework\ v2.0.50727\Temporary ASP.NET Files

  2. Right-click the folder and click Sharing and Security.

  3. Click the Security tab and click Add.

  4. In the Enter the object names to select box, type Network Service, and then click OK.

  5. Under Allow, ensure that the Read & Execute, List Folder Contents, and Read check boxes are selected.

  6. Under Allow, select the Write check box, and then click OK.

  7. In the warning message that appears, click Yes.

If the collection database and the reporting database reside on different systems and the SQL Server Agent service is running as Local System on the server containing the reporting database, you may see the following error in the Application log:

Error message

Source: DataTransformationServices

ID: 81

Error Source: Microsoft Data Transformation Services (DTS) Package

Error Description:Package failed because Step 'DTSStep_DTSTransferObjectsTask_1' failed.

Error code: 80040428

\Error Help File:sqldts80.hlp

Error Help Context ID:700
Background

This error occurs if the account that the SQL Server agent runs as on the server with the Reporting database does not have permissions to the collection database on the other server. This most frequently happens if the SQL Server agent is running as Local System.

Solution

It is recommended that the SQL Server Agent service account be a domain user account. If you are using an existing SQL Server computer for Client Security, you may not have the SQL Server Agent service using a domain user account.

For Client Security to work correctly, you must give permissions for the account under which the SQL Server Agent service runs on the reporting database to the collection database on the management, collection, and reporting servers. By doing so, you will enable the Client Security DTS account to access the collection database.

To grant permissions, do the following: on the management, collection, and reporting servers, add the domain user account that the SQL Server Agent service for the reporting database runs under to the SQLServer2005MSSQLUser $computername$ MSSQLSERVER group.

For more information about the recommended accounts for Client Security, see Installing and deploying Client Security (http://go.microsoft.com/fwlink/?LinkID=86650).

Client computers might not be listed under Pending Actions in the MOM Administrator console.

Background

To view client computers, expand Administration, expand Computers, and then click Pending Actions.

Solution

Verify that the management server meets all of the following conditions:

  • If there is a firewall installed on the computer, ensure UDP/TCP port 1270 is open.
  • The computer’s security policy allows "Access this computer from the network" permissions to either Everyone (in the case of clients that are not members of the domain) or Authenticated Users (for domain members).

For more information, see Knowledge Base article 823659 (http://go.microsoft.com/fwlink/?LinkId=86293).

If you see event ID 26017 in the Application log of Event Viewer, see "Agents are rejected with event ID 26017" in MOM issues.

In the System log of your reporting server, you may see event ID 10016 with information similar to the following:

Error message

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
Background

The "NETWORK SERVICE" account does not have Activate permissions in DCOM.

Solution
To resolve 10016 errors

  1. In Administrative Tools, open Component Services.

  2. In the tree, expand Component Services, expand Computers, expand My Computer, click DCOM Config.

  3. In the right pane, right-click the COM application labeled netman, and then click Properties.

  4. Click the Security tab, click Edit under Launch and Activation Permissions, and then in the Launch Permissions box, click Add.

  5. In the Select Users, Computers or Groups box, type network service and click OK.

  6. Under Permissions for NETWORK SERVICE, select the Allow check box for Remote Launch, Local Activation, and Remote Activation. Click OK to close the remaining dialog boxes.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker