Client/Server data issues
Published: December 16, 2009
Applies To: Forefront Client Security
This topic contains the following sections:
Exclamation-point alert icon in the notification area after installation
After Client Security is installed, the Client Security notification icon on the management server might be yellow with an exclamation point. Additionally, error 0x80240016 is logged in the WindowsUpdate.log file.
This icon indicates that the Client Security agent is unable to download definition updates. However, the system does have the correct definitions.
Open the Client Security user interface and click Check for Updates Now. If this does not resolve the issue, either log off and log back on, or right-click the exclamation-point icon and choose exit, and then restart the Client Security program from the Start menu. This will launch the notification icon again.
Client computers do not appear under Pending Actions
Client computers might not be listed under Pending Actions in the MOM Administrator console.
To view client computers, expand Administration, expand Computers, and then click Pending Actions.
Verify that the management server meets all of the following conditions:
If there is a firewall installed on the computer, ensure UDP/TCP port 1270 is open.
The computer’s security policy allows "Access this computer from the network" permissions to either Everyone (in the case of clients that are not members of the domain) or Authenticated Users (for domain members).
For more information, see Knowledge Base article 823659 (http://go.microsoft.com/fwlink/?LinkId=86293).
If you see event ID 26017 in the Application log of Event Viewer, see "Agents are rejected with event ID 26017" in Event IDs.
Delay in managed computer appearing on the management server
When deploying the Client Security agent to computers that already have the MOM agent installed, you may experience a delay in those computers being listed as Agent-managed in the MOM 2005 Administrator Console, under Administration, Computers, All Computers.
The multihomed agents will appear in the MOM Administrator console in 2 hours.
To speed up the appearance of the multihomed agents, run a manual Computer Discovery.To run a manual Computer Discovery
In the MOM Administrator console, expand Administration and expand Computers.
Right-click Computer Discovery Rules, choose Run Computer Discovery Now, and click OK.
MOM server not communicating with agents
After installing Client Security, you might notice that the MOM server is not receiving events from the MOM agents on the client computers.
MOM uses TCP/UDP on port 1270 to communicate with the agents.
Check the collection server and ensure that a firewall is not blocking this port.
Agent data no longer being reported
When you rename a computer that has the Client Security agent installed, or when you move it to another domain, the computer stops reporting data to the management server.
MOM data is associated with the name of the computer from which the data originates. Renaming a computer or changing its domain membership breaks this association.
You must remove and reinstall the MOM agent from the affected systems. For details, see Migrating Agents Across Domains (http://go.microsoft.com/fwlink/?LinkId=86557).
|Data is not lost in this procedure. MOM treats the two different names as two entirely different computers. To view data from the computer before the rename or move procedure, query for the old name of the computer.|
For more information regarding Client Security best practices, see the Client Security Administration Guide (http://go.microsoft.com/fwlink/?LinkId=86657).
Safe Mode results in no events reported
Client computers running in Safe Mode might not report events to the reporting server.
The MOM agent cannot be started in Safe Mode. This service must be running for events to be reported to the reporting server.
To begin receiving events, restart the client computer in normal mode.