Using FSSMC tools to collect diagnostic information
Applies to: Forefront Server Security Management Console
Diagnostic logging can be used by Microsoft support engineers to help troubleshoot problems when FSSMC is not functioning properly. To accurately diagnose a problem, support engineers typically need a variety of information about FSSMC and the Forefront Server Security or Antigen servers it is managing. This information includes diagnostic logs, third-party scan engine information, registry settings, and deployment agent information, among other things.
To make it easier for you to collect FSSMC diagnostic information, the FSSMC diagnostic tool automates the process, assembling all the necessary data in one file called SEMInfo.zip.
You can also run the FSSMC Remote Diagnostic tool, which automates a similar diagnostic data collection process on the remote managed servers. In this case, the file that is created is called SEMInfo_Remote.zip.
After SEMInfo.zip and SEMInfo_Remote.zip are created, you can upload these files to Microsoft so that support engineers can better help you troubleshoot your FSSMC issues. When you contact Microsoft support, you are told where to upload the files.
To collect diagnostic data from the FSSMC and managed servers
Enable diagnostic logging on the FSSMC server by clicking Start, pointing to All Programs, pointing to Microsoft Forefront Server Security, pointing to Diagnostics, and then clicking Enable Forefront Log.
From FSSMC, deploy an agent to the Antigen or Forefront Server Security product server if you have not done so already. For more information, see “Deploying Agents” in Getting Started.
Enable diagnostic logging on the managed server by clicking Start, pointing to All Programs, pointing to Microsoft Forefront Server Security Management Console Remote Diagnostics, and then clicking Enable Forefront Log.
Reproduce the issue that you are experiencing with FSSMC.
Collect diagnostic information on the FSSMC server by clicking Start, pointing to All Programs, pointing to Microsoft Forefront Server Security, pointing to Diagnostics, and then clicking Forefront Diagnostic.
Collect diagnostic information on the managed server by clicking Start, pointing to All Programs, pointing to Microsoft Forefront Server Security Management Console Remote Diagnostics, and then clicking Forefront Remote Diagnostic.
On Antigen servers only, you must also run the Antigen diagnostic utility, because the FSSMC Remote Diagnostic tool does not collect certain files that may be helpful when troubleshooting Antigen issues. For more information about running the Antigen diagnostic utility in order to collect data about Antigen, see Appendix D - Using the Antigen diagnostic utility in the Microsoft Antigen for Exchange User Guide.
Contact Microsoft Help and Support to find out where to upload the compressed files (SEMInfo.zip and SEMInfo_Remote.zip), and optionally, the Antigen files created by running the Antigen diagnostic utility. For information about the location and contents of the SEMInfo.zip and SEMInfo_Remote.zip files after they are created, see About SEMInfo.zip files and About SEMInfo_Remote.zip files.
Upload the compressed files to Microsoft.
Note
You can also use additional FSSMC diagnostic utility options. The Clear Forefront log option removes all Forefront logs except the logs in the zip files, and Disable Forefront log turns off the Forefront logs.
About SEMInfo.zip files
After it is created, the SEMInfo.zip file is placed by default in the following folder:
Microsoft Forefront Security\Server\Server Management\Diagnostics
This compressed file contains the following files.
File | Description |
---|---|
COM+_Users.txt |
Collects all users associated with the following COM+ FSSMC services:
|
GeneralInfo.txt |
Provides general information on FSSMC and the system, such as operating system version, FSSMC version, SQL version, and Global Assembly Cache. |
NetShare.txt |
Contains the output of Net Share. |
Registry_Software.txt |
Collects the FSSMC registry. |
Registry_System.txt |
Collects the system registry. |
EventLog_Application |
Collects the application event log in .evt format. |
EventLog_Security |
Collects the security event log in .evt format. |
EventLog_System |
Collects the system event log in .evt format. |
DirPermission.txt |
Contains access permission information for the directories to which FSSMC requires access. |
IISInfo.txt |
Contains IIS information such as Semconsole path, AppRoot, and so on. |
LocalPolicy.inf |
Exports user logon rights and privileges to the file. |
FSSMCInstall.log |
If it exists, this log contains FSSMC installation information |
Microsoft.FSSMC.installationhelper.InstallLog |
If it exists, this log provides logging of the .NET installation and registration. |
FSSMCLog.txt |
If it exists, this log provides diagnostic logging for FSSMC. |
RedistributionAgent.txt |
If it exists, this log contains scan engine update information. |
SchedulerService.txt |
Contains FSSMC scheduled job information. |
LastGood.xml |
If it exists, this log contains the last good engine update information. |
dirtree.txt |
Contains the directory tree under the \\Redistribution\\Cache directory. |
DownloadEngineFiles.txt |
If it exists, this log contains logging from the DownloadEngineFiles module that downloads all scan engine updates. |
DeploymentAgent.txt |
Provides logging for the deployment agent module. |
BootStrapper.txt |
Provides logging from the bootstrapper module used during the FSSMC installation. |
About SEMInfo_Remote.zip files
After it is created, the SEMInfo_Remote.zip file is placed by default in the following folder:
Microsoft\FSSMC DeploymentAgent-number
This compressed file contains the following files.
Note
The FSSMC Remote Diagnostic tool does not collect the following files on managed Antigen servers: ForefrontInstall.log, FSCStatsServ.txt, StatisticsManagerServer.txt, HRLog.txt, ProgramLog.txt, AEXMLAdapter.txt, and StatisticsManagerClient.txt. You can gather this information by using the Antigen diagnostic utility; for more information, see Appendix D - Using the Antigen diagnostic utility in the Microsoft Antigen for Exchange User Guide.
File | Description |
---|---|
EventLog_Application |
Collects the application event log in .evt format. |
EventLog_Security |
Collects the security event log in .evt format. |
EventLog_System |
Collects the system event log in .evt format. |
ForefrontInstall.log |
If it exists, this log contains the Forefront Server Security installation information. |
SybariCacheDirInfo.txt |
Contains all files and subdirectories in the C:\WINDOWS\Temp\SybariCache directory. |
Registry_Software.txt |
Collects the Antigen or Forefront Server Security registry |
GeneralInfo.txt |
Provides general system and Antigen or Forefront Server Security related information such as operating system version, Antigen statistics service status, and FSSMC deployment account privileges. |
DeploymentAgent.txt |
Contains FSSMC agent deployment related information. |
FSCStatsServ.txt |
Contains information about the Forefront Server Security calls made using the FSCStatisticsService service to update statistics data. Provides logging information for the statistics module, which processes the statistics information from Forefront Server Security. |
PushInstaller.txt |
Contains information about the PushInstaller service process, which is used during FSSMC agent deployment. |
StatisticsManagerServer.txt |
Contains information about updating statistics data for FSSMC. |
HRLog.txt |
Contains Antigen or Forefront Server Security errors. |
ProgramLog.txt |
Contains diagnostic and general activity for Antigen or Forefront Server Security, including scan engine updates, and virus and filtering detections and errors. |
AEXMLAdapter.txt |
Provides logging for the aexmladapter module. |
StatisticsManagerClient.txt |
Provides logging for the statistics service module. |