Installing and configuring the Enterprise Manager down-level component

  • Article

Applies To: Forefront Client Security

The Enterprise Manager down-level component adds functionality to any standard Client Security deployment. The Enterprise Manager down-level component must be installed on the Client Security collection and collection database servers in a Client Security deployment.

Installing and configuring prerequisites

Before installing the down-level Client Security server component, you must verify that all Client Security server components have the most recent Client Security program updates installed.

Important

Each target down-level Client Security deployment must have a unique MOM Management group name.

Before installing the down-level server component, you must add the MOM Connector Framework and the MOM Product Connector components to the Client Security installation on the target Client Security deployments.

Note

The MOM Connector Framework requires that Internet Information Server (IIS) and ASP.NET 1.1 are present on the Client Security collection server.

To add the MOM components to Windows Server 2008

  1. On the target down-level Client Security collection server, in a command prompt, change to the location of the Client Security installation files, type the following command, and then press ENTER:

    Msiexec /i path :\momserver.msi /l*v log file path CONFIG_GROUP=” management group name ” ADDLOCAL=”MCF” MOM_SERVER=” server name ” PREREQ_COMPLETED=1  /qn

    Where:

    • path is the full path to the Client Security installation files.

    • log file pathis the location in which you want the log files to be stored.

    • management group name is the MOM management group name of the Enterprise Manager server.

    • server name is the name of the Enterprise Manager server.

    • This command adds the MOM Connector Framework to the MOM 2005 installation.

  2. Type the following command, and then press ENTER:

    Msiexec /i path :\momserver.msi /l*v log file path CONFIG_GROUP=” management group name ” ADDLOCAL=”MMPC” MOM_SERVER=” server name ” PREREQ_COMPLETED=1  DAS_ACCOUNT=” DAS account name ” DAS_PASSWORD=” DAS account password ” DAS_DOMAIN=” domain of the DAS account ” /qn

    Where:

    • path is the full path to the Client Security installation files.

    • log file pathis the location in which you want the log files to be stored.

    • management group name is the MOM management group name of the Enterprise Manager server.

    • server name is the name of the Enterprise Manager server.

    • DAS account name is the name of the Data Access Server (DAS) account specified during Client Security setup.

    • DAS account password is the password of the DAS account.

    • domain of the DAS account is the Active Directory domain of the DAS account.

To add the MOM components to Windows Server 2003

  1. Log on to the Client Security collection server as an administrative user.

  2. In the Control Panel, double-click Add or Remove Programs.

  3. In the installed programs list, click Microsoft Operations Manager 2005, and then click Change.

  4. In the Microsoft Operations Manager 2005 Setup box, click Next.

  5. On the Microsoft Operations Manager 2005 Maintenance page, verify Modify is selected, and then click Next.

  6. On the Custom Setup page, next to MOM Connector Framework, click the down arrow, and then click This component will be installed on local hard disk.

  7. Next to MOM Product Connector, click the down arrow, click This component will be installed on local hard disk, and then click Next.

  8. On the Prerequisite Check page, verify Passed appears, and then click Next.

    If the Prerequisite Check page displays Failed, click View Log, and then resolve any issues displayed.

  9. On the Data Access Server Account page, enter the same username and password that you specified for the DAS account during Client Security server setup, and then click Next.

  10. Click Install, and then when the installation is complete, click Finish.

For this version of Enterprise Manager, the MOM Connector Framework Web site must be configured to use ASP.NET 1.1.

To verify and apply the ASP.NET settings on Windows Server 2008

  1. In a command prompt, type the following command, and then press ENTER:

    %windir% \Microsoft.net\Framework\v1.1.4322\aspnet_regiis.exe -ir -enable

    Where %windir% is the Windows directory on your computer. This command creates a new IIS application pool named ASP.NET 1.1.

  2. In the command prompt, change to the %windir%\system32\inetsrv directory, type the following command, and then press ENTER:

    appcmd set app "Microsoft Operations Manager 2005 Connector Framework/" /applicationpool:"ASP.Net 1.1"

    This configures the MOM 2005 Connector Framework to use the ASP.NET 1.1 application pool.

To verify the ASP.NET settings on Windows Server 2003

  1. In Administrative Tools, start the Internet Information Services (IIS) Manager.

  2. Expand computername, and then expand Web Sites.

  3. Right-click Microsoft Operations Manager 2005 Connector Framework, and then click Properties.

  4. On the ASP.NET tab, in the list next to ASP.NET version, ensure **1.1.**nnnnis displayed, where nnnn is any number, and then click OK.

To configure the MOM Product Connector

  1. On the Client Security collection server, in the MOM Administrator console, in the tree, expand Administration, right-click Product Connectors, and then click Create MOM-to-MOM Connection.

  2. In the Create MOM-to-MOM Connector wizard, click Next.

  3. On the Connector page, in the Connector Name box, enter a name for the connection, and then click Next.

  4. On the Destination Management Group page, ensure Target MOM Management Server is selected, enter the name of the Enterprise Manager server, and then click Next.

  5. On the Forwarding page, ensure Forward new alerts and alert updates from Source to Destination is selected, select the Receive alert updates from Destination back to Source check box, and then click Next.

  6. On the Failover Configuration page, click Next.

  7. On the Confirmation page, verify the MOM-to-MOM Connector Properties, click Next, and then on the Completing page, click Finish.

To enable the alert forwarding rule in the MOM 2005 Management Pack

  1. On the Client Security collection server, in the MOM Administrator console, in the tree, expand the following path:

    Microsoft Operations Manager, Management Packs, Rule Groups, Microsoft Operations Manager, Operations Manager 2005, Connector Framework, Mark Alerts for forwarding to MOM Master management group.

  2. Select Alert Rules, and in the details pane, right-click Mark Alerts for forwarding to the MOM Master management group, and then click Properties.

  3. Click the Alert Criteria tab, and then click Advanced.

  4. In the Advanced Criteria box, under Process only data that matches all these criteria, select the existing criteria, and then click Remove.

  5. Under Define more criteria, in the Field list, select Severity.

  6. In the Condition list, select is at least, and then in the Value list, select Warning.

  7. Click Add to list.

  8. In the Advanced Criteria box, click Close.

  9. Click the General tab, click to select the This rule is enabled check box, and then click OK.

To configure the Rule Group settings

  1. On the Client Security collection server, in the MOM Administrator console, in the tree, expand the following path:

    Microsoft Operations Manager, Management Packs, Rule Groups, Microsoft Operations Manager, Operations Manager 2005, Connector Framework, Mark Alerts for forwarding to MOM Master management group.

  2. Right-click Mark Alerts for forwarding to MOM Master management group, and then click Associate with Computer Group.

  3. On the Computer Groups tab, click Add.

  4. In the Select Item list, select Microsoft Forefront Client Security Reporting, and then click OK.

  5. Repeat steps 4 and 5 for the following Computer Groups:

    Microsoft Forefront Client Security Management

    Microsoft Forefront Client Security Distribution

    Microsoft Forefront Client Security Collector

    Microsoft Forefront Client Security Agents

    Alert Level 5

    Alert Level 4

    Alert Level 3

    Alert Level 2

    Alert Level 1

    Microsoft Operations Manager 2005 Reporting Database Servers

    Microsoft Operations Manager 2005 Report Servers

    Microsoft Operations Manager 2005 Product Connector Servers

    Microsoft Operations Manager 2005 Databases

    Microsoft Operations Manager 2005 Agents

    Microsoft Operations Manager 2005 Agentless

  6. In the Rule Group Properties box, click OK.

  7. In the tree, right-click Management Packs, and then click Commit Configuration Change.

The final prerequisite configuration step is to configure the MOM agent on the Client Security collection server to report to the Enterprise Manager. This is accomplished by installing another instance of the MOM agent and configuring it to belong to Enterprise Manager management group.

To install the MOM agent

  1. In the Client Security retail installation media, browse to the Client folder, and then double-click momagent.msi.

  2. In the Microsoft Operations Manager 2005 Agent Setup wizard, click Next.

  3. On the Destination Folder page, click Next.

  4. On the Agent Configuration page, in the Management Group Name box, type the name of the Enterprise Manager management group.

  5. In the Management Server box, type the name of the Enterprise Manager server, click Full, and then click Next.

  6. On the MOM Agent Action Account page, select Domain or Local Computer Account, type the Account and Password for the action account, and then click Next.

    The account specified here should be the action account specified when Client Security was installed on the target down-level servers.

  7. On the Active Directory Configuration page, click Next.

  8. On the Ready to Install page, verify the settings, and then click Install.

  9. On the Completing page, click Finish.

The down-level server's MOM agent installation will be approved in the Enterprise Manager server's MOM Administrator console within an hour. If you need the down-level server's MOM agent approved sooner, see "Approving clients through the MOM server" in Deploying Client Security to the client computers (https://go.microsoft.com/fwlink/?LinkId=102078).

Installing the Enterprise Manager down-level server components

The Client Security topologies that are managed by the Enterprise Manager server must have the Enterprise Manger down-level server components installed. In each Client Security deployment that is managed by the Enterprise Manager server, you must install the Enterprise Manager down-level server component on the Client Security collection and collection database servers. The Windows Installer file for down-level servers (FCSEnterpriseManagerDLS.msi) is copied to the Client Security installation folder on the Enterprise Manager Server, and you must copy it to each target server.

To install the Enterprise Manager down-level server components

  1. Log on to the target server with a user account that has administrative rights.

  2. Copy the file FCSEnterpriseManagerDLS.msi from the Client Security installation folder on the Enterprise Manager server (the default location is: C:\Program Files\Microsoft Forefront\Client Security\Server) to a folder on your computer.

  3. Click Start, select Run, type cmd, and then click OK.

  4. In the command prompt window, type the following command, and then press Enter:

msiexec /i   **FCSEnterpriseManagerDLS.msi /l*v **logfilename  EMSERVER=servername EMREPORTING=instancename

where *logfilename* is the name of the file to log to, *servername* is the name of the Enterprise Manager server, and *instancename* is the name of the SQL Server instance on the Enterprise Manager server, if not using the default instance. If the Enterprise Manager server uses the default SQL Server instance, omit this parameter.