Troubleshooting Enterprise Manager

  • Article

Applies To: Forefront Client Security

This topic helps you understand the cause and identify possible solutions for problems you might experience while using Enterprise Manager.

For general Client Security troubleshooting information, see the Client Security Troubleshooting guide (https://go.microsoft.com/fwlink/?LinkID=63019).

After you install Enterprise Manager, when you open the Microsoft Operations Manager (MOM) 2005 Operator Console and view an alert, the report link in the Alert Details pane may incorrectly point to the Client Security down-level reporting server. This report displays the information only from the corresponding down-level deployment, and report links point only to the Client Security down-level reporting server.

To resolve this issue, you must reactivate a MOM management pack.

To resolve the link issue

  1. Click Start, click All Programs, click Microsoft Operations Manager 2005, and then click Operator Console.

  2. In the Alerts pane, select all alerts, right-click one of the selected alerts, click Set Alert Resolution State, and then click Resolved.

  3. Click Start, click All Programs, click Microsoft Operations Manager 2005, and then click Administrator Console.

  4. In the tree, expand the following path:

    Management Packs/Rule Groups/Microsoft Forefront Client Security/Server Behaviors

  5. Click Alert Rules, and in the details pane right-click Update Report Link and then click Properties.

  6. In the Alert Rule Properties (managementgroupname)-Update Report Link dialog box, on the General tab, clear the This rule is enabled check box, select the This rule is enabled check box, and then click OK.

  7. In the tree, right click Management Packs and click Commit Configuration Change, and then in the Configuration Change confirmation dialog box, click Close.

MOM to MOM Product Connector logs event ID 10069 in the application log

On the Enterprise Manager server, event ID 10069 may be logged in the application log in the event viewer. Event ID 10069 is logged by the MOM to MOM Connector, and contains the following text:

Error message

The following alert was not updated because it was suppressed into the corresponding alert (original alert id ==> suppressed alert id): original alert guid ==> suppressed alert guid

To determine which MOM rule is causing this error, you must query the down-level collection database.

To determine which MOM rule is causing the error

  1. On the down-level server, click Start, point to All Programs, point to Microsoft SQL Server 2005 and then click SQL Server Management Studio.

  2. In the SQL Server Management Studio, click New Query.

  3. On the toolbar, click the list for Available Databases, and then click OnePoint.

  4. In the query pane, enter the following commands:

    Select Alert.idAlert, Alert.Name

    From MMPC_AlertIds Join Alert

    On MMPC_AlertIds.ForwarderAlertId = Alert.idAlert

    Where ForwardeeAlertId = ' original alert guid '

    Where original alert guid is the guid taken from the event ID message.

  5. On the toolbar, click Execute.

    In the Messages window, the rule causing the error message is listed in the second return column. Note this rule name.

  6. Click Start, click All Programs, click Microsoft Operations Manager 2005, and then click Operator Console.

  7. In the Alerts pane, select all alerts, right-click one of the selected alerts, click Set Alert Resolution State, and then click Resolved.

  8. Click Start, click All Programs, click Microsoft Operations Manager 2005, and then click Administrator Console.

  9. In the tree, expand the following path:

    Management Packs/Rule Groups/Microsoft Forefront Client Security

  10. Right-click Microsoft Forefront Client Security, and then click Find Rules.

  11. On the Rule Search - Location page, click Next.

  12. On the Rule Search - General page, click to select the Rule name check box, choose contains substring from the list, type the beginning portion of the name of the rule obtained in step 4 (without the Alert Level portion) in the text box, and then click Next.

  13. On the Rule Search - Overrides page, click Next.

  14. On the Rule Search - Responses page, click Finish.

  15. In the Rule Search results window, right-click one of the matching rules, and then click Properties.

  16. In the Rule Properties (managementgroupname) dialog box, on the General tab, clear the This rule is enabled check box, select the This rule is enabled check box, and then click OK.

  17. Repeat the previous two steps for each matching rule.

  18. In the Console Root window, in the tree, right-click Management Packs, click Commit Configuration Change, and then, in the Configuration Change confirmation dialog box, click Close.

Security state assessment reports display with mismatched language descriptions

When you view Client Security security state assessment (SSA) reports on a non-English Enterprise Manager server, descriptions for SSA checks may appear in a language that does not match the language of the client computers.

This discrepancy occurs because the SSA client component reports in the language of the computer that deployed the Client Security policy. Because all Client Security policy is managed by the Enterprise Manager server, the SSA client component reports in the language of the Enterprise Manager server. For example, in a mixed language environment where your Enterprise Manager server uses English and your clients do not, the SSA clients report in English.

Additionally, if you installed the Client Security agent manually (by using clientsetup.exe) and is no Client Security policy deployed to the agents, the SSA client component reports in English.

Reports periodically display "Server Application Unavailable" in Enterprise Manager

On the Enterprise Manager server, after you click on a report in the Client Security console, you may see the message "Server Application Unavailable" in SQL Server Reporting Services Report Viewer.

Additionally, you may also see Event ID 1062 in the application log of Event Viewer, with the following description:

"It is not possible to run two different versions of ASP.NET in the same IIS process. Please use the IIS Administration Tool to reconfigure your server to run the application in a separate process."

This problem occurs in Internet Information Services (IIS) 6.0 due to the interaction of application pools and different versions of ASP.NET. In IIS 6.0, each application pool can load only a single version of ASP.NET. If there are virtual directories in a single application pool loading different versions of ASP.NET, this error periodically occurs.

To resolve this error as it relates to Client Security and Enterprise Manager, check the application pool that SQL Server Reporting Services is configured to use in IIS. Verify that each application within that pool is configured to load the same version of ASP.NET.

To verify ASP.NET versions

  1. Start Internet Information Services (IIS) Manager from the Administrative Tools menu.

  2. In the tree, expand servername, and then expand Application Pools.

  3. In the tree, click on the application pool that contains the SQL Server Reporting Service components (by default, this is ReportServer), and then in the details pane, note each entry.

    Each entry has a description in the Description column and a location in the Path column. Note the location for each entry.

  4. In the tree pane, expand Web Sites and then expand the web site indicated in the Path column in the previous step.

  5. For each entry that exists in the ReportServer application pool (step 3), perform the following steps:

    1. In the tree, right-click applicationame and click Properties.

    2. Click the ASP.NET tab, and note the ASP.NET version number.

    Ensure that all applications in the application pool have the same ASP.NET version number.

You may also see this error message when the MOM Connector Framework is configured to use an IIS application pool that contains a web application configured to use ASP.NET 2.0.

Exception thrown when you view reports in Report Viewer

When you open a Client Security report in SQL Server Reporting Services Report Viewer, Report Viewer may display the following error message: "Execution 'string' cannot be found (rsExecutionNotFound)", where 'string' is any 24 character string.

This error occurs due to one of the following reasons:

  • Insufficient IIS Session and ASP script timeout values

  • A SQL Server hotfix needs to be installed

After you view a Client Security report in Report Viewer, if a period of time passes before you click a link within the report, Report Viewer displays the error message. To resolve this error, you must increase the values for the timeouts.

To increase the IIS Session and ASP Script timeout values

  1. Start Internet Information Services (IIS) Manager from the Administrative Tools menu.

  2. Expand servername, expand Web Sites, and then expand Default Web Site.

  3. Right-click Reports, and then click Properties.

  4. In the Reports Properties dialog box, on the Virtual Directory tab, click the Configuration button.

  5. In the Application Configuration dialog box, click the Options tab.

  6. In the Session timeout selection box, enter the number of idle minutes before timing out the session.

    The recommended timeout value for Session timeout is 60 minutes.

  7. In the ASP script timeout selection box, enter the number of idle seconds before timing out an ASP script, click OK, and then in the Reports Properties dialog box, click OK.

    The recommended timeout value for ASP script timeout is 270 seconds.

  8. Repeat steps 3-7 for the ReportServer virtual directory.

When you open a Client Security report in Report Viewer, Report Viewer may display the following error message: "Execution 'string' cannot be found (rsExecutionNotFound)", where 'string' is any 24 character string.

There is a SQL Server Reporting Services hotfix available to correct this issue. For more information, see Microsoft Knowledge Base article 917070 (https://go.microsoft.com/fwlink/?LinkId=105903).

Down-level Client Security deployment does not report to the Enterprise Manager server

When you view the managed computers in the Client Security console on the Enterprise Manager server, the count of managed computers does not include all down-level Client Security deployments. Additionally, the data consistency banner does not appear in the console.

This issue can occur if the Enterprise Manager down-level component was not installed on the Client Security collection server component in the down-level deployment. To resolve the issue, ensure the Enterprise Manager down-level component is installed on the collection and collection database components.

Aggregated reports fail with the message "procedure not found"

When you attempt to view a report that contains an aggregated top listing of data, you receive a "procedure not found" message in the report.

This problem occurs because the Enterprise Manager down-level component has not been run on the down-level collection database component. To resolve the issue, ensure the Enterprise Manager down-level component is installed on the collection and collection database components.