Deploying Agents to Servers


Topic Last Modified: 2011-06-10

Once a server has been added to the Microsoft Forefront Protection Server Management Console (FPSMC), you must deploy the FPSMC agent to it before it can be managed. The agent serves as the interface between the FPSMC and the managed server.

If you would like to watch a video that walks you through the process for deploying agents to servers, see Configuring FPSMC on TechNet Edge.

.NET Framework 3.5 SP1 must be installed on servers managed by FPSMC.
To deploy an agent
  1. Click Server Management, located in the Administration section of the Navigation Area, to open the Server Management work pane.

  2. In the Server Management work pane select one or more servers without agents. Servers without an installed agent display Unknown or Agent Uninstalled in the Status column of the Server Selection table.

  3. Click Deploy Agent to open the Deploy Agent work pane.

  4. Enter a username and password with administrative rights on the selected servers and then click OK. The username must be in the format domain\username or server\username and must have administrative rights as either a local administrator or a domain administrator. You can use the same set of credentials for all listed servers by selecting the Use these credentials for all servers option.

  5. FPSMC will return you to the Server Management work pane.

To check the deployment status of the agent, refresh the Server Management work pane. The status column will show, for each server it will show either, Agent Installed (indicating success), Error (indicating a problem), or Unknown (indicating that no attempt was made to install an agent). A blank entry in the Status column indicates that the agent deployment is still in process. For more information about detailed status information regarding the agent deployment, see Viewing and Managing Notification Logs.

To manually deploy an agent
  1. In FPSMC add the target server(s). Do not choose Deploy Agent.

  2. On the FPSMC server, use Microsoft Management Console to add the Certificates snap in, by choosing computer account for the type of certificate the MMC will manage and local computer for the computer you want the snap in to manage.

    If pre-existing FPSMC certificates are present in the target server stores, they must be deleted or the agent installation will fail when run on the target server!
  3. On the FPSMC server, using the snap in you created in the previous step, export the 'FpsmcCert' certificate (computer account) located at Certificates >Personal >Certificates. Select Yes when asked to export the private key. The export file format should be Personal Information Exchange. At the next pane choose and remember the password, and save the exported file. The filename should be fpsmc.pfx.

  4. Do not save the file to the original location, which will overwrite the current certificate. Save it to another location which you will use to copy to the target computer.

  5. Copy the DeployAgent.msi file (from drive X:\Program Files\Forefront Protection Server Management\Services\DeployAgent) and your exported certificate to a location accessible by the target computer.

  6. On the target computer, using the Certificate Import Wizard, import this certificate to both the Personal ceritificate store and the Trusted People certificate store of the Local Computer account.

  7. Install deployment agent by running: msiexec /i deployagent.msi NFY_SERVER=X NFY_PORT=8817 (where X is the FPSMC server hostname)

  8. On the FPSMC server, perform the deploy agent steps. The server will detect that the agent is deployed and attempt to get only the status, update server info in database.