FEP Reports not reporting properly and report requirement
-
Friday, December 02, 2011 7:03 PM
FEP 2010 running on SCCM 2007
couple of issues:
1) When I run a report say computer list report I see a disconnect between the data shown in the report and information I'm seeing elsewhere in FEP. Example, in the report it indicates Server A has definition 1.111.528.0 with last status sent 8/24/2011. When I go to the definition status page and search for Server A its listed under up to 3 days old. When I connect to the server it shows it updated its definition last yesterday and has definition 1.117.154. The report component is useless if its not in sync with whats actually happening. Ideas.
2) My CIO is requesting a report that shows when the last scan was done on a computer and the outcome of the scan. How do I get such a report as I don't see this option under any of the reports.
All Replies
-
Monday, December 05, 2011 8:09 AMModerator
Hi,
Thank you for your post.
1. You need to set up properly DCM agent scan interval or just change the interval on FEPMonitoring-Definitions and Health Status
2. Run "Antimalware Protection Summary Report"--click "Latest Antimalware Scan Summary"If there are more inquiries on this issue, please feel free to let us know.
Regards,
Rick Tan
TechNet Community Support
-
Monday, December 05, 2011 4:49 PM
Thanks for reply
1) Shows as Simple with 7 days. So why disconnect per first post
2) Ran report against All Desktops and Servers (report time span Week, start date 11/28, end date 12/5) and under "Latest Antimalware Scan Summary" it shows a value of 2 in RED for over 30 days and nothing else. This should be in the 300+ value. As indicated when I view main FEP screen it shows definition status of 300+ with up-to-date so the system is reporting back some information.
David
-
Wednesday, December 07, 2011 6:40 PM
Any update?
I found this link: http://blogs.technet.com/b/clientsecurity/archive/2011/05/19/forefront-endpoint-protection-fep-2010-fep-reports-may-not-display-properly.aspx but we are not experiencing an error. The report is running just not properly as indicated.
We have our OPS MGR DB on SQl 2005 SP3.
-
Wednesday, December 07, 2011 9:11 PMAs another example of our reports being incorrect. FEP dashboard is indicating Workstation X has an infection. I ran the Computer list report with the computer name as filter. It shows the computer name but shows its last status sent 8/24/11 and its clean. Looks like the reporting service or SQL DB is not getting updated properly.
-
Wednesday, December 07, 2011 9:56 PM
Found out what may be causing issue - How fix?
In my application event log I have the following shown below. (2 log entries shown)
When I manually run the SQL job step 1 succeeds and then Step 2 shows between Retries then job failes
Log Name: Application
Source: SQLSERVERAGENT
Date: 12/7/2011 1:17:08 PM
Event ID: 208
Task Category: Job Engine
Level: Warning
Keywords: Classic
User: N/A
Computer: ServerA.Corporation.com
Description:
SQL Server Scheduled Job 'FEP_GetNewData_FEPDW_BUR' (0x58AAC16423628642B73B6F2C79C4D945) - Status: Failed - Invoked on: 2011-12-07 13:15:00 - Message: The job failed. The Job was invoked by Schedule 2 (JobSchedule). The last step to run was step 2 (ssisFEP_UploadSccmDataToDw_FEPDW_BUR).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SQLSERVERAGENT" />
<EventID Qualifiers="16384">208</EventID>
<Level>3</Level>
<Task>3</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-12-07T21:17:08.000Z" />
<EventRecordID>503055</EventRecordID>
<Channel>Application</Channel>
<Computer>ServerA.Corporation.com</Computer>
<Security />
</System>
<EventData>
<Data>FEP_GetNewData_FEPDW_BUR</Data>
<Data>0x58AAC16423628642B73B6F2C79C4D945</Data>
<Data>Failed</Data>
<Data>2011-12-07 13:15:00</Data>
<Data>The job failed. The Job was invoked by Schedule 2 (JobSchedule). The last step to run was step 2 (ssisFEP_UploadSccmDataToDw_FEPDW_BUR).</Data>
</EventData>
</Event>
---------------------------------------------------------------------------------------------------------------------------------------
Log Name: Application
Source: SMS Server
Date: 12/7/2011 1:40:09 PM
Event ID: 7405
Task Category: SMS_SRS_REPORTING_POINT
Level: Error
Keywords: Classic
User: N/A
Computer: ServerA.Corporate.com
Description:
On 12/07/11 13:40:09, component SMS_SRS_REPORTING_POINT on computer ServerA reported: SRS root folder "ConfigMgr_BUR" is not present or not properly configured SRS Reporting point server "ServerA".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SMS Server" />
<EventID Qualifiers="49152">7405</EventID>
<Level>2</Level>
<Task>85</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-12-07T21:40:09.000Z" />
<EventRecordID>503065</EventRecordID>
<Channel>Application</Channel>
<Computer>ServerA.Corporate.com</Computer>
<Security />
</System>
<EventData>
<Data>ConfigMgr_BUR</Data>
<Data>ServerA</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>On 12/07/11 13:40:09, component SMS_SRS_REPORTING_POINT on computer Server A reported: </Data>
<Data>
</Data>
</EventData>
</Event>
-
Friday, December 09, 2011 2:37 AMModerator
Hi David,
Shows as Simple with 7 days. So why disconnect per first post
Please change 7 days to 1 day.SRS root folder "ConfigMgr_BUR" is not present or not properly configured SRS Reporting point server "ServerA".
1. Perform How to Configure Properties for the Reporting Services Point
2. Try KB2498344
3. Try other suggestions from this thread
Rick Tan
TechNet Community Support
-
Monday, December 12, 2011 8:41 PMOK did #1,2 and 3 is a rehash. Still no luck getting the reports to provide updated information.
-
Wednesday, December 14, 2011 1:39 AMModerator
Hi David,Message: The job failed. The Job was invoked by Schedule 2 (JobSchedule).
Try suggestions from this thread, run SQL service with LocalSystem account, check SQL report service account.
If it does not work, reinstall SQL report service on your server and reconfigure it.
Hope it helps you.
Regards,
Rick Tan
TechNet Community Support
-
Wednesday, December 14, 2011 5:05 PM
Rick thanks for the point to unfortunately I'm not getting a permission error. Here is the error from the job run FEP_GetNewData_FEPDW_BUR. This is step two and when I go to edit the step it shows RUN AS as SQL Agent Service Account.
Executed as user: SerrverName\SYSTEM. Microsoft (R) SQL Server Execute Package Utility Version 9.00.3042.00 for 64-bit Copyright (C) Microsoft Corp 1984-2005. All rights reserved. Started: 8:17:03 AM DTExec: The package execution returned DTSER_FAILURE (1). Started: 8:17:03 AM Finished: 8:17:05 AM Elapsed: 1.547 seconds. The package execution failed. NOTE: The step was retried the requested number of times (2) without succeeding. The step failed.
I'm also having failure on job FEP_DB_maintenance_FEPDB_BUR with the following:
Executed as user: NT AUTHORITY\SYSTEM. Error 15404, Procedure spAN_Infra_MaintenanceCreateNewSchemaTable, Line 0, Message Could not obtain information about Windows NT group/user 'Domain\Useraccount of former Sysadmin', error code 0x534. [SQLSTATE 42000] (Error 50000). NOTE: The step was retried the requested number of times (2) without succeeding. The step failed.
Also not being one with SQL I went into the job and went to properties and then looked at the two steps of the job and there is no indication under account to run as Domain\Useraccount. I can't find where it is pulling this information for the job. The owner of the DB is set as our Domain admin account not a individual user.For the record my SQL Server, SQL Agent are running as Local System and my Integration Services account is running as a Network Service account No indication on link post that changes this changed/fixed the issue.
-
Friday, December 16, 2011 2:06 AMModerator
Hi David,
Could not obtain information about Windows NT group/user 'Domain\Useraccount of former Sysadmin'
In SQL Management console--Security--Server Roles--sysadmin, verify your domain admin and "Domain\Useraccount" in the Role Members.I can't find where it is pulling this information for the job.
Open Job Properties--Steps--double click every step like:
step 1--check Advanced--Run as user (not set)
step 2--General--General--server logon on to server--select Use Windows Authentication
Step 3 ....In addition, I am trying to involve someone familiar with this topic to further look at your issue.
Regards,
Rick Tan
TechNet Community Support
-
Thursday, December 22, 2011 9:33 PM
David,
Have you been able to correct the FEP_GetNewData job failure?
With this job failing I expect you will continue to see dicrepencies in the FEP reports.
I also see that SQL Reporting Svc is having problems. Where you able to correct those problems?
Thanks!
~Andrew Davis [MSFT]
Andrew Davis | Sr. Technical Lead | CSS Security -
Thursday, December 22, 2011 11:44 PM
just back in office today and overwhelmed. Will look and report soon.
Thanks
-
Friday, December 23, 2011 12:00 AM
Under Server Roles/Sysadmin its roles are: SA, Built-in\Administrator, NT Authority\System, Servername\SQLServer2005MSSQLUser$Servername$MSSQLSERVER, Server name\SQLServer2005SQLAgentUser$ServerName\MSSQLSERVER
On the job under steps:
Step 1: Begin Raise Error Section - Under General the Run As is blank / Under Advance Run as User is blank
Step 2: ssisFEP_UploadSccmDatatoDw_FEPDW_Bur - General Run As: SQL Agent Service Account / Advance there is no Run as
Step 3: Normalize new data from SCCM to DW tables - General Run as is blank as is Advance Run as
Step 4 - 7 not showing as I'm failing on Step 2
On the server the SQL Server Agent (MSSQLSERVER) is running as a local System account. I did try to change the SQL Server Agent, SQL Server Analysis Service, SQL Server Browser and SQL Server Reporting Services to run under account MSSQL2005 which is a SQL2005 Service account but the reports still failed.
- Proposed As Answer by Andrew Davis [MSFT] Thursday, December 29, 2011 10:32 PM
- Unproposed As Answer by Andrew Davis [MSFT] Thursday, December 29, 2011 10:32 PM
-
Wednesday, December 28, 2011 7:53 PMAny reply?
-
Thursday, December 29, 2011 4:20 PM
David I am feeling your pain on this one. These SRS reports seem to be flakey at best, in fact some them are downright misleading and have columns but no data.
I am finding them pretty useless at the moment.
-
Thursday, December 29, 2011 10:36 PM
SQL Server Agent jobs run in the context of the user the service is configured for. In your case that would be local system. You are right in thinking that if you change the user context of the service to a user that has db_owner to both the FEPDB and FEPDW databases that it will allow the job to access/write to those databases.
Best practice is to have a SQL service account and configure your SQL services to run as that domain user. The key is to ensure that whatever domain users you configure the SQL Server Agent service to run as also has a user mapping in SQL to the FEPDB and FEPDW db's at db_owner level.
Hope this helps.
Andrew Davis | Sr. Technical Lead | CSS Security- Proposed As Answer by Andrew Davis [MSFT] Thursday, December 29, 2011 10:37 PM
- Marked As Answer by SunkistDavid Friday, December 30, 2011 4:50 PM
- Unmarked As Answer by SunkistDavid Friday, December 30, 2011 4:50 PM
-
Friday, December 30, 2011 4:56 PM
So as I'm not much on the SQL side let me just clarify your statement
Best practice: On my SQL services assign it an SQL service account *, say SQL2005, and via the SQL Server Manager assign this account DB_Owner to FEPDW and FEPDB.
* SQL Services accounts: SQL Server (MSSQLSERVER), SQL Server Agent MSSQLSERVER),
I'm also have SQL Server Analysis Service, SQL Server Browser, SQL Server FullText Search, SQL Server Integration Service, SQL Server VSS Writer as these accounts are running as local system accounts also should they be assigned this same SQL Service account?
My concern is this will affect other DB's that are running on this server.
-
Friday, December 30, 2011 6:15 PM
David has me looking at mine now, it seemed to stop processing properly some time in November. My data glitch is more in malware activity, it doesnt jive or list what machines have what malware infection. So I looked at the same job and the db its running against jumps out at me, should it not be run against the FEP DB not master?!
-
Friday, December 30, 2011 7:57 PM
My DataWarehouseMaintenance, FEP_DB_Maintenenace_FEPDB_BUR, also runs against Master whereas FEP_GetNewData_FEPDB_Bur runs against Database FEPDW_BUR.
-
Friday, December 30, 2011 8:37 PM
Mine both run against master and it makes no sense to me why.
-
Wednesday, March 28, 2012 1:47 PM
David - Revisiting this reporting discrepancy issue. Are you still seeing the discrepancy?
Andrew Davis | Sr. Technical Lead | CSS Security
-
Thursday, March 29, 2012 3:41 PM
Sorry didn't update thread. I ended-up opening case with Microsoft, case 212013062866287001, and we ended-up installing update rollup 1 and reinstalling the reporting component. This resolved our issues.
- Marked As Answer by Rick TanModerator Friday, April 06, 2012 5:59 AM
-
Thursday, March 29, 2012 3:45 PM
Sorry didn't update thread. I ended-up opening case with Microsoft, case 212013062866287001, and we ended-up installing update rollup 1 and reinstalling the reporting component. This resolved our issues.
BANNED! I fixed my issue by updating the sql launch property with an extra memory switch. All is good now too.- Proposed As Answer by Andrew Davis [MSFT] Tuesday, April 10, 2012 3:28 PM
-
Monday, July 02, 2012 8:59 AM
BANNED! I fixed my issue by updating the sql launch property with an extra memory switch. All is good now too.
@mottm - sql launch property, what do you mean here? Can you please explain?
Having the same issue.
-
Saturday, May 04, 2013 6:59 AM
I've updated to update rollup 1, but the problem is not solved
FEP_GetNewData_FEPDB....job sometime fails....always at the same time....
.png)
