Sign in
Microsoft.com
 
Forefront Client Security TechCenter
 
 
 
Forefront Client Security TechCenter > Forefront Client Security Forums > Forefront Client Security Alerting and Monitoring > Forefront Domain controller
Ask a questionAsk a question
Search Forums:
 

AnswerForefront Domain controller

  • Tuesday, July 07, 2009 3:17 AMSakkieJ Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Hi All.

    We have a client that installed forefront in his domain. All the updates are deployed to all the agents. The problem we have is that the Domain controllers aren't being updated. I assume that we need to create a GPO policy that will point to the WSUS server.

    Is this to correct approach or are there other troubleshooting avenues I could use to indentify the problem?

    Thanks, all tips will help.

     

     

Answers

All Replies

  • Wednesday, July 08, 2009 9:14 AMNick Gu - MSFTMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote

    Hi,

     

    Thank you for your post.

     

    Before going any further, I’d like to confirm whether you have install FCS Server on Domain Controller. It is not supported install FCS Server on Domain Controller. Here is the post related to your issue. You may refer to the following link and get better understand about it.

     

    Client computers outside the domain

    http://social.technet.microsoft.com/Forums/en-US/Forefrontclientgeneral/thread/a8271155-94fb-47d5-993a-ac2e184fc6e2

     

    Regards,

     

    Nick Gu - MSFT
     
  • Tuesday, July 14, 2009 1:45 AMSakkieJ Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi Nick, To answer your question, I didn’t install any FCS components on a Domain Controller. The domain controller only has the FCS agent installed. But this doesn’t update automatically. I will look at the GPO settings. I have a feeling that the GPO settings aren’t informing the Domain controller of the WSUS server. Do you know of any other issues related to this problem? As I mentioned before, the Domain controllers aren’t getting it updates via FCS. Thanks again.
     
  • Tuesday, July 14, 2009 3:35 AMCraig Wiand - MSFT Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    SakkieJ,

    You are on the right track here.  The FCS client components are indeed supported on a domain controller.  All of the typical definition update troubleshooting techniques apply here.  If you do not have an external or manual process, your DC should either be receiving updates from WSUS or MicrosoftUpdate directly.  Your first place to start is likely %windir%\windowsupdate.log.  You might also look for WSUS target groups with selective approvals if the computer is indeed receiving the WSUS settings.

    Hope this helps,
    Craig
    Microsoft Forefront Escalation Engineer
    Forefront Client Security Support
     
  • Wednesday, July 15, 2009 10:10 AMJohan Blom, Forefront MVPMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi!

    I would start by running "gpresult" (cmd.exe) to see if the DC are getting the WSUS policy. I'm guessing that is the problem.

    Once you get it up and running don't forget to add recommended exclusions for running AV on a DC.

    http://support.microsoft.com/default.aspx/kb/943556

    /Johan
    MCSE, forefront spec | www.msforefront.com