Thursday, January 06, 2011 8:30 PM
I have FPSMC 2010 running in a Test Lab - Exchange 2010 Sp1, RU2.
New “Packages” created to configure Forefront Protection 2010 (FPE) for Exchange. The “Deployment Jobs” completed successfully on the local host, which is a HT server running FPE 2010.
However, it fails with the remote FPE 2010 servers, with this error: “Download of Forefront_Settings.xml failed. The remote server returned an error: (403) Forbidden.”
Wednesday, April 13, 2011 9:03 AM
We are running the exact same system in our test lab with the same issue and error that vlalonso is having.
Any thoughts? There does not seem to be a lot of information on this specific scenario issue.
The agents were deployed fine and the xml files can be manually imported into the remote servers via powershell, however it would be nice to be able to configure .NET with the correct permissions for this transfer via FPSMC.
Any help on the configuration of this would be appreciated.
Friday, April 15, 2011 8:06 PM
I have seen a similar download issue of the .xml file from FPSMC and it was DNS related.
The App log error indicates the .xml is never downloaded. Is there a “file not found” error from the temp directory where the file should get downloaded to? I'm assuming there is also no event written that indicates that the file was successfully downloaded. That will get written right after the initial attempt to download the .xml from the FPSMC server. I'm also assuming that there isn’t even an attempt to do run “import-fsesettings”. That would aslo indicate that the file never made it to the target server.
Are there are certificate and DNS related errors in the App log around the time of the failed import? I would imagine this has to do with the DNS errors. The server may not even recognize the FPSMC server to retrieve the .xml.
Entries like: “No DNS entries exist for the host “%servername%”
Can you look into you DNS configuration? Can you even access the FPSMC server from the FPE server?
However, you're seeing 403 - Forbidden which is usually just permissions related.
Thursday, June 16, 2011 8:59 AM
Having the same issue. It appears the job is looking for the FSE settings file in the c:\windows\temp\FssmCache directory. The FssmCache directory does not exist. I've tried to create this manually but this did not help.
Connecting to the folder containing the settings file from the server where I wish to deploy to will allow me to read and import the settings manually.
It appears to be the job cannot find the file but at the moment not sure how to work around this.
If anyone found the solution I'd be interested.
Monday, November 05, 2012 6:03 PM
We are testing this product now, and having the exact same results. Has anyone found a solution from the past year and a half?
Wednesday, November 14, 2012 5:43 PM
I tested a similar scenario in our lab with a standalone FPSMC console and a remote Hub Server with FPE. In my tests remote job deployment failed only after I enabled SSL (https) for the console (see the corresponding technet doc: http://technet.microsoft.com/en-us/library/gg507696.aspx, I could not even access the console when I selected the 'Require' option under Client Certificates. Selecting Ignore/Accept will work, though. ). Falling back to http on the default site resolved the issue and the job was deployed fine again. I can recreate the behaviour.
There were three corresponding events (see the bottom of my post) in the Event log on the remote server. I suspect that the remote FPSMC agent tried to pull down the package from the FPSMC server over http even after https is enabled for the default IIS site on the FPSMC server. I don't know if this a bug or rather was caused by a misconfiguration in my lab.
If you open IIS Manager and you want to browse the FPSMCRedistribution virtual directory over http after https/SSL is enforced, you would get the same forbidden/403 error message.
Starting Download. (jobId=13, jobInfo=WYBCVL-HubRdConfigSettings, source=http://dummy/FPSMCRedistribution/packages/5, package=WYBCVL-HubRdConfigSettings.xml)
Thursday, November 15, 2012 3:41 PM
I investigated the SSL settings in IIS a bit further and found out that package deployment was working fine if you set up SSL/https for the FPSMC server as follows:
Enable SSL in IIS for the default site as well as for any other virtual directories (except FPSMCRedistribution - this is the virtual directory where packages are stored and retrieved by the agents) under the default site.