locked
GetEngineFiles failure in Application Log

    Question

  • Hi all,

    I have Forefront for SharePoint version 10.2.0945.0 SP3 installed on Web Front End servers (clustered).  This setup is duplicated in two domains: Live & Development.

    In the Development environment, Forefront is doing as it should, and the only AV Scan Engines that are shown are the current 5 that are supported by Forefront.

    In the Live environment, however, I have some strange stuff going on:

    1. <SETTINGS> <Antivirus> - AhnLab AV Scan Engine is UNCHECKED in the list of Files Scanners
    2. <SETTINGS> <Antivirus> - Sophos AV Scan Engine is not shown in the list of File Scanners
    3. <SETTINGS> <Scanner Updates> - AhnLan Antivirus Scan Engine is DISABLED
    4. <SETTINGS> <Scanner Updates> - Sophos Antivirus Scan Engine not shown in the list
    5. In the server's Application Log I have errors regard AhnLab and Sophos, stating that the Scan Engine Update failed for Sophos & AhnLab with an error code of 0x80004005.

    I don't want Sophos or AhnLab to be checking for updates, thats why they have been unchecked and disabled in the above locations where possible.  I'm especially confused by Sophos trying to update when it doesn't appear in the Forefront Administrator screens.  See below for an example of the Application Log information:

    Log Name:      Application
    Source:        GetEngineFiles
    Date:          21/09/2010 07:43:00
    Event ID:      6014
    Task Category: Engine Error
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SERVER.blah.blah.uk
    Description:
    Microsoft Forefront Server Security encountered an error while performing a scan engine update.
       Scan Engine: Sophos
       Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Sophos
       Proxy Settings: Disabled
       Error Code: 0x80004005
       Description: An error occurred while checking if an update was available.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="GetEngineFiles" />
        <EventID Qualifiers="49152">6014</EventID>
        <Level>2</Level>
        <Task>6</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-09-21T06:43:00.000Z" />
        <EventRecordID>201268</EventRecordID>
        <Channel>Application</Channel>
        <Computer>SERVER.blah.blah.uk</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Sophos</Data>
        <Data>http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Sophos</Data>
        <Data>Proxy Settings: Disabled</Data>
        <Data>0x80004005</Data>
        <Data>Description: An error occurred while checking if an update was available.</Data>
      </EventData>
    </Event>

    How can I stop Forefront trying to update engines that I have already set to Disabled in the scheduler or don't even appear in the Forefront software, so as to stop getting errors in the Application Log?

    Thanks in advance.

    • Edited by Yabusame Tuesday, September 21, 2010 10:52 AM Additional info about Development domain
    Tuesday, September 21, 2010 10:48 AM

Answers

  • Hi,

     

    Thank you for the post.

     

    Please go to the scheduled tasks and see if the tasks for these engine updates are still alive. If yes, go ahead and disable or delete those and monitor.

     

    Regards,


    Nick Gu - MSFT
    • Marked as answer by Yabusame Wednesday, September 22, 2010 8:46 AM
    Wednesday, September 22, 2010 7:50 AM
    Moderator