locked
ForeFront Clients not displaying in Client Security Management Console

    Question

  • We are in the process of attempting to roll out ForeFront to our campus, and right now we are just in the early stages.  We are currently deploying to just a single building.  Currently, some of the clients show up in the console, while others seem to have successfully installed FF, but are not showing in the console.  It seems they are not connecting.  I've looked through the install logs, and it doesn't show any install errors.  There does not seem to be any common denominator as to why one machine shows up, while another does not.  I also looked in the MOM console, and naturally they are not showing in there either.

    The FF policy is set to a top level computer ou, so the machines should be getting the correct policy.  I'm confused and frustrated at this point.  Any help pointing me in the right direction would just be awesome.  This is giving me a headache.

     

    <EDIT>

    forgot to mention that we are using just a basic install script to rule out any techs typing something different than someone else.  all installs as far as the script and the install files are exactly the same.

    • Edited by pinchy11 Thursday, June 24, 2010 7:21 PM more info
    Thursday, June 24, 2010 7:18 PM

Answers

  • Remember as well that the reporting that you see in the console is reliant on the MOM Agent. FCS itself will not report anything back to the console because the MOM Agent takes care of all of that. If the MOM agent is failing to install for some reason (permissions, wrong Collection group or Mangament Server), that could cause this issue. If you for some reason decide to install using the /nomom switch these will not show up in the console due to the MOM agent not being installed.
    Saturday, June 26, 2010 12:58 AM

All replies

  • I found this other post on the board.  It seems to have helped.  I'm still not quite sure why some decide to wait for approval and some don't, but they are showing up now.

     

    Nick Gu - MSFT <abbr class="affil">MSFT</abbr> <abbr class="affil">, Moderator</abbr> Users Medals Users Medals Users Medals Users Medals Users Medals

     Answer
    Vote As Helpful

    Hi,

     

    FCS has a auto-approval feature where it hourly queries for manual installations and approves them. For some reason, the discovery cycle MOM thinks that you have deleted the discovery rule and no longer wish the computer to be agent managed. If the MOM servers action account is an admin on the client machine it will try to uninstall the agent on your behalf. If it is not, it will place the computer in Pending Actions with an action for uninstall .

     

    We may have a couple of options to resolve this:

    1. Disable automatic approval and just do manual approvals of machines.

         This will avoid this issue because manual approval will also create the discovery rules
    2. Enable automatic approval; but make sure that the Action account is not an admin on client machines or disable automatic management.

    Then periodically create discovery rules for computers.

    3. Enable automatic approval. Then just ignore any Pending Actions for uninstall of agent -managed machines.

     

    Regards,


    Nick Gu - MSFT
    Friday, June 25, 2010 12:48 PM
  • Remember as well that the reporting that you see in the console is reliant on the MOM Agent. FCS itself will not report anything back to the console because the MOM Agent takes care of all of that. If the MOM agent is failing to install for some reason (permissions, wrong Collection group or Mangament Server), that could cause this issue. If you for some reason decide to install using the /nomom switch these will not show up in the console due to the MOM agent not being installed.
    Saturday, June 26, 2010 12:58 AM