none
FCS is failing

    질문

  • We have problem with 3 2003 r2 standart servers and FCS client.  We distribute FCS updates from SCCM 2007 R3 server with WSUS auto aproval rule. All other client machines and servers are working except those 3.

     After some day of work I discovered that in services FCS service was in Stopping state. I could not kill it, only server restart helped. Problem is that I must not have downtime for these servers.

    Also in Aplication log I have Windows Update Agent failure event:

    Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.97.2329.0).Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.97.2329.0).

    And in Windows Update log I have this:

    2011-02-23 01:37:00:078 1512 bd0 Misc   = Process: C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe
    2011-02-23 01:37:00:078 1512 bd0 Misc   = Module: C:\WINDOWS\system32\wuapi.dll
    2011-02-23 01:37:00:078 1512 bd0 COMAPI -------------
    2011-02-23 01:37:00:078 1512 bd0 COMAPI -- START --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:00:078 1512 bd0 COMAPI ---------
    2011-02-23 01:37:00:078  848 3c8 Agent *************
    2011-02-23 01:37:00:078  848 3c8 Agent ** START **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
    2011-02-23 01:37:00:078 1512 bd0 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:00:078  848 3c8 Agent *********
    2011-02-23 01:37:00:078  848 3c8 Agent   * Online = Yes; Ignore download priority = No
    2011-02-23 01:37:00:078  848 3c8 Agent   * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b' and CategoryIDs contains '0a487050-8b0f-4f81-b401-be4ceacd61cd') or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b' and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486')"
    2011-02-23 01:37:00:078  848 3c8 Agent   * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
    2011-02-23 01:37:00:078  848 3c8 Agent   * Search Scope = {Machine}
    2011-02-23 01:37:00:500  848 3c8 PT WARNING: Cached cookie has expired or new PID is available
    2011-02-23 01:37:00:500  848 3c8 PT Initializing simple targeting cookie, clientId = a5d9a6a9-7419-442f-b9da-2a4901d6287f, target group = , DNS name = ccm
    2011-02-23 01:37:00:500  848 3c8 PT   Server URL = http://SCCM server url/SimpleAuthWebService/SimpleAuth.asmx
    2011-02-23 01:37:21:828  848 3c8 PT +++++++++++  PT: Starting category scan  +++++++++++
    2011-02-23 01:37:21:828  848 3c8 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://SCCM server url/ClientWebService/client.asmx
    2011-02-23 01:37:22:406  848 3c8 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
    2011-02-23 01:37:22:406  848 3c8 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://SCCM server url/ClientWebService/client.asmx
    2011-02-23 01:37:22:796  848 3c8 PT +++++++++++  PT: Synchronizing extended update info  +++++++++++
    2011-02-23 01:37:22:796  848 3c8 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://SCCM server url/ClientWebService/client.asmx
    2011-02-23 01:37:22:953  848 6e8 AU Can not perform non-interactive scan if AU is interactive-only
    2011-02-23 01:37:22:968  848 3c8 Agent Update {B16E83FB-1565-4C12-A096-2C428BAFAF66}.100 is pruned out due to potential supersedence
    2011-02-23 01:37:22:968  848 3c8 Agent Update {D1E97C45-18E7-4424-9E89-B3503C1C53B3}.100 is pruned out due to potential supersedence
    2011-02-23 01:37:22:968  848 3c8 Agent   * Added update {90568B70-3E74-474C-80BD-CC77A954A268}.100 to search result
    2011-02-23 01:37:22:968  848 3c8 Agent   * Found 1 updates and 4 categories in search; evaluated appl. rules of 55 out of 86 deployed entities
    2011-02-23 01:37:23:593  848 3c8 Agent *********
    2011-02-23 01:37:23:593  848 3c8 Agent **  END  **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
    2011-02-23 01:37:23:593  848 3c8 Agent *************
    2011-02-23 01:37:23:609 1512 b60 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:23:640 1512 b60 COMAPI   - Updates found = 1
    2011-02-23 01:37:23:640 1512 b60 COMAPI ---------
    2011-02-23 01:37:23:640 1512 b60 COMAPI --  END  --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:23:640 1512 b60 COMAPI -------------
    2011-02-23 01:37:23:656 1512 ec0 COMAPI -------------
    2011-02-23 01:37:23:656 1512 ec0 COMAPI -- START --  COMAPI: Download [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:23:656 1512 ec0 COMAPI ---------
    2011-02-23 01:37:23:656 1512 ec0 COMAPI   - Forced: No; Download priority: 3
    2011-02-23 01:37:23:656 1512 ec0 COMAPI   - Updates in request: 1
    2011-02-23 01:37:23:656 1512 ec0 COMAPI   - ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2011-02-23 01:37:23:656 1512 ec0 COMAPI <<-- SUBMITTED -- COMAPI: Download [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:23:718  848 3c8 DnldMgr *************
    2011-02-23 01:37:23:718  848 3c8 DnldMgr ** START **  DnldMgr: Downloading updates [CallerId = Microsoft Forefront Client Security]
    2011-02-23 01:37:23:718  848 3c8 DnldMgr *********
    2011-02-23 01:37:23:718  848 3c8 DnldMgr   * Call ID = {1D55CF1D-53DD-47B3-A204-EA621E7199D4}
    2011-02-23 01:37:23:718  848 3c8 DnldMgr   * Priority = 3, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
    2011-02-23 01:37:23:718  848 3c8 DnldMgr   * Updates to download = 1
    2011-02-23 01:37:23:718  848 3c8 Agent   *   Title = Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.97.2329.0)
    2011-02-23 01:37:23:718  848 3c8 Agent   *   UpdateId = {90568B70-3E74-474C-80BD-CC77A954A268}.100
    2011-02-23 01:37:23:718  848 3c8 Agent   *     Bundles 1 updates:
    2011-02-23 01:37:23:718  848 3c8 Agent   *       {66D2C341-B148-4D4B-A1C5-DE23CCF8C09B}.100
    2011-02-23 01:37:23:718  848 3c8 DnldMgr ***********  DnldMgr: New download job [UpdateId = {66D2C341-B148-4D4B-A1C5-DE23CCF8C09B}.100]  ***********
    2011-02-23 01:37:23:718  848 3c8 DnldMgr   * BITS job initialized, JobId = {3A44132D-6764-4B72-BD13-27F878ED87A0}
    2011-02-23 01:37:23:718  848 3c8 DnldMgr   * Downloading from http://SCCM server url/Content/1C/39B4F0DBF4B301F9E55C4BF835760AAA5181331C.exe to C:\WINDOWS\SoftwareDistribution\Download\72cc96663cf5d670d0d890f6fdfe414f\39b4f0dbf4b301f9e55c4bf835760aaa5181331c (full file).
    2011-02-23 01:37:23:718  848 3c8 Agent *********
    2011-02-23 01:37:23:718  848 3c8 Agent **  END  **  Agent: Downloading updates [CallerId = Microsoft Forefront Client Security]
    2011-02-23 01:37:23:718  848 3c8 Agent *************
    2011-02-23 01:37:23:937  848 7c8 DnldMgr BITS job {3A44132D-6764-4B72-BD13-27F878ED87A0} completed successfully
    2011-02-23 01:37:23:968  848 7c8 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\Download\72cc96663cf5d670d0d890f6fdfe414f\39b4f0dbf4b301f9e55c4bf835760aaa5181331c:
    2011-02-23 01:37:24:000  848 7c8 Misc  Microsoft signed: Yes
    2011-02-23 01:37:24:000  848 7c8 DnldMgr   Download job bytes total = 5724048, bytes transferred = 5724048
    2011-02-23 01:37:24:000  848 7c8 DnldMgr ***********  DnldMgr: New download job [UpdateId = {66D2C341-B148-4D4B-A1C5-DE23CCF8C09B}.100]  ***********
    2011-02-23 01:37:24:031  848 7c8 DnldMgr   * All files for update were already downloaded and are valid.
    2011-02-23 01:37:24:046 1512 b60 COMAPI >>--  RESUMED  -- COMAPI: Download [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:24:046 1512 b60 COMAPI   - Download call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
    2011-02-23 01:37:24:046 1512 b60 COMAPI ---------
    2011-02-23 01:37:24:046 1512 b60 COMAPI --  END  --  COMAPI: Download [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:24:046 1512 b60 COMAPI -------------
    2011-02-23 01:37:24:046 1512 9c8 COMAPI -------------
    2011-02-23 01:37:24:046 1512 9c8 COMAPI -- START --  COMAPI: Install [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:24:046 1512 9c8 COMAPI ---------
    2011-02-23 01:37:24:046 1512 9c8 COMAPI   - Allow source prompts: Yes; Forced: No; Force quiet: Yes
    2011-02-23 01:37:24:046 1512 9c8 COMAPI   - Updates in request: 1
    2011-02-23 01:37:24:046 1512 9c8 COMAPI   - ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2011-02-23 01:37:24:046 1512 9c8 COMAPI   - Updates to install = 1
    2011-02-23 01:37:24:046  848 938 Agent *************
    2011-02-23 01:37:24:046 1512 9c8 COMAPI <<-- SUBMITTED -- COMAPI: Install [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:37:24:046  848 938 Agent ** START **  Agent: Installing updates [CallerId = Microsoft Forefront Client Security]
    2011-02-23 01:37:24:046  848 938 Agent *********
    2011-02-23 01:37:24:046  848 938 Agent   * Updates to install = 1
    2011-02-23 01:37:24:046  848 938 Agent   *   Title = Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.97.2329.0)
    2011-02-23 01:37:24:046  848 938 Agent   *   UpdateId = {90568B70-3E74-474C-80BD-CC77A954A268}.100
    2011-02-23 01:37:24:046  848 938 Agent   *     Bundles 8 updates:
    2011-02-23 01:37:24:046  848 938 Agent   *       {76424D6E-4B89-475F-9E74-856CEC999005}.100
    2011-02-23 01:37:24:046  848 938 Agent   *       {4F3DABBF-7B36-4134-B050-DF7EA200F95B}.100
    2011-02-23 01:37:24:046  848 938 Agent   *       {D6AF4FE0-C322-408E-B08B-617F8CA1554D}.100
    2011-02-23 01:37:24:046  848 938 Agent   *       {176E8F78-A27A-45D9-9D86-55C0267A4332}.100
    2011-02-23 01:37:24:046  848 938 Agent   *       {9C5F2097-A60C-4170-88F7-8A8D09B0D16B}.100
    2011-02-23 01:37:24:046  848 938 Agent   *       {36781F9F-93E4-422D-A681-4BEB46C159A7}.100
    2011-02-23 01:37:24:046  848 938 Agent   *       {F3A3DB82-DF94-4D2C-980C-6A878A7E8347}.100
    2011-02-23 01:37:24:046  848 938 Agent   *       {66D2C341-B148-4D4B-A1C5-DE23CCF8C09B}.100
    2011-02-23 01:37:24:078  848 938 Agent WARNING: LoadLibrary failed for srclient.dll with hr:8007007e
    2011-02-23 01:37:24:203  848 938 DnldMgr Preparing update for install, updateId = {66D2C341-B148-4D4B-A1C5-DE23CCF8C09B}.100.
    2011-02-23 01:37:24:250 1956 9e8 Misc ===========  Logging initialized (build: 7.4.7600.226, tz: +0200)  ===========
    2011-02-23 01:37:24:250 1956 9e8 Misc   = Process: C:\WINDOWS\system32\wuauclt.exe
    2011-02-23 01:37:24:250 1956 9e8 Misc   = Module: C:\WINDOWS\system32\wuaueng.dll
    2011-02-23 01:37:24:250 1956 9e8 Handler :::::::::::::
    2011-02-23 01:37:24:250 1956 9e8 Handler :: START ::  Handler: Command Line Install
    2011-02-23 01:37:24:250 1956 9e8 Handler :::::::::
    2011-02-23 01:37:24:250 1956 9e8 Handler   : Updates to install = 1
    2011-02-23 01:37:28:593  848 3c8 Report REPORT EVENT: {B1FE52B4-6787-4C68-8408-5F65E771A1AF} 2011-02-23 01:37:23:593+0200 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Microsoft Forefront Client Secu Success Software Synchronization Windows Update Client successfully detected 1 updates.
    2011-02-23 01:37:28:593  848 3c8 Report REPORT EVENT: {AD0A7C70-857C-4A1E-B06E-6C543C7053D6} 2011-02-23 01:37:24:031+0200 1 162 101 {90568B70-3E74-474C-80BD-CC77A954A268} 100 0 Microsoft Forefront Client Secu Success Content Download Download succeeded.
    2011-02-23 01:38:07:656 1956 9e8 Handler   : WARNING: Command line install completed. Return code = 0x8000ffff, Result = Failed, Reboot required = false
    2011-02-23 01:38:07:656 1956 9e8 Handler   : WARNING: Exit code = 0x8024200B
    2011-02-23 01:38:07:656 1956 9e8 Handler :::::::::
    2011-02-23 01:38:07:656 1956 9e8 Handler ::  END  ::  Handler: Command Line Install
    2011-02-23 01:38:07:656 1956 9e8 Handler :::::::::::::
    2011-02-23 01:38:07:890  848 938 Agent *********
    2011-02-23 01:38:07:890  848 6e8 AU Can not perform non-interactive scan if AU is interactive-only
    2011-02-23 01:38:07:890  848 938 Agent **  END  **  Agent: Installing updates [CallerId = Microsoft Forefront Client Security]
    2011-02-23 01:38:07:890  848 938 Agent *************
    2011-02-23 01:38:07:890 1512 6c4 COMAPI >>--  RESUMED  -- COMAPI: Install [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:38:07:890 1512 6c4 COMAPI   - Install call complete (succeeded = 0, succeeded with errors = 0, failed = 1, unaccounted = 0)
    2011-02-23 01:38:07:890 1512 6c4 COMAPI   - Reboot required = No
    2011-02-23 01:38:07:890 1512 6c4 COMAPI   - WARNING: Exit code = 0x00000000; Call error code = 0x80240022
    2011-02-23 01:38:07:890 1512 6c4 COMAPI ---------
    2011-02-23 01:38:07:890 1512 6c4 COMAPI --  END  --  COMAPI: Install [ClientId = Microsoft Forefront Client Security]
    2011-02-23 01:38:07:890 1512 6c4 COMAPI -------------
    2011-02-23 01:38:12:671  848 3c8 Report REPORT EVENT: {F04DCD37-5D36-4979-BEFF-ACE25E4379A8} 2011-02-23 01:38:07:671+0200 1 182 101 {90568B70-3E74-474C-80BD-CC77A954A268} 100 80070643 Microsoft Forefront Client Secu Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.97.2329.0).

    2011년 2월 23일 수요일 오후 2:08

모든 응답

  • Hi,

    Just making a test, can you download the last definition from  http://www.microsoft.com/security/portal/Definitions/HowToForeFront.aspx and manualy install the file to see if the installation can be done.


    Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/
    2011년 2월 23일 수요일 오후 8:13
  • Hi

    Thanks for response.

    I downloaded definition file and launched it on Windows 2003 server. In system log I see that update was installed. In aplication log I got this error:

    MPSampleSubmision event, event id 5000

    EventType mptelemetry, P1 0x8000ffff, P2 mpupdateengine, P3 am fe, P4 10.3.1781.0, P5 mpsigstub.exe, P6 1.5.1981.0, P7 microsoft forefront client security 1.0, P8 NIL, P9 NIL, P10 NIL.

    And Microsoft Forefront Security Antimalware service is till in Stopping state.

    2011년 2월 24일 목요일 오전 7:15
  • Please look at this link http://support.microsoft.com/kb/822798/en-us
    Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/
    2011년 2월 27일 일요일 오후 7:16
  • Hi

    Thanks. But where in my log do you saw problem with certificates or cryptographic service? Edb.log is small.

    Problem is that if I restart my server, problem with "Stopping" FC service come back after some days.

    2011년 2월 28일 월요일 오전 7:08