none
Antigen 9 for Exchange - Kaspersky updates not completing.

    Întrebare

  • I hope someone can help me.

    we have Antigen for Exchange v9 SP2 Rollup 4. running on an Exchange 2003 Enterprise on a two node cluster.

    Recently Kaspersky AV engine update has been failing to complete.

     

    I get the following 2 events logged.

    Source: GetEngineFiles         Event ID: 6014

    The Kaspersky scan engine test failed. hr = 0x80004005

    and:

    Source: GetEngineFiles        Event ID: 6014

    Unable to load the Kaspersky scan engine. hr = 0x800C0102. An error occoured while loading the Kaspersky engine.

     

    Any pointers would be greatly welcome.

     

    Regards

    Peter Phillips

    Network Services

    Redcats UK

     

    25 mai 2011 13:15

Răspunsuri

  • hi,

    I think we cracked it.

    Used the following KB to download the localenginemapping.cab file and also downloaded

    http://forefrontdl.microsoft.com/server/scanningupdate/metadata/UniversalManifest.cab

    Placed the localenginemapping.cab file into the "engines" folder where the AV engine files are held (in our case on the cluster volume).

    Placed the second file called Metadata folder under "Engines".

    After putting the files in there and trying a manual update of the kaspersky engines, the system then downloaded over 110MB of data and successfully completed an update.

     

     

    Peter Phillips

    Network Services

    Redcats UK

     

     

     

    1 iunie 2011 10:03

Toate mesajele

  • Hi Peter,

    the event id 6014 point to a timeout issue, like you can see here: http://social.technet.microsoft.com/Forums/en-US/forefrontSharePoint/thread/0c16fdbe-31c2-494f-98ab-bc1c68ea5d09

    You can adjust the timeout in the registry, by creating the following regkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for Exchange

    Value name: GetFileHTTPTimeout
    Value type: REG_DWORD
    Value data: <var>milliseconds</var> (decimal)
    For more details see: http://support.microsoft.com/kb/924705/en-us (it's not necessary to install that hotfix, it's already included since Antigen V9 SP1!)
    Greetings
    Christian

    Christian Groebner MVP Forefront
    25 mai 2011 13:27
  • Christian,

    Thankyou for the prompt answer.

    We've not however getting a timeout. We can see the package being downloaded on both the server and passing through our proxy server.

    It appears that it's the installation that fails.

    There are messages in the event log (2012) saying the kaspersky update is downloaded, staged and then one for "Testing the Kaspersky scan engine" Only then does it fail.

    So we don't believe it's a timeout issue.

     

    Peter P.


    PS:

    The download doesn't look to be very big (Kaspersky_fullpkg.cab 230Kb), is there a way to force a full engine download, if this is not it.?

     

    27 mai 2011 07:44
  • Hi Peter,

    ok, then do the following.

    1. Stop Antigen services

    2. Delete/Move everything inside the Kaspersky folder so that it's empty

    3. Start Antigen services

    4. Perfom manual update

    This should fix it.

    Greetings

    Christian


    Christian Groebner MVP Forefront
    27 mai 2011 07:49
  • The Problem remains.

    We moved the files for kaspersky from S:\AntigenCluster\Engines\x86\Kaspersky

    on our cluster shared storage.

    Rolled the cluster and the same thing happened again. It appears to download and start the install but then fails on the "testing" phase.

     

    I even tried a complete stop and restart of the services on the active node, no effect.

     

    Regards

    Peter Phillips

     

    1 iunie 2011 09:26
  • hi,

    I think we cracked it.

    Used the following KB to download the localenginemapping.cab file and also downloaded

    http://forefrontdl.microsoft.com/server/scanningupdate/metadata/UniversalManifest.cab

    Placed the localenginemapping.cab file into the "engines" folder where the AV engine files are held (in our case on the cluster volume).

    Placed the second file called Metadata folder under "Engines".

    After putting the files in there and trying a manual update of the kaspersky engines, the system then downloaded over 110MB of data and successfully completed an update.

     

     

    Peter Phillips

    Network Services

    Redcats UK

     

     

     

    1 iunie 2011 10:03
  • Hi,

    Nice to reads this :-)
    We are suffering from the exact same problem!

    We have even tried the timeout issue which Christian mention. One of our first shoots, but that was not the issue :-(

    I am quite sure we have the same problem as you had with the cab file http://blogs.technet.com/b/msfss_stuff/archive/2011/05/23/keep-an-eye-out-for-kaspersky-not-updating.aspx

    Peter - the link for downloading the cab is not working :-(
    Is it the link you used?

    Regards,
    Peter

    17 iunie 2011 08:34
  • Hi,

    have you tried the following KB http://support.microsoft.com/kb/2284024/en-us . It's for Forefront Security for Exchange but the file should be the same.

    Greetings

    Christian


    Christian Groebner MVP Forefront
    17 iunie 2011 09:53
  • Hi,
    Christian: Thanks for the link. I have tried it now.
    Still no luck :-(

    Errors:
    Event ID 6014: Unable to load the Kaspersky scan engine. hr = 0x800C0102. An error occured while loading the Kaspersky scan engine. 
    Event ID 6014: (0x00000002) The system cannot finde the file specified. The Kaspersky scan engine test failed. hr = 0x80004005.
    And then the Kaspersky scan engine is rolled back.

    From the logfile:
    "INFORMATION: Attempting to download the Kaspersky scan engine package from http://antigendl.microsoft.com/antigen/x86/Kaspersky."
    "INFORMATION: The proxy settings will be used for this connection."
    "INFORMATION: The Kaspersky scan engine for Antigen has been downloaded"
    "Disabled Scanning. Mails will queue until engine update is finished."
    "Disabled Scanning. Mails will queue until engine update is finished."
    "INFORMATION: The Kaspersky scan engine for Antigen has been staged."
    "INFORMATION: Testing the Kaspersky scan engine."
    "ERROR: Unable to load the Kaspersky scan engine. hr = 0x800C0102.  An error occurred while loading the Kaspersky scan engine."
    "ERROR: (0x00000002) The system cannot find the file specified.  The Kaspersky scan engine test failed. hr = 0x80004005"
    "INFORMATION: The Kaspersky scan engine for Antigen has been rolled back."

    So the problem is not getting the file, but something is missing....... :-(

    The Kaspersky updates have failed since 16th of May........

    Anyone experinced this? Please feel free to add your comments ;-)

    /Peter

    17 iunie 2011 11:05
  • Solved!

    GetEngineFiles.exe located in the installation folder of the Antigen installation caused the errors. Version was out of date!
    We have some Antigen SMTP gateways in the DMZ - Kaspersky updates have been working all the time on those!

    Our Bridgehead servers failed on the Kaspersky update.

    It seemed like the bridgehead servers was picking up the wrong files - with regards to the previous post from me.

    I did a copy of the exe files from the SMTP gateways to the bridgehead servers. Restart Antigen services -> manual update of Kaspersky = updates of Kaspersky engine, signature etc. are running with no errors :-)
    Scheduled update is also running :-)

    Cheers,

    Peter 

    • Propus ca răspuns de P2M 20 iunie 2011 12:02
    20 iunie 2011 12:02
  • Can you please tell me what version your "getenginefiles.exe" has now ? My has version 9.2.1097.67 and still got 6014 errors in Eventviewer.
    30 ianuarie 2012 09:09
  • Hi,

    can you tell me which engine fails to update?

    If it's Kasperky you can try the following:

    Inside the directory C:\Documents and Settings\All Users\Application Data\Kaspersky SDK\  you will find a file named storage520.dat. Delete this file and try the manual update again, it should work now.

    Greetings

    Christian


    Christian Groebner MVP Forefront
    30 ianuarie 2012 09:42
  • Yes !!! That did the trick indeed. Deleting the file "storage520.dat" and forcing Manual Update solved the problem. Regards, Mihai
    31 ianuarie 2012 14:13