locked
Client components issue with IAG Sp2 Update 3 RRS feed

  • Question

  • Hi I have installed IAG Sp2 Update 3 in my IAG appliance. When i access the portal i am getting this error .

    Forefront UAG endpoint Components could not run on this computer,
    since the script signature could not be verified.
    Your user experience while using the site may vary, depending on your
    organization's security policies.

    Please let me know where it went wrong.

    And also would like to know the latest version of Kaspersky and Sophos AV and personal Firewall supported by IAG Sp2 Update 3

    Would really appreciate your help.

    Thanks in Advance!!!

    --Raj

    Regards, R@j
    Wednesday, March 10, 2010 6:25 PM

Answers

  • Hey Ran,

    I identified the issue.

    Since the rule set that was entered manually goes off when we install the update, we took back up (decrpyted) of rule set from update 2 and restored it after installing update 3. This was causing the issue.

    all what we did again is
    1. uninstall Update 3.
    2. reinstall update 3.
    3. configure rule set manually. issue resolved. :-)  

    Regards, R@j
    • Marked as answer by Erez Benari Monday, March 15, 2010 6:07 PM
    Thursday, March 11, 2010 6:01 PM

All replies

  • To Add to it we are getting this error if we install the client components through the portal.

    ---------------------------

    Windows Internet Explorer

    ---------------------------

    Invalid file checksum Endpoint Detection (WhlDetct.dll)

    Invalid file checksum Endpoint Detection (WhlWmiDetect.exe)

    Invalid file checksum Endpoint Session Cleanup (WhlCach3.exe)

    Invalid file checksum Endpoint Session Cleanup (AWCleaner.exe)

    Invalid file checksum Endpoint Session Cleanup (AWConf.cab)

    Invalid file checksum Client Trace Utility (TcpDumper.dll)

    Invalid file checksum Socket Forwarding Helper (SFHlprUtil.exe)

    Invalid file checksum Endpoint Quarantine Enforcement Client (uagqecsvc.exe)



    Regards, R@j
    Wednesday, March 10, 2010 6:41 PM
  • Hi Raj,

    Have you noticed the instructions about IAG Client Components upgrade, mentioned in this KB: http://support.microsoft.com/kb/979097 :

    ·   Because the UAG client components are installed in a different folder than the legacy IAG client components (also known as the Whale client components), the client components cannot be upgraded directly. Therefore, an uninstall process for the legacy components is started.

    ·To complete the uninstall process; the client computer must be restarted to unload the old versions of helper services and Winsock components.

    ·When a computer is restarted, the uninstall process is completed.

    ·The user accesses the IAG server again. An online clean installation of the client components is performed in the following location under the Program Files folder: \Microsoft Forefront UAG\Endpoint Components

    Have you restarted your client machine?

     

    -Ran

           

     

           

           

    Wednesday, March 10, 2010 10:31 PM
  • Thank you for your reply Ran,

    I followed the instructions and uninstalled the Whale components first. 
    Then rebooted the laptop and ran ccleaner.exe software to clear any strains of the old components.
    Installed new components (Sp2U3) through the portal.

    Still facing the issue.

    Couple of things here:

    If i try to install the components through the portal i am getting this error:

    ---------------------------

    Windows Internet Explorer

    ---------------------------

    Invalid file checksum Endpoint Detection (WhlDetct.dll)

    Invalid file checksum Endpoint Detection (WhlWmiDetect.exe)

    Invalid file checksum Endpoint Session Cleanup (WhlCach3.exe)

    Invalid file checksum Endpoint Session Cleanup (AWCleaner.exe)

    Invalid file checksum Endpoint Session Cleanup (AWConf.cab)

    Invalid file checksum Client Trace Utility (TcpDumper.dll)

    Invalid file checksum Socket Forwarding Helper (SFHlprUtil.exe)

    Invalid file checksum Endpoint Quarantine Enforcement Client (uagqecsvc.exe)

    If i do offline installation of the client components and access the portal i am getting this error :
    Forefront UAG endpoint Components could not run on this computer,
    since the script signature could not be verified.
    Your user experience while using the site may vary, depending on your
    organization's security policies.

    I have checked the Md5 Checksum of the installer files. It is also good.

    --Raj

    Regards, R@j
    Wednesday, March 10, 2010 11:25 PM
  • Yeah, sorry, I pointed you to the right KB article but to the wrong paragraph. Please look further down in that same KB and locate the paragraph about this issue:

    The clients that have the former IAG client components installed might encounter the following issue when you try an online upgrade of the clients to Update 3 for IAG 2007 SP2.
    Issue
    The implementation of IAG requires that the certificate is present in the root certificate store. A newly obtained certificate that is issued by Globalsign works and validates a Windows Installer package against a DLL file on a new computer that does not have an Internet connection.

    Then follow the workaround steps mentioned there.

    Hope this will solve it for you,
    -Ran
    Thursday, March 11, 2010 8:01 AM
  • Thanks again Ran,

    In the event of trouble shooting what we found is that we have multiple portal trunks and out of which we are getting this error only for this trunk.

    Even new trunks are not getting this error.

    Will test with the steps you have mentioned and let you know.

    Regards, R@j
    Thursday, March 11, 2010 2:47 PM
  • Hey Ran,

    I identified the issue.

    Since the rule set that was entered manually goes off when we install the update, we took back up (decrpyted) of rule set from update 2 and restored it after installing update 3. This was causing the issue.

    all what we did again is
    1. uninstall Update 3.
    2. reinstall update 3.
    3. configure rule set manually. issue resolved. :-)  

    Regards, R@j
    • Marked as answer by Erez Benari Monday, March 15, 2010 6:07 PM
    Thursday, March 11, 2010 6:01 PM