locked
FCS Server Replacement RRS feed

  • Question

  • Greetings all,

     

    We had an FCS server die, and found that the backups were not adequate enough to warrant restoration.  So, we rebuilt.

    Things seem to be okay... but I'm not seeing any of the 90 some FCS clients in the Forefront Administration console.

    The FCS clients ARE communication with the MOM service on the same box, and they are showing up in the MOM console.

    I suspect that there is a trust/authentication issue between FCS client and server.  However, I wonder how we reestablish this trust between the new server and old clients?

    I think that I need to configure the WSUS server to 'uninstall' remove all Forefront Clients, and then 'redeploy' the clients by by approving the FCS packages for installation.

    I hope there is a more direct manner of establishing the client server trust, but maybe its something different.

    I would appreciate any advice that could be provided.

     

    Thanks,

    Herc

    Saturday, May 29, 2010 4:31 PM

Answers

All replies

  • have you seen FCS Disaster Recovery Guide, you will find the backup/restore mecanism 

    http://www.microsoft.com/downloads/details.aspx?FamilyID=90044d88-299b-49fb-b762-eae17a1f01f4&displaylang=en


    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    Saturday, May 29, 2010 5:36 PM
  • have you seen FCS Disaster Recovery Guide, you will find the backup/restore mecanism 

    http://www.microsoft.com/downloads/details.aspx?FamilyID=90044d88-299b-49fb-b762-eae17a1f01f4&displaylang=en


    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)

    Hi Bechir,

     

    Thank you.  However, we don't have anything to really 'recover' from.  We need to migrate clients to a new server.  Is this scenario included the documentation?

     

    Thank you very much,

    Herc

    Saturday, May 29, 2010 5:47 PM
  • Hi,

    Have you tried to disable mutual authentification from MOM Administrator console/Global Setting/Communications/Security ?

    After that, if the Pb is not resolved try to reinstall fcs client agent on one machine and see the result.

    Regards.


    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    Saturday, May 29, 2010 7:04 PM
  • Hi,

    Have you tried to disable mutual authentification from MOM Administrator console/Global Setting/Communications/Security ?

    After that, if the Pb is not resolved try to reinstall fcs client agent on one machine and see the result.

    Regards.


    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)


    Hi Bechir,

    I will try that now and inform you and the forum of the results.

     

    Thanks,

    Herc

    Saturday, May 29, 2010 7:27 PM
  • Hi Bechir,

     

    I have disabled mutual authentication, but I do not see any hosts in the Forefront Management Console.

    I will endeavor to reboot a Forefront client and see if it can 're-connect' with the Forefront server.

     

    Thanks,

    Lee

    Saturday, May 29, 2010 7:50 PM
  • Have you tried reinstalling fcs client agent on one machine ?
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    Saturday, May 29, 2010 7:57 PM
  • Hello Bechir,

     

    I powered on one of our FCS clients, and found a new alert in MOM.  It reads:

     

    There is a mutual authentication related issue on this MOM Management Server. See the associated events for the detailed mutual authentication problems and then the knowledge on how to resolve. The MOM Agent at 10.11.12.13 is configured to use Mutual Authentication, but the MOM Server is not. This is a misconfiguration and is typically caused by a manual agent install configuration that does not match the MOM Server.

    So, I wonder if the solution is to simply 'undo' the changes to the mutual authentication and see if that improves the situation.

    I will try and see if anything improves.

    Thanks,
    Lee
    Saturday, May 29, 2010 8:01 PM
  • Ok, I think it's better to enable now the mutual auth and try to reinstall fcs client agent.
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    Saturday, May 29, 2010 8:12 PM
  • Hi Bechir,

    Is there an efficient way to remove the Forefront client from the machines with WSUS or MOM?

    We only have 90 or PC's running the forefront client at this point, but they are in 4 different locations, so the time it would take for a tecehnician to visit and touch each machine is prohibitive.

     

    Thanks!

    Herc

    Saturday, May 29, 2010 8:42 PM
  • First try to uninstall/reinstall fcs client agent on only one machine then if the pb is resolved you can remove all clients by using gpo/script, see here http://social.technet.microsoft.com/Forums/en/Forefrontclientgeneral/thread/e8f9c7fc-2c41-49cc-98a9-c00dfff30af3
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    • Proposed as answer by Bechir Gharbi Monday, May 31, 2010 6:26 PM
    Saturday, May 29, 2010 9:00 PM
  • Hi Bechir,

     

    I have uninstalled and reinstalled the Forefront client on one machine.

    I have not seen these PC in the Forefront Management Console yet.

    I will wait 1 hour and see if it appears in that time.

     

    Thanks,

    Herc

    Saturday, May 29, 2010 9:29 PM
  • By default after installing FCS client, it will show up in the MOM admin console under "Pending Actions". After ~60 mn, the FCS client will be automatically moved to Managed computers in the MOM admin console. Also, you can go under "Pending Actions" and manually approve (right click/approve) the client.
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    Saturday, May 29, 2010 9:54 PM
  • Hi Bechir,

     

    I went into MOM>Administrator Console>Microsoft Operations Manager>Administration>Computers>All Computer'.

    I saw all of my clients listed. 

    Each one has a 'Management Mode' status of: 'Unmanaged'.

     

    Is there something I should do here?

     

    FCS Management Console only lists itself as a client at present...

    Thanks,

    Herc

    Saturday, May 29, 2010 10:43 PM
  • As already I said, have you manually approved your clients under "Pending Actions" (right click/approve) ?
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    Sunday, May 30, 2010 11:09 AM
  • As already I said, have you manually approved your clients under "Pending Actions" (right click/approve) ?
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)

    Hi Bechir,

     

    Yes.  I approved 10 more computer under the 'Pending Actions' group.

    Unfortunately, only the PC that had the Forefront Client reinstalled on it has shown up in the Forefront Console since then.

    It has been nearly 24 hours since I approved these additional 10 PC's, so I think I must conclude that reinstalling the Forefront client is necessary.

     

    Thanks,

    Herc

    • Proposed as answer by Bechir Gharbi Monday, May 31, 2010 6:26 PM
    Sunday, May 30, 2010 9:35 PM
  • I should note that the PC's the I did NOT reinstall the Forfront client on, appeared this morning.  So, it seems as though a manual reinstall of each Forefront Client is not required.  Rather, the solution to seems to be manually approving the 'Pending Actions' and then waiting 24-48 hours for them to appear in Forefront Management Console.

     

    Thanks,

    Herc

    Monday, May 31, 2010 9:14 PM
  • Hi,

     

    Thank you for the post.

     

    Please refer to this article: http://blogs.technet.com/b/fcsnerds/archive/2008/11/12/changing-the-management-group-to-which-an-fcs-client-reports.aspx

     

    Regards,


    Nick Gu - MSFT
    Tuesday, June 1, 2010 6:43 AM