locked
FCS won't start on Windows 2000 SP4 virtual machine RRS feed

  • Question

  • Greetings, all...

    I have a machine here that suddenly will not properly run Forefront.  Whenever I reboot the machine, I get a message as soon as the Desktop comes up that says:

    "Application failes to initialize: 0x800106ba.  A problem caused this program's service to stop.  To start the service, restart your computer or search Help and Support for how to start a service manually."

    If I go into the Services MMC, I find that both the Forefront Anti-malware and the Security State Assessment services are stopped, but set to Automatic, as well as the MOM service.  I can start all three services manually, then start the GUI application and everything seems fine.

    The machine is not really doing much beyond running a batch file on a scheduled basis and has very little installed beyond a plain-jane Windows.  I've tried reinstalling ForeFront, but that did not fix the problem.  The user account the machine is logging in with is in the Local Admins group.  The event logs aren't telling me anything.  All I have been able to find on this program is related to the expiration of a beta version of Windows Defender.

    What should I try next?

    Thanks for the help.
    Wednesday, March 11, 2009 5:11 PM

Answers

  • We've finally corrected this issue by migrating to a Windows Server 2003 machine and Forefront is working fine.
    • Marked as answer by Brett242 Thursday, August 30, 2012 3:26 PM
    Thursday, August 30, 2012 3:26 PM

All replies

  • bumping
    Wednesday, March 18, 2009 11:01 AM
  • Anything in the event log?

    Also check c:\documents and settings\all users\application data\microsoft\microsoft forefront\client security\client\antimalware\support mplog......log
    C:\Users\All Users\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Support

    to see if there is anything in that log around the time when it fails.

    Make sure your RPC service is started/starting correctly.

    Try registering the following dlls..

    regsvr32 wuapi.dll
    regsvr32 wuaueng.dll
    regsvr32 wucltui.dll
    regsvr32 wups.dll
    regsvr32 wuweb.dll
    regsvr32 atl.dll
    regsvr32 Softpub.dll
    regsvr32 Wintrust.dll
    regsvr32 Initpki.dll
    regsvr32 Mssip32.dll
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Wednesday, March 18, 2009 2:17 PM
  • Hi, Kurt, thanks for responding.

    Right as the machine comes up, the System event log has a bunch of errors like this:

    Event Type:    Error
    Event Source:    Service Control Manager
    Event Category:    None
    Event ID:    7011
    Date:        3/31/2009
    Time:        5:58:30 AM
    User:        N/A
    Computer:    BURDE
    Description:
    Timeout (30000 milliseconds) waiting for a transaction response from the Browser service.

    followed by:

    Event Type:    Error
    Event Source:    Service Control Manager
    Event Category:    None
    Event ID:    7000
    Date:        3/31/2009
    Time:        5:58:30 AM
    User:        N/A
    Computer:    BURDE
    Description:
    The Computer Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion. 

    The services that give Event ID 7000's are the Browser, Forefront Clinet Security Antimalware, and Forefront Client Security State Assessment services.  Services that give Event ID 7011's are Browser, dmserver (5 times), FCSAM, MOM, and one unnamed service.  I also get this error as well:

    Event Type:    Error
    Event Source:    Service Control Manager
    Event Category:    None
    Event ID:    7009
    Date:        3/31/2009
    Time:        6:01:30 AM
    User:        N/A
    Computer:    BURDE
    Description:
    Timeout (30000 milliseconds) waiting for the Microsoft Forefront Client Security State Assessment Service service to connect.

    And a few of these mixed in, but don't know if they are related or not:

    Event Type:    Warning
    Event Source:    WMI
    Event Category:    None
    Event ID:    54
    Date:        3/31/2009
    Time:        6:03:28 AM
    User:        N/A
    Computer:    BURDE
    Description:
    The description for Event ID ( 54 ) in Source ( WMI ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: \Device\WMIServiceDevice.
    Data:
    0000: 00 00 00 00 01 00 50 00   ......P.
    0008: 00 00 00 00 36 00 04 80   ....6..?
    0010: 00 00 00 00 00 00 00 00   ........
    0018: 00 00 00 00 00 00 00 00   ........
    0020: 00 00 00 00 00 00 00 00   ........

    In the Application Log, I have 4 WinMgmt errors around the same time as the System log errors with event ID's 35, and 61 twice each.

    I also checked the log in the C:\Documents and Settings\All Users\application data\... folder and around the time of these errors, all it records is the version numbers of the antimalware definitions.

    The RPC service appears to be set correctly and is set to Automatic startup.

    I re-registered all the DLL's you listed and rebooted.  The 0x800106ba error came up again.

    This machine was recently moved to a Hyper-V HA cluster, but I don't recall if that was done before or after these Forefront problems cropped up.

    What should I try next?

    Thanks,
    Brett




    Tuesday, March 31, 2009 11:18 AM
  • bump, still having problem.
    Tuesday, April 7, 2009 10:44 AM
  • what's About BITS Services?
    Can you Update this Machine with Microsoft Windows Update over internet?

    Regards,

    Francesco
    www.sharepointinside.it
    Tuesday, April 7, 2009 11:06 AM
  • BITS service is running normally.
    I am able to update Forefront definitions by going to the Microsoft Update web site.

    Any other ideas?
    Wednesday, April 8, 2009 1:53 PM
  • bump, still having this problem
    Monday, May 4, 2009 3:14 PM
  • I have sat down and worked some more on this issue and still not having any luck.

    The only thing I think I've been able to determine is that my problem is somehow being caused by something in the Hyper-V Integration Services.  If I uninstall these components, Forefront will start up and work normally.  But if I install the Integration Services, I get the 0x800106ba error.

    I've done a lot of searching on this issue and found several things referencing GDI+ and gdiplus.dll.  I also ran Windows Update on this machine and found a couple of Forefront updates (975962 and 976668), one which specifically addressed GDI+ issues on Server 2000 SP4, however, these updates have not corrected the problem.  Another article I used earlier also suggests installing Update Rollup 1.  This machine already had that present, so I am not sure that re-installing it will help.

    For some reason, the Computer Browser service is stopping with an error 3221356557.  The MOM Service, Security State Assessment Service, and the Antimalware Service are all either timing out or putting in the event log: "The service did not respond to the start or control request in a timely fashion".

    I have also tried uninstalling and reinstalling Forefront, but this does not help at all.

    What do I need to do to fix this and make Forefront work correctly again?
    Monday, January 4, 2010 6:10 PM
  • We've finally corrected this issue by migrating to a Windows Server 2003 machine and Forefront is working fine.
    • Marked as answer by Brett242 Thursday, August 30, 2012 3:26 PM
    Thursday, August 30, 2012 3:26 PM