locked
Forefront on Windows Server 2003 Terminal Server RRS feed

  • Question

  • Any special considerations when installing Forefront client on 2003 terminal server? Our business essentially runs on this server and I need for this to go very smoothly. Also, this is a domain controller. This was set up before I got here and it will have to stay that way until I replace that machine.

    Wednesday, April 23, 2008 8:33 PM

All replies

  • If you are talking about installing the server components on this system then no it is not supported as we do not support installing on a Domain Controller (not sure about a terminal server either).  If you are discussing installing the client itself on the system then yes that is supported.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response)
    Friday, May 30, 2008 8:29 PM
  • I have installed FCS on several Terminal Servers in the company without a problem. Just take a time to tune the policy you're going to use, like scanning time, exclusions like db components and other stuffs.

    Good look!

    Sunday, June 8, 2008 12:10 AM
  • Hi all,

    I have severe problems running ForeFront on Terminal Services. This is with and without Citrix. Are there any special considerations ? I just installed out of the box with no modifications at all. Just the deployment has been setup to roll out to my OUs. What happens to me is that after a while (mostly some houirs after reboot) the server completely hangs from the GUI point of view. The server is accessible with RPC (eg manage server from a remote server works and file sharing is also no issue). But the server stops accepting new connections. You see the blue screen just right after you put in your credentials and that's it.

    All existing sessions are also hanging when this happens. The combination I have is HP HP 360 G05, Windows 2003 R2 SP2 with Terminal Services. Office 2007 SP1 deployed.

    Any info or help greatly appriciated.

    BR,

    Ronald Top
    Friday, July 18, 2008 2:07 PM
  •  Dear Ronald,

    I have exact the same problem. Windows 2003 Release 1 SP2. With Office 2007 SP1. Terminal server only. First user logging in goes well. It seems that closing Outlook 2007 from this first user starts the problems. From than, no other user can log in anymore. They get the login screen, but after giving credentials, they get a grey/blue screen and nothing happens. The only way I can restart the server than is via psshutdown from another machine. Also I noticed that the Microsoft FCS State Assessment service stops very slowly when the problem is their. Might this service is the cause of it?

    I Hope that the FCS team has a problem soon, or did you solve the problem already?

    Regards, Danny
    Wednesday, August 13, 2008 10:04 AM
  • Hello

    Microsoft has posted a KB that might solve the problem with ForeFront Client Security cuasing Terminal Servers to hang:
    "A Windows Server 2003-based terminal server that also runs Citrix MetaFrame Presentation Server may stop responding every few days, and you may receive a gray screen when you log on to the terminal server"
    http://support.microsoft.com/kb/960092


    It specifically mentions ForeFront Client Security and the problem description matches your experiences well.

    Hope it helps.

    Morgan
    Tuesday, January 20, 2009 2:38 PM
  • Did anyone find our if 960092 fixes this? I am seeing the same problem and was curious before I tried it on some test servers if there was any update.

    -Dave
    Thursday, August 27, 2009 9:27 PM
  • It is a serious security issue, allowing users to log on to a domain controller. We strongly recommend against running Terminal Server for end users on a domain controller.

    The FCS UI will have to run for each user logging on the server. Per user, you should expect to see an additional memory requirement of 10-15 MB. This will increase when the logged user has scheduled a scan on the system as well. So careful policy configuration on a Terminal Server is key as you would not want scans to start when the server is busy, especially a full scan.
    Oguzhan Filizlibay Security Escalation Engineer Microsoft EMEA CSS Security
    Tuesday, September 1, 2009 2:44 PM
  • Was this problem ever correctly resolved?

    We have just tried installing the client onto a Windows 2003 x64 SP2 Terminal Server and have encountered the exact same issue.

    I've looked at KB 960092 but the version of rdbss.sys that we have is newer than the fixed version so it should not be an issue.

    Thank you.

    Wednesday, September 22, 2010 8:28 AM