locked
Ahhhh nooo... RRS feed

  • Question

  • Ok, starting today our users Vista machines have started going wonky. At startup Forefront errors out "application failed to initialize 0X800100058" And another startup program fails to launch, giving us the access denied error. As well, the sidebar loads but with no gadgets. Closing each program and re-opening them works, incuding the sidebar. Until another reboot. Uninstalling Forefront solves all three problems. What in the heck could be going on??
    Wednesday, July 29, 2009 10:35 PM

All replies

  • Hi,

     

    Thank you for your post.

     

    Before going any further, I’d like to confirm the following question:

     

    1.Does this issue occur only one machine or all of you machines?

    2.How do you deploy the FCS on your client machine(policy or manually)?

    3.Do you have installed other antivirus product on your problematic machine? If have, please uninstall it and only install FCS.

     

    If you deploy FCS from policy, you should confirm that the policy is getting pushed on the client machine. If the policy is not getting pushed, the problem may be that the user account that was being used to deploy the policy did not have administrator permissions on those machines. Please log on as an administrator and try again. Meanwhile, if you are running x64 vista, UAC setting may affect FCS installation. You may disable UAC and see if it works.

     

    Regards,


    Nick Gu - MSFT
    Thursday, July 30, 2009 3:20 AM
  • 1. the issue is occuring on more and more machines, might justbe a coincidence but after a reboot is done from installing yesterdays updates
    2. We deploy using policy + WSUS, and hasn't been an issue since it started yesterday.
    3. No other AV anymore
    4. The issue occurs with any account I log in as. For example, if I log into a machine that I've never logged into before things work ok. Reboot, login and issue presents itself. I am a domain admin.
    Thursday, July 30, 2009 3:07 PM
  • FYI, so far only Vista clients. Here's what I've done on a test machine. Uninstalled Forefront, reboot...everything works. Run WSUS and install forefront, reboot and problem comes back. This time, uninstall forefront + Mom agent and reboot....sidebar starts with no gadgets. Close sidebar, open it again voila gadgets are there.

    Run WSUS, install forefront which also installs the Mom agent. Reboot, and error comes back "application failed to initialize 0X80010058". (removed a 0 from my initial post, mistake)

    my guess is something with the mom agent, but why all of a sudden and wth do I do now
    Thursday, July 30, 2009 4:33 PM
  • Yup, more and more Vista users are calling in. Same problems all over the place

    Thursday, July 30, 2009 7:57 PM
  • I would like to test your MOM theory and after you uninstall FCS on a client reinstall with the NOMOM switch.  The hard part is that you will need to make sure it's not getting reoffered the MOM componant from WSUS since there will be an FCS policy in place.  If you just want to unapprove it while testing that will do.

    Has anything changed on the network? This error indicates some kind of network fault.
    Are all the machines the same hardware that are failing or does it vary?

    -Eddie
    Friday, July 31, 2009 12:20 AM
  • I'm now leaning away from this being a FCS problem actually. I'm guessing it was a windows update in the last couple days that killed these machines. Perhaps the .net 35 sp1. Each of the 3 programs I'm having issues with fail at startup (sidebar, forefront (although the services are started even after the error), and a program called second copy). Once they all error out, i can simply open the program from the start menu and it loads in the system tray just fine. At that point I can log in and out between profiles and things are ok. It's when a reboot occurs where the problems come in. I'm confused.

    I will try the manual install with the /nomom though
    • Edited by Ryan Senio Friday, July 31, 2009 3:10 PM
    Friday, July 31, 2009 2:18 PM
  • Yup, I moved the client into a new OU with no FCS policy. Installed the client manually with the nomom switch and it still fails with the same error. The sidebar and other program still have the issues as well
    Friday, July 31, 2009 3:21 PM
  • Thanks for the update.
    So did you establish that the problem ONLY uccurs with FCS installed (I ask because you were mentioning the recent updates)?
    Friday, July 31, 2009 3:49 PM
  • No, the problem occurs with or without forefront installed. I've been running boot time checks using process monitor. However I'm filtering based on the process name of either programs. I see nothing strange, which leads me to believe I need to monitor another process. I'm just not sure what that is, explorer.exe, svchost? What process calls these programs to start? Because like I said I can simply run them from the start menu no problem

    Ok, just wait. One of my guys jsut said he logged into a machine as an admin, uninstalled both components of Forefront and rebooted. Things were back to ok no matter which profile he would log in as after a reboot. He ran WSUS and installed Forefront again, reboot, errors again.

    Perhaps my machine I've been messing with is just that, messed up

    *Edit* yes, I have confirmed that on 2 more machines simply uninstalling Forefront clears the problems

    I have also confirmed that if I move the computer to a different OU and change group policy to allow Windows Defender (while forefront is still uninstalled) it errors out the exact same way application failed to initialize 0X80010058
    • Edited by Ryan Senio Friday, July 31, 2009 4:42 PM
    Friday, July 31, 2009 4:17 PM
  • I saw something similar to this once, but a different specific error.  It turned out to be something currupt in a profile and FCS was having a problem enumerating the profiles.

    Do you see anything that looks like garbage or duplicate profiles in:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    Friday, July 31, 2009 6:59 PM
  • I can login one of the problem computers as a user that has NEVER logged into it before. Things will load ok, reboot and it all goes to ____. But no, there is nothing unusual about the reg keys for the profiles on this one computer.
    Friday, July 31, 2009 7:13 PM
  • I bounced this off a few guys here, but I think this is going to take some digging and data gathering to resolve.  If your still seeing this,  you should open a case. You should be able open a now charge account if you do it online.
    Monday, August 3, 2009 4:14 PM
  • Does anyone know, besides the program files folder for Forefront which files are being dropped in other locations during an install?
    Tuesday, August 4, 2009 3:36 PM
  • Hi Ryan,


    "\\Program Files\Microsoft Forefront\Client Security" should be the only location for Forefront related files.

    Make sure to remove to the mom agent and reinstall it fresh for no conflicts to your fresh forefront client deployment.

    Good luck
    Mark Norman, Praxa
    Tuesday, August 25, 2009 1:12 PM