Newbee question - FCS clients deployed by WSUS do not contact MOM / FCS Server RRS feed

  • Question

  • I deployed FCS according to the Technet documentation - at least I tried ;-). I did install a two-server topology using our existing Windows 2008 WSUS 3 server with SQL2008 WSUS DB and a new Windows 2008 server for the FCS server roles. On WSUS I added the product Forefront Client Security and checked that the classification Definition updates is selected.

    For testing I did create a WSUS group FCS and a OU FCS. I assigned a Policy to the OU and configured the Enable client-side targeting property to include the FCS WSUS group. After this I moved some computers to the FCS OU, run gpupdate and windows update and did make sure, that the computers have beed added to the FCS WSUS group. The FCS Definition Updates had beed approved automaticaly by WSUS and so I only had to approve the FCS Client update.

    I deployed the FCS Server Policy to the GPO created before and the computers did recive the FCS client and a little bit later the definition updates from windows update.

    All perfect :-) But none of the computers did ever get in contact with the MOM server. They did not apear in Pending, nor in the Managed or the Unamanged computers list on the MOM server. As a result the FCS Reporting doesn't include any other computer, but the FCS Server.

    The MOM client not even seems to be installed on the clients. I tried to add manually a discovery rule in the MOM Administrator console to Include one of the FCS client test computers. It was immediatly listed in the Pending and Unmanaged computer list. I tried to install the MOM client manually using the FCS Action account and the Domain Admin account. Both did fail with a Login error.

    I checked the registry of the test computers, and in the FCS Client Keys they do mention the FCS Server, but I did find no indication of the ManagementGroup name (ForefrontClientSecurity).

    I have the feeling that I missed something during client deployment. Maybe I need to configure something in the GPO? Maybe I need to add licenses to MOM? Maybe I need the FCS Action account to local Administrators groups on the clients?

    Thank you for your help.

    Wednesday, October 20, 2010 3:53 PM


  • I solved the problem. I did miss the Preparing your network for deployment part od the tutorial abd TCP/UDP port 1270 were still blocked on the FCS server, so that clients were unable to connect the MOM server.
    • Marked as answer by olibaier Wednesday, October 20, 2010 8:05 PM
    Wednesday, October 20, 2010 7:58 PM