locked
SBS 2008 & Forefront Protection 2010 for Exchange - SBS Console Error RRS feed

  • Question

  • I've been looking long and hard for a solution to this:

    We have an SBS 2008 installation that originally had the Forefront Anti-spam (forget it's exact name back in 2008) - that was upgraded over the years to Forefront Protection 2010 for Exchange.  This is supported / installed on the SBS - but we continue to get errors on the SBS console that tells us that SPAM PROTECTION FOR E-MAIL is Critical.  When you dig deeper you see the error that "Content Filter Agent is not running".  From what I've been able to gather, this error has something to do with Exchange's filter being stopped and replaced with Forefront's.  But I can't figure out how to fix this error (or at least suppress it).  Any suggestions?  This is the upgrade path Microsoft recommended to us for this product - so we've followed their guidelines - but now can't fix this.  Thanks!

    Shawn

    Wednesday, June 15, 2011 4:47 PM

Answers

  • I had this very same problem, but with SBS 2011 (and forefront protection 2010 for Exchange.)  The difference is that SBS 2008 comes with a forefront trial, so I'm not sure why you are getting the error.  (A critical security error in the small business server 2011 console for Spam protection for e-mail)

    Regardless, and for anyone else searching, the CAUSE of the error is that the MS Exchange "content filter" is turned off in favor of the forefront content filter when forefront is installed.  The SBS console is still looking at the Exchange filter status (which is now off) and is generating an error.  On my SBS 2011 server, the cause of this is a file named "E12AntiSpam.xml" in the "C:\Program Files\Windows Small Business Server\Data\SHExtensions" directory.  Within that file, there is probably a line such as

    $(Get-TransportAgent "Content Filter Agent").Enabled

    The fix can be as simple as changing the line to:
    $(Get-TransportAgent "FSE Content Filter Agent").Enabled

    (just inserting "FSE " in the front of the agent name)

     

    In my case, I took thing a bit further to fix up some of the stats that are displayed.  Search down toward the end of the XML file and you'll a line that references "Win32_PerfFormattedData_MSExchangeContentFilterAgent_MSExchangeContentFilterAgent"  Those performance counters will always be zero if the MS Exchange content filter is disabled, so I changed the string to "Win32_PerfFormattedData_ForefrontExchangeContentFilterAgent_ForefrontExchangeContentFilterAgent" and now it pulls the data from forefront instead.  Here's that entire part of the XML file with the change and some additions:

    <DetailGroups>
       <DetailGroup Type="PowerShell">
        <InitializationScript>
         $perfCounter = Get-Wmiobject Win32_PerfFormattedData_ForefrontExchangeContentFilterAgent_ForefrontExchangeContentFilterAgent
        </InitializationScript>
        <Detail Title="Messages Rejected" ValueScript="$perfCounter.MessagesRejected"/>
        <Detail Title="Messages Deleted" ValueScript="$perfCounter.MessagesDeleted"/>
        <Detail Title="Messages Quarantined" ValueScript="$perfCounter.MessagesQuarantined"/>
        <Detail Title="Messages Scanned" ValueScript="$perfCounter.MessagesScanned"/>
       </DetailGroup>
      </DetailGroups>

    • Proposed as answer by GaryD9 Thursday, June 16, 2011 10:46 AM
    • Marked as answer by Shawn Lemay Wednesday, June 22, 2011 1:47 PM
    Thursday, June 16, 2011 10:46 AM

All replies

  • I had this very same problem, but with SBS 2011 (and forefront protection 2010 for Exchange.)  The difference is that SBS 2008 comes with a forefront trial, so I'm not sure why you are getting the error.  (A critical security error in the small business server 2011 console for Spam protection for e-mail)

    Regardless, and for anyone else searching, the CAUSE of the error is that the MS Exchange "content filter" is turned off in favor of the forefront content filter when forefront is installed.  The SBS console is still looking at the Exchange filter status (which is now off) and is generating an error.  On my SBS 2011 server, the cause of this is a file named "E12AntiSpam.xml" in the "C:\Program Files\Windows Small Business Server\Data\SHExtensions" directory.  Within that file, there is probably a line such as

    $(Get-TransportAgent "Content Filter Agent").Enabled

    The fix can be as simple as changing the line to:
    $(Get-TransportAgent "FSE Content Filter Agent").Enabled

    (just inserting "FSE " in the front of the agent name)

     

    In my case, I took thing a bit further to fix up some of the stats that are displayed.  Search down toward the end of the XML file and you'll a line that references "Win32_PerfFormattedData_MSExchangeContentFilterAgent_MSExchangeContentFilterAgent"  Those performance counters will always be zero if the MS Exchange content filter is disabled, so I changed the string to "Win32_PerfFormattedData_ForefrontExchangeContentFilterAgent_ForefrontExchangeContentFilterAgent" and now it pulls the data from forefront instead.  Here's that entire part of the XML file with the change and some additions:

    <DetailGroups>
       <DetailGroup Type="PowerShell">
        <InitializationScript>
         $perfCounter = Get-Wmiobject Win32_PerfFormattedData_ForefrontExchangeContentFilterAgent_ForefrontExchangeContentFilterAgent
        </InitializationScript>
        <Detail Title="Messages Rejected" ValueScript="$perfCounter.MessagesRejected"/>
        <Detail Title="Messages Deleted" ValueScript="$perfCounter.MessagesDeleted"/>
        <Detail Title="Messages Quarantined" ValueScript="$perfCounter.MessagesQuarantined"/>
        <Detail Title="Messages Scanned" ValueScript="$perfCounter.MessagesScanned"/>
       </DetailGroup>
      </DetailGroups>

    • Proposed as answer by GaryD9 Thursday, June 16, 2011 10:46 AM
    • Marked as answer by Shawn Lemay Wednesday, June 22, 2011 1:47 PM
    Thursday, June 16, 2011 10:46 AM
  • Hi,

     

    From the problem description, I understand that you have installed and upgraded the Forefront Protection 2010 for Exchange. However, you have received the error message on the SBS console:

     

    Spam Protection for E-mail is Critical.

     

    And you think this error message has something to do with Exchange’s filter being stopped and replaced with Forefront’s. Based on the current situation, I suggest that you could verify whether the configurations of Anti-Spam and Antivirus Features are correct or not. And there are some links for your reference:

     

    Title: Managing Anti-Spam and Antivirus Features

    URL: http://technet.microsoft.com/en-us/library/aa996604.aspx

     

    Title: Understanding Anti-Spam and Antivirus Functionality

    URL: http://technet.microsoft.com/en-us/library/aa997658.aspx

     

    And The content filter agent may be disabled by the forefront, please read the link below:

     

    http://social.technet.microsoft.com/Forums/en-US/exchangesvrantivirusandantispam/thread/fa204f3f-70a5-466f-9371-f4db1e075087/

     

    If you still have some concerns with the coexistence between the Forefront Protection and Exchange server 2010. I suggest you could ask a new thread according to the link below:

     

    Title: Forefront for Exchange Server

    URL: http://social.technet.microsoft.com/Forums/en-US/FSENext/threads

     

    Thx,

    James


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, June 17, 2011 6:36 AM
  • Hi,

     

    How is everything going? If there is anything unclear or any inquires towards the issue. Please drop me a note!

     

    Thx,

    James


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, June 21, 2011 12:58 AM
  • This was perfect!  Yes it's the same for SBS2008 - and it worked.  Thanks for the extra counters too - that's very helpful!!!
    Wednesday, June 22, 2011 1:47 PM
  • Gary - this worked great for the console - but the emailed reports I get nightly still show the error... is there a 2nd config that I have to change to get the reports to correctly update as well?  Thanks!
    Tuesday, June 28, 2011 3:28 PM
  • On SBS2011, I'm not seeing nightly error reports on this, so I have no idea.   My best guess would be to just turn off the warning/error notification for that in SBS Console (assuming that's possible with the SBS 2008 console.)  Too many of the SBS console and monitoring things seem to be hardcoded with no flexibility.

    Tuesday, June 28, 2011 3:46 PM
  • Gary,

     

    I followed your instructions but I'm not clear about the "stats display."  Are you referring to the stats displayed on the SBS console?  If so, I can't get these referenced at all either with or without these changes.  Adding "FSE" to the content filter agent DID stop the annoying error message on the console though.

    Tuesday, August 23, 2011 8:50 PM
  • It should be noted that you can't edit this file unless you open it from Notepad after right clicking on the shortcut for Notepad and selecting "Run as Administrator". Also, you won't see any changes until you close and re-open the Windows SBS Console. Other than that, THANK YOU Gary!


    • Edited by James Newton Friday, April 13, 2012 5:42 PM Console must be restarted as well.
    Friday, April 13, 2012 3:45 PM
  • I would also love to have a way to fix the emailed reports. I've searched the computer for the "Content Filter Agent" text and found several files where it appears, but none seem to be related to the reports. 
    Tuesday, April 24, 2012 5:37 PM
  • Do you have a solution for SBS 2011?  I just completed an upgrade from SBS 2008 to SBS 2011.  I implemented your solution on SBS 2008 and it worked perfectly, thank you!

    Unfortunately, with the switch to Exchange 2010 (I am guessing...), it does not work.  Have the variable naming conventions changes from Exchange 2007 to Exchange 2010 so that the "$(Get-TransportAgent "FSE Content Filter Agent").Enabled" statement should be querying a different object, something other than "FSE Content Filter Agent?"

    Thank you for the help and insight!


    Jim


    Monday, May 21, 2012 10:04 PM
  • This all works fine for me on SBS 2011, but not on SBS 2008. I've twisted it every way, but the console still shows an error on the  Security page for "Spam Protection for email" and none of the changes I make in the E12AntiSpam.xml file seem to be reflected on the Security Page of SBS Console. 
    Friday, July 20, 2012 7:03 PM