locked
Windows 2000 Forefront Antivirus Updates RRS feed

  • Question

  • We have some windows 2000 servers in use still, and they have microsoft forefront installed.

    as of the 5th October, they have stopped updating.

    is there a reason for this?  end of support or something?  what can i do to keep protection for these servers until we can decomission them?

    Thursday, October 27, 2011 10:05 PM

Answers

  • Hi,

    Please register the files below:

    Regsvr32 WINTRUST.DLL
    Regsvr32 INITPKI.DLL
    Regsvr32 DSSENH.DLL
    Regsvr32 RSAENH.DLL
    Regsvr32 Gpkcsp.dll
    Regsvr32 Sccbase.dll
    Regsvr32 Slbcsp.dll
    Regsvr32 CRYPTDLG.DLL
    Regsvr32 Mssip32.dll

    If it still fails then apply the latest Root Certificate Update. (Add to basket--download--install update)

    Regards,
    Rick Tan

    • Marked as answer by Rick Tan Monday, November 14, 2011 8:49 AM
    Tuesday, November 8, 2011 6:15 AM
  • I had a customer with the same problem.  The reason is because Microsoft have started using a new certificate that is issued from a newer trusted root authority to digitially sign the update files.   Windows 2000 machines do not have the trusted root cert installed so they will not install the updates as they are considered untrusted.  You will see in the widnowsupdate.log file the following entry:

     

    2011-11-23 10:22:46:750 1036 74c Misc Validating signature for C:\WINNT\SoftwareDistribution\Download\5eec8c5b386a4412753bdd033b3363ee\650a4537454d6e51e143883502047d29b328bcd6:
    2011-11-23 10:22:46:797 1036 74c Misc WARNING: Error: 0x800b0109 when verifying trust for C:\WINNT\SoftwareDistribution\Download\5eec8c5b386a4412753bdd033b3363ee\650a4537454d6e51e143883502047d29b328bcd6
    2011-11-23 10:22:46:797 1036 74c Misc WARNING: Digital Signatures on file C:\WINNT\SoftwareDistribution\Download\5eec8c5b386a4412753bdd033b3363ee\650a4537454d6e51e143883502047d29b328bcd6 are not trusted: Error 0x800b0109
    2011-11-23 10:22:46:797 1036 74c DnldMgr WARNING: File failed postprocessing, error = 800b0109

    Microfosot do not have a certificate update package for Windows 2000 as it has reached end of support, however you can simply export the new certificate from a Windows 7 or Windows XP mahcine that has it installed and then import it into the XP machine.  This worked in my case.

    The certificate to export is issued to "Microsoft Root Certificate Authority" with an expiration of 10/05/2021.

     

     

     

    • Proposed as answer by Ben Christian Wednesday, November 23, 2011 3:33 AM
    • Marked as answer by Rick Tan Wednesday, November 23, 2011 8:11 AM
    Wednesday, November 23, 2011 3:33 AM

All replies

  • Hi,

    Thank you for your post.

    1.FCS latest antivirus definition is 1.113.85.0, please verify it in your client FCS UI.
    2.You say your client stopped updating which mean FCS client find no new antivirus definition without error? Meanwhile, please check if exist errors in update log file-- C:\Windows\WindowsUpdate.log.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,
    Rick Tan

    Friday, October 28, 2011 5:46 AM
  • antivirus definition = 1.113.993.0 - 5/10/2011

    the wsus log shows updates being detected, but error downloading

     

    2011-10-31 08:49:59:601 94508 1f8b0 DnldMgr Error 0x800b0109 occurred while downloading update; notifying dependent calls.
    2011-10-31 08:50:00:086 94508 171dc Report REPORT EVENT: {A278276C-34E0-42F7-A989-EA8B7346B4D3} 2011-10-31 08:49:55:086+1100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 1 updates.
    2011-10-31 08:50:00:086 94508 171dc Report REPORT EVENT: {825E8004-97D9-49A8-8EE8-F6E5872F2526} 2011-10-31 08:49:55:086+1100 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
    2011-10-31 08:50:00:086 94508 171dc Report REPORT EVENT: {85E2FE72-59F2-4B2D-B21E-9782BCE561E1} 2011-10-31 08:49:56:914+1100 1 161 101 {3AF69E98-E3E1-41ED-8D62-F823D61DCCA7} 100 800b0109 AutomaticUpdates Failure Content Download Error: Download failed.
    2011-10-31 08:50:10:086 94508 17124 AU No pending client directive
    2011-10-31 08:56:53:409 94508 171dc Report Uploading 4 events using cached cookie, reporting URL = http://tacsms01/ReportingWebService/ReportingWebService.asmx
    2011-10-31 08:56:53:409 94508 171dc Report Reporter successfully uploaded 4 events.

    Monday, October 31, 2011 12:51 AM
  • Hi,

    AutomaticUpdates Failure Content Download Error: Download failed.
     
    It seems some updates have been deleted from the wsuscontent folder. Please run "wsusutil.exe reset" and synchronize the updates located inside the wsuscontent folder.
    It's a WSUS issue, similar thread like this.

    Regards,
    Rick Tan

    Tuesday, November 1, 2011 3:04 AM
  • i don't see how that is the case, as it is only windows 2000 servers that have the issues.

    all our windows 2003, 2008, XP, Win7 machines are fine

    Thursday, November 3, 2011 3:14 AM
  • Hi,

    Well, it's not make sense to focus on wsus log.

    I run WSUS synchronizations, the FCS latest definition show 1.115.xxxx.0. Please approve it to all computers.

    The definition just separate to 32-bit and 64-bit version, not separate by OS version like Windows 2000.

    When you have downloaded the latest definition, you could verify it from WSUS console--definition update KB977939--right click--file information.

    In the same shortcut menu--click status report, it will display the update client installed details. If some clients show no status, please check the windowsupdate.log on your client computer.

    Regards,
    Rick Tan

    Friday, November 4, 2011 9:26 AM
  • the forefront virus definitions are all approved automatically in WSUS, for all machines, PC's and Servers

    everything on our network is up to date except for windows 2000 servers.

     

    Sunday, November 6, 2011 10:28 PM
  • Hi,

    What's the updates status in WSUS to Windows 2000 server?  Required but not install or installed?

    Try manually update definition following KB935934 on one Windows 2000 server to verify if it's compatible issue and show up to date.

    Regards,
    Rick Tan

    Monday, November 7, 2011 3:50 AM
  • i downloaded and ran the update, it did run, but did not update the system

    Microsoft Forefront Client Security has encountered an error trying to update signatures.
      New Signature Version:
      Previous Signature Version: 1.113.993.0
      Update Source: User
      Signature Type: AntiSpyware
      Update Type: Full
      User: TAC_DOMAIN\ISDAdmin
      Current Engine Version:
      Previous Engine Version: 1.1.7702.0
      Error code: 0x800b0109
      Error description: A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.

    EventType mptelemetry, P1 0x800b0109, P2 mpupdateengine, P3 am fe, P4 10.3.1781.0, P5 mpsigstub.exe, P6 1.5.1996.0, P7 microsoft forefront client security 1.0, P8 NIL, P9 NIL, P10 NIL.

    WSUS shows it has having 1 update needed

    Definition Update for Microsoft Forefront Client Security - KB977939 Defintion 1.115.1433.0

    Tuesday, November 8, 2011 1:37 AM
  • Hi,

    Please register the files below:

    Regsvr32 WINTRUST.DLL
    Regsvr32 INITPKI.DLL
    Regsvr32 DSSENH.DLL
    Regsvr32 RSAENH.DLL
    Regsvr32 Gpkcsp.dll
    Regsvr32 Sccbase.dll
    Regsvr32 Slbcsp.dll
    Regsvr32 CRYPTDLG.DLL
    Regsvr32 Mssip32.dll

    If it still fails then apply the latest Root Certificate Update. (Add to basket--download--install update)

    Regards,
    Rick Tan

    • Marked as answer by Rick Tan Monday, November 14, 2011 8:49 AM
    Tuesday, November 8, 2011 6:15 AM
  • Unfortuantely we still have 4 Win2k boxes in production. 
    Last month, around the same time your problem cropped up, 2 of the 4 servers would no longer update their FCS definitions.

    I called Microsoft on this issue and worked with them in an attempt to resolve the issue.
    The technician told me (on the DL at the time) that eventually all Win2k boxes are no longer going to get FCS updates.
    This has to do with the fact that the definitions are going to incorporate/require update root certificate on the Win2k server.

    As I'm sure most are aware Microsoft has updated their root certificates to exclude a few certificate publishers based on the fact that  they've been hacked.
    Due to the fact that Win2k (the OS) is no longer being supported by Microsoft, they do not intend to release new root certificate for Win2K.
    He went on to say that unofficially there is a way to get them onto the Win2k boxes, but it is not officially supported.

    With that informtion in hand, I called Symantec and bought a 5 pack of SEP standalone. 
    Currently SEP is selling version 12, which no longer supports Win2K.
    Symantec did allow me to downgrade to version 11 which still supports Win2k.

    Not an ideal fix, but our Win2k production servers are now running an anti-virus product that updates definitions without a problem and will continue to update well into the future.
    About a week after my initial tech support call to Microsoft they called me back wanting to continue to work on the issue (they hate to lose customers).
    I never returned their call because they were a day late and a dollar short.

    Mr. Schultz

    Thursday, November 10, 2011 6:20 PM
  • I had a customer with the same problem.  The reason is because Microsoft have started using a new certificate that is issued from a newer trusted root authority to digitially sign the update files.   Windows 2000 machines do not have the trusted root cert installed so they will not install the updates as they are considered untrusted.  You will see in the widnowsupdate.log file the following entry:

     

    2011-11-23 10:22:46:750 1036 74c Misc Validating signature for C:\WINNT\SoftwareDistribution\Download\5eec8c5b386a4412753bdd033b3363ee\650a4537454d6e51e143883502047d29b328bcd6:
    2011-11-23 10:22:46:797 1036 74c Misc WARNING: Error: 0x800b0109 when verifying trust for C:\WINNT\SoftwareDistribution\Download\5eec8c5b386a4412753bdd033b3363ee\650a4537454d6e51e143883502047d29b328bcd6
    2011-11-23 10:22:46:797 1036 74c Misc WARNING: Digital Signatures on file C:\WINNT\SoftwareDistribution\Download\5eec8c5b386a4412753bdd033b3363ee\650a4537454d6e51e143883502047d29b328bcd6 are not trusted: Error 0x800b0109
    2011-11-23 10:22:46:797 1036 74c DnldMgr WARNING: File failed postprocessing, error = 800b0109

    Microfosot do not have a certificate update package for Windows 2000 as it has reached end of support, however you can simply export the new certificate from a Windows 7 or Windows XP mahcine that has it installed and then import it into the XP machine.  This worked in my case.

    The certificate to export is issued to "Microsoft Root Certificate Authority" with an expiration of 10/05/2021.

     

     

     

    • Proposed as answer by Ben Christian Wednesday, November 23, 2011 3:33 AM
    • Marked as answer by Rick Tan Wednesday, November 23, 2011 8:11 AM
    Wednesday, November 23, 2011 3:33 AM
  • LEGENDS

     

    thanks heaps!

    Friday, February 3, 2012 1:16 AM