locked
Forefront Client Security not getting the information from the client... RRS feed

  • Question

  • Hello,

    I have one machine which is updating locally the information for the FCS Agent:
    Last scan:Today at 1:58 AM (Full system scan)
    Antivirus Definition: Version 1.87.1998.0 created on 8/16/2010 at 2:07 AM.
    Antispyware Definition: Version 1.87.1998.0 created on 8/16/2010 at 2:07 AM.

    but in the Forefront Server it is:
    Last Heartbeat: 8/16/2010 4:37:07 PM
    Last Malware Scan: 7/11/2010 2:02:26 AM
    Last Security State Assessment Scan: 7/11/2010 6:12:07 AM

    It is not sending back the information .... The port 1270 is opened.

    in the Deployment report on the server this machine is showing without policy but in the event log I have:
        Applied Group Policy Objects
        -----------------------------
            FCS-Default Policy-{5650d82e-4286-4833-9116-a924723c61ea}-3
            MOTD Message Policy
            Default Domain Policy
            Local Group Policy

    Why this discrepancy..?

    Thanks,
    Dom

    Any idea?
    Thanks,
    Dom


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 Support
    Monday, August 16, 2010 11:59 PM

Answers

  • Hi,

     

    Thank you for the post.

     

    Please perform the following steps to reinstall FCS service and see if it works:

     

    1.On problematic client, please uninstall the following software:
    1.) Microsoft Forefront Client Security Antimalware Service
    2.) Microsoft Forefront Client Security State Assessment Service
    3.) Microsoft Operations Manager 2005 Agent

    2. Make sure client has created following registry key from GPO. These keys are required to install FCS agent, including MOM agent from WSUS.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate]
    "WUServer"="http:// WSUSServerName "
    "WUStatusServer"="
    http://WSUSServerName"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client
    Security\1.0]
    "MOMServerName"="MomServerName"
    "MOMGroupName"="ForefrontClientSecurity"

    3. On client machine, run following command line:
    Wuauclt /detectnow

    Wait for a while. After it prompted for icon at right-button corner for available update, please click the icon to install FCS agent again.

    After installed FCS Agent again, please check if this resolve the issue.

     

    Regards,


    Nick Gu - MSFT
    Wednesday, August 18, 2010 6:36 AM

All replies

  • Hi!

     

    Is this the only client having issues?

    have you tried to restart the MOM agent on the client?

    any error in the eventlog?

    /Johan


    MCSE, forefront spec | www.msforefront.com
    Tuesday, August 17, 2010 8:26 PM
  • Hi,

     

    Thank you for the post.

     

    Please perform the following steps to reinstall FCS service and see if it works:

     

    1.On problematic client, please uninstall the following software:
    1.) Microsoft Forefront Client Security Antimalware Service
    2.) Microsoft Forefront Client Security State Assessment Service
    3.) Microsoft Operations Manager 2005 Agent

    2. Make sure client has created following registry key from GPO. These keys are required to install FCS agent, including MOM agent from WSUS.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate]
    "WUServer"="http:// WSUSServerName "
    "WUStatusServer"="
    http://WSUSServerName"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client
    Security\1.0]
    "MOMServerName"="MomServerName"
    "MOMGroupName"="ForefrontClientSecurity"

    3. On client machine, run following command line:
    Wuauclt /detectnow

    Wait for a while. After it prompted for icon at right-button corner for available update, please click the icon to install FCS agent again.

    After installed FCS Agent again, please check if this resolve the issue.

     

    Regards,


    Nick Gu - MSFT
    Wednesday, August 18, 2010 6:36 AM