locked
"Client Security Script Failed to Access Non-MOM API" ERROR RRS feed

  • Question

  • Hi, I have an error when I try to deploy a policy to an Organizational Unit in Microsoft ForeFront Client Security.

    This is the alert description created in the Alerts Summary:

    When the MOM server processed a Client Security script, the script failed to access a non-MOM API.
    - API name: Create Forefront.ClientSecurity.ManagementPack.ServerUtilities
    - Error code: 70
    - Error description: Permission denied
    - Rule name: Run Flood Detection
    - Script name: Microsoft Forefront Client Security - Event flood detection

    To investigate and resolve this incident:
    1. Check to see if this problem is persistent. You can do so by reviewing the MOM Operator Console and looking for similar alerts.
    2. If the problem is not persistent, this alert was likely caused by a transient issue and no action is needed.
    3. If the problem persists, look for other related events or indications for the problem in the MOM event view and in the Windows event viewer, and resolve any issues discovered.

    For more information, refer to the Product Knowledge tab.

    ID

    Time Generated

    Event Description

    20101

    12/3/2009 12:48:00 PM

    The following non-MOM API has failed: Create Forefront.ClientSecurity.ManagementPack.ServerUtilities.
    Error code: 70
    Error description: Permission denied


    I hope you can help me with this issue... Thanks!!!
    Thursday, December 3, 2009 9:48 PM

Answers

  • Hi,

     

    Thank you for the post.

     

    Based on my research, the FCS server management pack has a task called “Run Flood Detection”, which runs every hour at :48 minutes after the hour. The script that it runs performs two major tasks in this version of FCS:

    1) checking for event floods from clients

    2) auto-approving client machines in “pending actions”.

    Each of the errors above seem to be coming from one of those tasks. Both of the errors indicate Access Denied. The script is run under the context of the MOM action account, I believe in your scenario this is a different account than MOMDas which is used for the DAS, Reporting, and DTS. You may use single Mom service account for DAS and Reporting, as well as permissions over the reporting DB for “db_owner” and the SPN settings for the SQL service account.

     

    Meanwhile, you need to verify that the MOM Action account specified has permissions on FCS resources. Can you verify that the MOM action account has read/execute permissions on %ProgramFiles%\Microsoft Forefront\Client Security\Server\MomServerUtil.dll.

     

    Regards,


    Nick Gu - MSFT
    • Proposed as answer by Nick Gu - MSFT Wednesday, December 9, 2009 8:39 AM
    • Marked as answer by Nick Gu - MSFT Friday, December 11, 2009 2:13 AM
    Friday, December 4, 2009 3:17 AM

All replies

  • Hi,

     

    Thank you for the post.

     

    Based on my research, the FCS server management pack has a task called “Run Flood Detection”, which runs every hour at :48 minutes after the hour. The script that it runs performs two major tasks in this version of FCS:

    1) checking for event floods from clients

    2) auto-approving client machines in “pending actions”.

    Each of the errors above seem to be coming from one of those tasks. Both of the errors indicate Access Denied. The script is run under the context of the MOM action account, I believe in your scenario this is a different account than MOMDas which is used for the DAS, Reporting, and DTS. You may use single Mom service account for DAS and Reporting, as well as permissions over the reporting DB for “db_owner” and the SPN settings for the SQL service account.

     

    Meanwhile, you need to verify that the MOM Action account specified has permissions on FCS resources. Can you verify that the MOM action account has read/execute permissions on %ProgramFiles%\Microsoft Forefront\Client Security\Server\MomServerUtil.dll.

     

    Regards,


    Nick Gu - MSFT
    • Proposed as answer by Nick Gu - MSFT Wednesday, December 9, 2009 8:39 AM
    • Marked as answer by Nick Gu - MSFT Friday, December 11, 2009 2:13 AM
    Friday, December 4, 2009 3:17 AM
  • Thanks alot for your help. I'll take your comments into account .

    Bye
    Wednesday, December 9, 2009 6:46 PM