You may find the following errors in the Event Viewer regarding Forefront Security for Exchange updates:
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Norman
Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Norman
Proxy Settings: Enabled
Error Code: 0×80004005
Description: An error occurred while checking if an update was available.
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Norman
Error Code: 0×80070102
Description: Unable to acquire the scan engine update mutex within the designated timeout period.
And in ProgramLog.txt
"INFORMATION: Attempting to download the Norman scan engine package from http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Norman."
"INFORMATION: The proxy settings will be used for this connection."
"ERROR: The Norman scan engine update timed out while downloading files"
"ERROR: UpdateException: GetFileCommand failed on norman_fullpkg.cab. (0×00002efe) The connection with the server was terminated abnormally. WinHttpClient failed while reading data."
"INFORMATION: The Norman scan engine has been rolled back."
"INFORMATION: Attempting to download the Norman scan engine package from http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Norman."
"INFORMATION: The proxy settings will be used for this connection."
"ERROR: Unable to acquire the scan engine update mutex within the designated timeout period (300 seconds)."
"ERROR: The Norman scan engine update timed out while downloading files"
"ERROR: UpdateException: GetFileCommand failed on norman_fullpkg.cab. (0×00002efe) The connection with the server was terminated abnormally. WinHttpClient failed while reading data."
"INFORMATION: The Norman scan engine has been rolled back."
"INFORMATION: Attempting to download the AhnLab scan engine package from http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab."
"INFORMATION: The proxy settings will be used for this connection."
"ERROR: Unable to load manifest from: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab/Package/manifest.cab : WinHttpClient send request returned an invalid return code 404."
This happens because timeout occurs while updating the engines. The solution is to increase the default 300 seconds timeout period. This can be done by editing the following registry key:
Notice that you need to edit a registry value, so make sure you take a backup of your registry before changing any value.
Locate the REG_DWORD registry value EngineDownloadTimeout in the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
And increase it to 600 seconds and try to update, if the update fails again then increase the period. If it is not found, create it.
Another important thing, make sure that the engines updates schedules don’t overlap.
I was installing FSE SP2 on the Exchange Server. I have installed it on more than one server but on the last one, the setup hung on “Setting Up Registry” message with no errors nor warnings in the event viewer!
I found that the solution was to install Hotfix Rollup 2 for Forefront Security for Exchange Server Service Pack 1 (KB 946864).
If the user profile was deleted, then you will get this message:
Your user profile was not loaded correctly! You have been logged on with a temporary profile.
To solve this issue, open C:\Users\ and notice the name of the temp profile, if it is not “TEMP” it will be like “TEMP.DOMAIN.00X”.
Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Now locate teh subkey which contains the “ProfileImagePath” value with the data “<temp-profile-name>” which we noticed from C:\Users folder and delete this subkey. Logoff and login again.
If you were unable to login with the error message stating that the profile is not found, just restart the machine and you will be able to login.
If you promote a Windows Server 2008 to become a Domain Controller, you may notice that the default DNS zones haven’t been created!
To solve this issue, make sure that IPv6 is not disabled on the server and all the network interfaces cards have the “Register this connection’s address in DNS ” check box checked.
Restart the DNS service and the zones should be created.
If you want to sysprep a Hyper-V machine, make sure it has no snapshots.
I was syspreping one of my Hyper-V machines, I copied the syspreped vhd and created a new virtual machine linked to this existing syspreped vhd. When I start this new virtual machine it starts as it wasn’t syspreped with menu to select either to “Safe mode” or to “Start Windows normally”.
I deleted the snapshots that I don’t need and I applied others to the original virtual machine. After this, I was able to sysprep and create a new virtual machine successfully.
PS: Usually we will sysprep a clean machine, not a machine with applications and services installed on it with so many snapshots.
If you want to sysprep a Windows Server 2008 machine, it is an easy process :
- Navigate to C:\Windows\System32\Sysprep
- Run Sysprep.exe
- Check "Generalize" (this regenerates SID’s)
- Change Shutdown option to to Shutdown.
That is it 
I have Microsoft Forefront Security for Exchange installed on the Exchange servers. One of the clients was trying to send an email with a multipart compressed file in the attachments
and he got this error:
FILE QUARANTINED
The original contents of this file have been replaced with
this message because of its characteristics.
File name: ‘winmail.dat->FileName.part1.rar’
Virus name: ‘CorruptedCompressedFile’
This happens because Forefront deletes multipart compressed files because Forefront treats them as a corrupted files.
To get this issue solved do the following:
In Forefront Server Security Administrator, under Settings, click General Options.
Under Scanning, click to clear the check box beside "Delete Corrupted Compressed File".
January 10th, 2010 in
Uncategorized |
No Comments
Adding so many DHCP scopes to the server all at the same time, this will consume a lot of time, so it is good to know how to add, configure and activate DHCP scopes using command line in Windows Server 2008.
The following commands are used to add the scope 172.16.16.0 with the name of “HR Users” with the subnet mask 255.255.255.0.
The IP range for
netsh dhcp server \\DHCP-Server add scope 172.16.16.0 255.255.255.0 "HR Users"
netsh dhcp server \\DHCP-Server scope 172.16.16.0 add iprange 172.16.16.1 172.16.16.254
netsh dhcp server \\DHCP-Server scope 172.16.16.0 add excluderange 172.16.16.1 172.16.16.20
netsh dhcp server \\DHCP-Server scope 172.16.16.0 set optionvalue 003 ipaddress 172.16.16.1
netsh dhcp server \\DHCP-Server scope 172.16.16.0 set optionvalue 006 ipaddress 172.16.10.10 172.16.10.11
netsh dhcp server \\DHCP-Server scope 172.16.16.0 set state 1
Commands’ description:
netsh dhcp server \\<Server> add scope <Subnet> <Subnet mask> <ScopeName>
netsh dhcp server \\<Server> scope 172.16.16.0 add iprange <StartIP> <EndIP>
netsh dhcp server \\<Server> scope 172.16.16.0 add excluderange <StartExclusion> <End-Exclusion>
netsh dhcp server \\<Server> scope 172.16.16.0 set optionvalue 003 IPADDRESS <Gateway1>
netsh dhcp server \\<Server> scope 172.16.16.0 set optionvalue 006 IPADDRESS <Primary DNS> <Secondary DNS>
netsh dhcp server \\<Server> scope 172.16.16.0 set state 1
If you are connecting using remote desktop to the server on which you installed Hyper-v role. When you try to connect to a guest machine for the first time and you want to install the operating system, you are using the mouse, you will receive the message:
“Mouse not captured in Remote Desktop session”
The solution for this is to connect physically to the server and install the OS on the guest machine!
If you are supporting a client remotely using one of the remote support applications, and you want to reset a user password and you don’t want to log off from the user account, you can run the command prompt under the administrator account using Run As, then use the following command:
net user UserName NewPassword
Or use the following command if you don’t want to enter the password in plain text
net user UserName *
