My SBS 2008 installation is pretty good, but one area I’ve noticed some problems was with ForeFront.  I either had errors or at best warnings all the time about the scan engines.  I would go and hit a manual update, but the bar would be 30-90% across and suddenly stop.

When I looked in the event log I could see errors like these below.

Searching the internet delivered me the KB article http://support.microsoft.com/kb/939411/en-us which talks about timeout issues, however even with the recommended change things did not resolve themselves.

Source:        GetEngineFiles Event ID:      6014 Level:         Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update.    Scan Engine: AhnLab    Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab    Proxy Settings: Disabled    Error Code: 0xC0001F58    Description: The operation timed out.

 

Source:        Microsoft Forefront Security Event ID:      7003 Level:         Warning Description: Not all of the selected engines enabled for updates successfully updated at the last attempt

 

Source:        GetEngineFiles Event ID:      6012 Level:         Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update.    Scan Engine: Kaspersky5    Error Code: 0x80070102    Description: Unable to acquire the scan engine update mutex within the designated timeout period.

 

The fix was to realise that the timeout value in the KB was still too slow.  The KB recommended creating a DWORD called EngineDownloadTimeout in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server and setting the value to 600 decimal for 10 minutes.  I’ve now set mine to 900 (384 hex) for 15 minutes and finally all the updates have succeeded.

While the console has not shown the change just yet, looking at the events in the event log show that indeed everything is now up to date.

ttfn

David