My SBS 2008 installation is pretty good, but one area I’ve noticed some problems was with ForeFront. I either had errors or at best warnings all the time about the scan engines. I would go and hit a manual update, but the bar would be 30-90% across and suddenly stop.
When I looked in the event log I could see errors like these below.
Searching the internet delivered me the KB article http://support.microsoft.com/kb/939411/en-us which talks about timeout issues, however even with the recommended change things did not resolve themselves.
Source: GetEngineFiles Event ID: 6014 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: AhnLab Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab Proxy Settings: Disabled Error Code: 0xC0001F58 Description: The operation timed out. |
Source: Microsoft Forefront Security Event ID: 7003 Level: Warning Description: Not all of the selected engines enabled for updates successfully updated at the last attempt |
Source: GetEngineFiles Event ID: 6012 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: Kaspersky5 Error Code: 0x80070102 Description: Unable to acquire the scan engine update mutex within the designated timeout period.
|
The fix was to realise that the timeout value in the KB was still too slow. The KB recommended creating a DWORD called EngineDownloadTimeout in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server and setting the value to 600 decimal for 10 minutes. I’ve now set mine to 900 (384 hex) for 15 minutes and finally all the updates have succeeded.
While the console has not shown the change just yet, looking at the events in the event log show that indeed everything is now up to date.
ttfn
David
Posted
Sun, Dec 21 2008 2:18 PM
by
David Overton