Forefront Client Security 2-Server Part 3: Next Steps and Troubleshooting

Forefront Client Security 2-Server Part 3: Next Steps and Troubleshooting
Page content

What is Next?

As far as the purpose of our article, we are done with the installation of Forefront Client Security. Where you can go from here depends on the topology you want to explore. Following are some possible scenarios:

  • Install Client Security on Client System(s): You can add another client system to the already existing topology and see how Forefront Client Security servers work with the clients. You can explore the client-side interface, apply policies from the server, and see how they are implemented.
  • Install Threat Management Gateway: You can add another Windows 2003 Server to the topology and explore the possibilities to migrate your existing ISA architecture to the new generation Forefront Client Security Platform.
  • Install Forefront Client Security for Exchange: This is another possibility if you have Exchange servers running in your company and evaluate how you can work with Forefront Client Security and Exchange.
  • Install Forefront Client Security for Sharepoint: Yet another option if you want to explore various possibilities with Forefront Client Security and Sharepoint.

Except for the first item, if you will be evaluating a possible migration scenario, I would recommend to make a clone –copy of your existing IT infrastructure and explore the possibilities as close to the real world as possible.

Conclusion

Microsoft could have discontinued its support for the Virtual PC platform and switched to Windows Virtual PC, but the good ol’ Virtual PC is still a simple and powerful tool to work with. I tried to work with Windows Virtual PC but personally, I found it to use too much resources. We could also use third-party products for our purpose, which is a personal selection. As far as the basics are concerned, it does not matter which virtualization product you use – Virtual PC, Windows Virtual PC, VMWare, Xen, ESX etc..

If you want to evaluate Forefront Client Security further in different deployment types, such as 1-Server, 3-Server, 4-Server deployments, you can follow the guidance I set forth throughout the article. Before going on with such a scenario, make sure that you have adequate hardware resources available on your host system and make sure that you outline your topology clearly. The rest is selecting different components for installation.

Troubleshooting

Error: SQL Server 2005 SP1 Installation: Locked Files

Error message:

In order to prevent a necessary reboot at the end of the patch install process, close down all other applications before proceeding:

  • Write locked file: C:\ Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (msftesql.exe)
  • Write locked file: C:\ Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftepxy.dll (msftesql.exe)
  • Write locked file: C:\ Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msfte.dll (msftesql.exe)
  • Write locked file: C:\ Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (sqlbrowser.exe)
  • Write locked file: C:\ Program Files\Microsoft SQL Server\90\Shared\svenumapi.dll (wmiprvse.exe)

The issue is addressed in Microsoft Knowledge Base (https://support.microsoft.com/kb/915692) as follows:

To resolve this problem, stop the SQL Server Agent service, the SQL Server FullText Search service, the SQL Server Browser service, and the Windows Management Instrumentation (WMI) service before you install SQL Server 2005 SP1. To stop these services, follow these steps:

  1. Open SQL Server Configuration Manager.
  2. In the left pane, click SQL Server 2005 Services.
  3. In the right pane, right-click SQL Server Agent (MSSQLSERVER), and then click Stop.
  4. In the left pane, right-click SQL Server 2005 Services, and then click Refresh.
  5. In the right pane, right-click SQL Server FullText Search (MSSQLSERVER), and then click Stop.
  6. In the left pane, right-click SQL Server Browser, and then click Stop.
  7. Exit SQL Server Configuration Manager.
  8. At a command prompt, run the following command to stop the WMI service.

NET STOP “Windows Management Instrumentation”

Forefront Client Security Installation Error: WUA API 2.0 is installed but the version of wuapi.dll is earlier than 5.8.0.2469

This error will appear next to “Verifying software requirements” in the Verifying Settings and Requirements dialog (Figure 10 in Part 2 of the series - Forefront Client Security Installation Wizard - Verifying Settings and Requirements).

The Windows Update Agent installed on your system needs to be updated. You should not have received this error if you have installed Windows Update Agent 3.0. If you have not completed the installation, you will not be able to proceed with Forefront Client Security installation.

Forefront Client Security Installation Error: SQL Reporting Services 2005 SP1 is not installed.

This error will appear next to “Verifying software requirements” in the Verifying Settings and Requirements dialog (Figure 10 in Part 2 of the series - Forefront Client Security Installation Wizard - Verifying Settings and Requirements).

You already have Microsoft SQL Server 2005 installed but not SP1. Download and install the x86[1] version of SQL Server Service Pack 1.

[1] As told above, Microsoft Virtual PC 2007 is incompatible with 64-bit guest systems. Since the document is based on installing Forefront Security on Virtual PC, we have to download the 32-bit, or in other words, x86 version of the Service Pack 1. If you are using 64-bit guest systems such as Windows Server 2008 and SQL Server 2008, you can download the x64 version. At this point, note that download files which have ia64 in their names refer to the downloads related to the systems having Intel Itanium processors. Unless you are using an Itanium-based system, you should download the file with the x64 name.

This post is part of the series: Forefront Client Security 2-Server Installation on Microsoft Virtual PC

Installing Microsoft Forefront Security can really be a daunting task if you do not gather the necessary requirements and define your topology. Throughout the articles, we will discuss each step one by one and establish a working Forefront Client Security system with two servers.

  1. Microsoft Forefront Client Security - Topology, Setup, Preinstallation Considerations
  2. Microsoft Forefront Client Security - Installing Components
  3. Microsoft Forefront Client Security - Possible Next Steps, Conclusion and Troubleshooting