The EXPTA {blog}

Fix for Forefront Update Timeout Errors

Saturday, February 9, 2008

I use Microsoft Forefront Security for Exchange Server on my Exchange 2007 Edge server.

Recently I noticed the following error in the Application Event log:

Event Type: Error
Event Source: GetEngineFiles
Event Category: Engine Error
Event ID: 6014
Date: 2/9/2008
Time: 10:08:43 AM
User: N/A
Computer: GATEWAY
Description:
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Kaspersky5
Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky5
Proxy Settings: Disabled
Error Code: 0xC0001F58
Description: The operation timed out.

Followed immediately by:

Event Type: Information
Event Source: GetEngineFiles
Event Category: General
Event ID: 2017
Date: 2/9/2008
Time: 10:08:43 AM
User: N/A
Computer: GATEWAY
Description:
Forefront Server Security has rolled back a scan engine.
Scan Engine: Kaspersky5

This was happening every 5 minutes after Event ID 2034, which reports that Microsoft Forefront Server Security is attempting a scan engine update of the Kaspersky5 scan engine.

To solve this error make the following change to the registry on the server running Forefront:

Open Regedit

Navigate to the following key:

HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server

Click New DWORD Value

Type EngineDownloadTimeout, and then press ENTER

Right-click the new value and select Modify

Select Decimal as the base, enter 600 in the Value data box, and then click OK. This setting causes the scan engine download process to time out after 600 seconds (10 minutes, instead of 5 minutes)

Exit Regedit

Note: You do not have to restart Forefront Server services or Exchange Server services after you change this registry entry.

Now perform a manual scanner update in Forefront:

Open Forefront Server Security Administrator

Click Scanner Updates under Settings

Select the appropriate scan engine that was previously timing out. In my case, Kaspersky Antivirus Technology

Click the Update Now button on the right side of the screen

Check the Application event log to ensure that the scan engine has updated properly (Event ID 2012).

Windows Server 2008 Unleashed Released!

Friday, February 8, 2008

I'm very excited to say that our new book, Windows Server 2008 Unleashed, will be hitting Amazon's shelves very soon! We just received our first 100 copies from the publisher and man, this thing's a monster! 1,432 pages of hard cover goodness.

I'm very proud of our team's work on this and proud to say that I was the sole tech editor for the entire book. You can place orders (or pre-orders) now from Amazon.

On a related note, Windows Server 2008 went RTM on Monday. I'm looking forward to the official product launch on February 27th!

Using SMS Trace to View Log Files

Monday, January 28, 2008

I wind up looking at a lot of text logs during troubleshooting. While opening a log in Notepad is quick, it’s also tough to look at a lot of log entries that way. I use the SMS Trace (aka, Trace32) log viewer from the Configuration Manager 2007 Toolkit.

With it, you can easily:

Find any log line with a specific text

Highlight lines with specific text

Filter out lines that contain text to reduce the volume of what you see

Lines with the word "warning" are automatically highlighted in yellow and lines with the word "error" are highlighted in red. It even updates the log every 500 milliseconds to get new entries, which you can adjust.

The System Center Configuration Manager 2007 Toolkit is available here. There is an exe which unpacks to two msi packages. Use the CcmTools.msi which installs the core tools.

When you launch the SMS Log Viewer for the first time, it will prompt you with:

Do you want to make SMS Trace the default log viewer?

I always make it my default viewer.

Random Photos from TechEd 2007

Friday, January 25, 2008

Here are some photos taken last year at TechEd 2007 in Orlando. Maybe this will give you some idea of the scope and size of the event.

Windows Mobile 6 for the Samsung BlackJack - FINALLY!

Friday, January 25, 2008

Finally! After almost a year waiting, AT&T and Samsung have released Windows Mobile 6 for the original BlackJack. I nominated WM6 for the BlackJack as the year's biggest vaporware product on Wired Magazine's annual list. It was voted the #6 spot.

Head on over and get it here!

Append Operations on Large Files

Friday, January 25, 2008

My team and I were discussing the time it takes for append operations to perform on large files, such as log files. Some suggested that the operation will take longer the larger the file becomes. Others thought the size of the file has no bearing.

I decided to create an experiment. I created a 3.5GB log file using a script and renamed the log file so as to remove any possibility of caching. I ran another script that appended a single line to the logfile. It appended the new line in less than 1 second.

Next, I copied the 3.5GB logfile to a remote server (took 3 minutes to copy), renamed it and tested again. Again, it took less than one second to append a new line. I had another user do the same test from his workstation with the same result.

Conclusion: File size has no bearing on the length of append operations.

TechEd 2008 Tips

Friday, January 25, 2008

This year will be my fifth TechEd. Here are my tips for a happy and productive experience.

Book your hotel through the MS TechEd site. These are the best rates and any of these hotels will have guaranteed (free) bus service to the conference (unless TechEd is being held in Boston. Those of you who were there know what I'm talking about.). I like the Embassy Suites on Jamaican Court. It's close, nice rooms and has a great free breakfast (although food is NEVER a problem at TechEd).

Pack your suitcase inside another suitcase to travel to TechEd. That way you will have a another BIG suitcase to bring back your swag.

Don't rent a car unless you need one. Some hotels offer transportation to/from the airport, otherwise take a cab. Most hotels have car rentals in the lobby, so you can always rent one if needed.

When the TechEd courses go online on the Connect site, review them and sign up for all the ones you want to attend, even if they overlap times. That way, you can always leave a session that doesn't live up to your expectations for a different one. Be aware that some sessions book up full.

Wear comfortable clothes and shoes. The venue is climate controlled, so dress for 20C/72F.

Try to stay a couple of days before or after the event to visit some sites. I HIGHLY recommend renting a car and visiting the Kennedy Space Center in Cape Canaveral (about 40 minutes away). We got to see Atlantis launch last year and it was absolutely awesome!