Friday, August 13, 2010

Forefront Client Security – Collection Database creation Failure

 

Problem:

While installing FCS roles (Management, Collection Server, Collection Database, Reporting Server and Reporting Database) on a server, the requirements, the verifying settings and requirements shows all is well (image below).  That is until you initiate the install and the installation bombs out with an error on the creating collection database task.  I have run into many posts about this same issue and just about every one of them has a different solution or they gave up.  Some of the solutions say that its because .NET framework 1.1 is not installed, or Collation settings are not set correctly, etc..  

Now I have tried just about every solution out there, and none of them fixed my issue.  So I took matters into my own hands and ventured away from the standard installation wizard.  Below is the solution that got me to the point where I successfully created the Collection Database on the server, and then I was able to resume installing the remaining roles.

Note:  I have only encountered this issue on Windows 2003 x32.  All other installs on Win2008 have been successful.   Below is an image of the FCS server and the roles (consolidated).
 
 

image

 

Solution:

A little more information about my configuration will explain the solution.   I had the OS installed on C:\ (Of Course), and SQL 2005 installed on E: Drive.  Well eventhough I configured SQL 2005 default database location to the E:\ drive (which of course was permissioned correctly), and specified E:\… for the installation files,  the FCS Client installation wizard was still attempting to create the Database on C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data. 

The wizard does not do what you would expect it to do.  Has a mind of its own apparently.

The FIX”:

Permission the SQLServer2005MSSQLUser$<computername>$MSSQLSERVER local group and/or the Installation Account your are using Full control , and permission to the MSSQL\  and child directories.  Once this was completed, I was able to complete the Collectino Database creation process and installation FCS Server.  Following the installation, you can move the databases to the desired location.  To do that you will have to stop Client Security services, detach the databases (OnePoint and SystemCenterReporting), move the files and Attach the databases.

image

Exchange 2010 – Antivirus Exclusions

 

If you're deploying file-level scanners on Exchange 2010 servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both memory-resident and file-level scanning. This section describes directory exclusions, process exclusions, and file name extension exclusions for each server or server role

Directory Exclusions

 

 

 

 

Server role

Exclusion Type

Item(s)

Exclusions

Exclusion Consolidated Paths

Mailbox Server Role

File-Level

Databases

Command to Retrieve the location:  

Get-MailboxDatabase -server <servername> | format-list *path*

 

 

 

Log Files

 

 

 

 

Checkpoints

 

 

 

 

Database Content Indexes (default is same location as databases)

 

 

 

 

Group Metrics files

%ExchangeInstallPath%\GroupMetricsExchangeInstallPath%\TransportRoles\Logs   and %ExchangeInstallPath%\Logging)

 

 

 

Offline Address Book Files

%ExchangeInstallPath%\ExchangeOAB

 

 

 

IIS System Files

%SystemRoot%\System32\Inetsrv

 

 

 

Temporary Folder

Same Path where Eseutil.exe resides

 

 

 

Mailbox database temporary folder

%ExchangeInstallPath%\Mailbox\MDBTEMP

 

 

 

Any Exchange aware Anti-Virus Folders

 

 

 

 

Mailbox Server that is a member of a Database Availability Group (DAG)

%Winnt%\Cluster

 

 

 

Witness Server directories:  (Typically on the Hub Transport Server)

\\%SystemDrive%:\DAGFileShareWitnesses\<DAGFQDN>

 

Hub Transport Server Role

File-Level

Log Files:  Message Tracking, Connectivity logs,…

Default path:   %ExchangeInstallPath%\TransportRoles\Logs

Command to Retrieve the location: 

Get-TransportServer <serverName> | Format-List *logpath*,*tracingpath*

%ExchangeInstallPath%\TransportRoles\

 

 

Pickup and Replay directories

Default Path:  %ExchangeInstallPath%\TransportRoles

Command to Retrieve the location:

Get-TransportServer <serverName> fl *dir*path*

 

 

 

Queue database, checkpoint and log files

Default path:  %ExchangeInstallPath%\TransportRoles\Data\Queue

 

 

 

Sender Reputation database, checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\SenderReputation

 

 

 

IP filter Database, Checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\IpFilter

 

 

 

Temporary Folders

Exchange Servere Temp folder:  TMP  

 

 

 

 

OLE Conversions:    %ExchangeInstallPath%\Working\OleConvertor

 

 

 

Any Exchange aware Anti-Virus Folders

 

 

Edge Transport Server Role

File-Level

AD LDS log files

Default:  %ExchangeInstallpath%\TransportRoles\Data\ADAM

 

 

 

Pickup and Replay directories

Default Path:  %ExchangeInstallPath%\TransportRoles

Command to Retrieve the location:

Get-TransportServer <serverName> fl *dir*path*

%ExchangeInstallPath%\TransportRoles\

 

 

Queue database, checkpoint and log files

Default path:  %ExchangeInstallPath%\TransportRoles\Data\Queue

 

 

 

Sender Reputation database, checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\SenderReputation

 

 

 

IP filter Database, Checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\IpFilter

 

 

 

Temporary Folders

Exchange Servere Temp folder:  TMP  

 

 

 

 

OLE Conversions:    %ExchangeInstallPath%\Working\OleConvertor

 

 

 

Any Exchange aware Anti-Virus Folders

 

 

Client Access Server Role

File-Level

Servers using IIS 7.0:    Temporary files

"%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files"

 

 

 

Servers using IIS 6.0:  Temporary files

"%SystemRoot%\IIS Temporary Compressed Files"

 

 

 

IIS System Files

%SystemRoot%\System32\Inetsrv

 

 

 

 

InetPub\logs\logfiles\w3svc

 

 

 

Internet Related Sub Folders

%ExchangeInstallPath%\ClientAccess

 

 

 

Servers with POP3:  

%ExchangeInstallPath%\Logging\POP3

 

 

 

Servers with IMAP4:

%ExchangeInstallPath%\Logging\IMAP4

 

 

 

Temporary Folders for Conversions:

Exchange Servers Temp Folder:   TMP

 

 

 

 

%ExchangeInstallPath%\Working\OleConvertor

 

Unified Messaging Server Role

File-Level

Grammer Files for different locales

%ExchangeInstallPath%\UnifiedMessaging\grammars

 

 

 

Voice Prompts

%ExchangeInstallPath%\UnifiedMessaging\Prompts

 

 

 

VoiceMail Files

%ExchangeInstallPath%\UnifiedMessaging\Voicemail

 

 

 

Temporary Files

%ExchangeInstallPath%\UnifiedMessaging\temp

 

Forefront Protection for Exchange

File-Level

Forefront install folder

Default: "%Program Files%\Microsoft Forefront Security\Exchange Server"

%Program Files%\Microsoft Forefront Security\Exchange Server

 

 

Archived Messages

Default:  "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Archive"

 

 

 

Quarantined files

Default:  "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Quarantine"

 

 

 

Antivirus Engine files

Default:  "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Engines\x86"

 

 

 

Configuration Files

Default:  %Program Files%\Microsoft Forefront Security\Exchange Server\Data

 

Process Exclusions

 

 

 

 

Server role

Exclusion Type

Process exclusions

 

 

Set these for all Server Roles

Process-Exclusion

Cdb.exe

Microsoft.Exchange.Search.Exsearch.exe

 

 

 

Cidaemon.exe

Microsoft.Exchange.Servicehost.exe

 

 

 

Cluster.exe

MSExchangeASTopologyService.exe

 

 

 

Dsamain.exe

MSExchangeFDS.exe

 

 

 

EdgeCredentialSvc.exe

MSExchangeMailboxAssistants.exe

 

 

 

EdgeTransport.exe

MSExchangeMailboxReplication.exe

 

 

 

ExFBA.exe

MSExchangeMailSubmission.exe

 

 

 

GalGrammarGenerator.exe

MSExchangeRepl.exe

 

 

 

Inetinfo.exe

MSExchangeTransport.exe

 

 

 

Mad.exe

MSExchangeTransportLogSearch.exe

 

 

 

Microsoft.Exchange.AddressBook.Service.exe

MSExchangeThrottling.exe

 

 

 

Microsoft.Exchange.AntispamUpdateSvc.exe

Msftefd.exe

 

 

 

Microsoft.Exchange.ContentFilter.Wrapper.exe

Msftesql.exe

 

 

 

Microsoft.Exchange.EdgeSyncSvc.exe

OleConverter.exe

 

 

 

Microsoft.Exchange.Imap4.exe

Powershell.exe

 

 

 

Microsoft.Exchange.Imap4service.exe

SESWorker.exe

 

 

 

Microsoft.Exchange.Infoworker.Assistants.exe

SpeechService.exe

 

 

 

Microsoft.Exchange.Monitoring.exe

Store.exe

 

 

 

Microsoft.Exchange.Pop3.exe

TranscodingService.exe

 

 

 

Microsoft.Exchange.Pop3service.exe

UmService.exe

 

 

 

Microsoft.Exchange.ProtectedServiceHost.exe

UmWorkerProcess.exe

 

 

 

Microsoft.Exchange.RPCClientAccess.Service.exe

W3wp.exe

 

Forefront Protection for Exchange Server

Process-Exclusion

Adonavsvc.exe

FscStatsServ.exe

 

 

 

FscController.exe

FscTransportScanner.exe

 

 

 

FscDiag.exe

FscUtility.exe

 

 

 

FscExec.exe

FsEmailPickup.exe

 

 

 

FscImc.exe

FssaClient.exe

 

 

 

FscManualScanner.exe

GetEngineFiles.exe

 

 

 

FscMonitor.exe

PerfmonitorSetup.exe

 

 

 

FscRealtimeScanner.exe

ScanEngineTest.exe

 

 

 

FscStarter.exe

SemSetup.exe