SCOM

Microsoft Forefront Server Security Management Pack for Microsoft System Center Operations Manager 2007 User Guide
Version 0!
Microsoft Corporation Published: July 2009
Information in this document, including U ! and other Internet "eb site references, is sub#ect to change $ithout notice% Unless other$ise noted, the e&ample companies, organi'ations, products, domain names, e(mail addresses, logos, people, places, and e)ents depicted herein are fictitious, and no association $ith any real company, organi'ation, product, domain name, e(mail address, logo, person, place, or e)ent is intended or should be inferred% Complying $ith all applicable copyright la$s is the responsibility of the user% "ithout limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrie)al system, or transmitted in any form or by any means *electronic, mechanical, photocopying, recording, or other$ise+, or for any purpose, $ithout the e&press $ritten permission of Microsoft Corporation% Microsoft Corporation may ha)e patents, patent applications, trademar,s, copyrights, or other intellectual property rights co)ering sub#ect matter in this document% -&cept as e&pressly pro)ided in any $ritten license agreement from Microsoft Corporation, the furnishing of this document does not gi)e you any license to these patents, trademar,s, copyrights, or other intellectual property% . 2009 Microsoft Corporation% /ll rights reser)ed% /cti)e 0irectory, 1orefront, -&cel, Internet -&plorer, Microsoft, 2utloo,, Po$erPoint, "indo$s, "indo$s 3er)er, and "indo$s 45 are either registered trademar,s or trademar,s of Microsoft Corporation in the United 3tates and6or other countries% /ll other trademar,s are property of their respecti)e o$ners%
Privacy Po"icy
e)ie$ the Microsoft 1orefront 3er)er 3ecurity Pri)acy 3tatement at the Microsoft 1orefront 3er)er 3ecurity "eb site%
Contents
Microsoft 1orefront 3er)er 3ecurity Management Pac, for Microsoft 3ystem Center 2perations Manager 2007 User 8uide%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9 :ersion 90%9%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9 Pri)acy Policy%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 2 Contents%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ; Introduction ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% < =ey features%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% < Installation and configuration ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%> e?uirements%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > 2perations Manager 2007 ser)er re?uirements%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%> Installing the management pac,%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > 0eploying agents%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 7 4otifications%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 7 Computer /ttributes ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%7 ules ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9 ules for 1orefront 3ecurity for -&change 3er)er%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%9 ule types%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 90 -)ent rules%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 90 Pro)ider(based e)ent rules%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 90 Collection e)ent rules%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 90 /lert e)ent rules%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 90 /lert rules%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 99 Performance rules%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 99 Performance counter pro)iders%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%92 ules =no$ledge @ase%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 92 5as,s ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 92 3cripts%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9; 3cript parameters%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9; Controlling script logging%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9; 5e&t!og parameter%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9A unning a tas,%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9A Client console tas,s%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9< 3et statistic threshold percentage%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%9< Immediate manual scan tas,%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9< Immediate bac,ground scan tas,%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%9<
3er)ices control tas,s%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9> -ngine update tas,s%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 9> etrie)e update )ersion tas,s%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 97 :ie$s ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 97 Bealth Monitoring ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%9C Problem types%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 99 -ngines%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 99 5ransport and ealtime 3can Jobs *separate e)ents for each+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%20 3er)ices%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 20 !icense%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 29 :ie$s reference ( 1orefront 3ecurity for -&change 3er)er ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%29 /lert :ie$s for 1orefront 3ecurity ( 8eneral%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%29 /lert :ie$s for 1orefront for -&change%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%22 3tate :ie$s%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 2; -)ent :ie$s for 1orefront 3ecurity ( 8eneral%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%2A -)ent :ie$s for 1orefront for -&change%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%2A Performance :ie$s for 1orefront for -&change%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%2< -)ent I0 codes ( 113MP for 3C2M 2007%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;2
#ntroduction $ FFSMP for SCOM 2007

Microsoft 3ystem Center 2perations Manager 2007 pro)ides a $ay for you to monitor important applications and to be notified $hen there are issues $ith those applications that could result in degraded performance or complete loss of functionality% / Management Pac,, primarily consisting of rules for alerts based on e)ents and performance counters generated by applications, $or,s $ithin the 2perations Manager 2007 frame$or,% 5he Microsoft 1orefrontD 3er)er 3ecurity Management Pac, *113MP+ is a collection of rules, tas,s, and scripts that $or, $ithin 2perations Manager 2007% 5hese rules, tas,s, and scripts assist in the centrali'ed management of systems that ha)e Microsoft 1orefront 3ecurity for -&change 3er)er installed% emote ser)ers are managed by means of 2perations Manager 2007 EagentsE% 3ystems that ha)e had agents installed are referred to as Eagent(managed systemsE% 5his document is a guide to the essential components, configuration, and usage of the Microsoft 1orefront 3er)er 3ecurity Management Pac, for Microsoft 3ystem Center 2perations Manager 2007% /dditional information about 2perations Manager 2007 is a)ailable at the Microsoft 3ystem Center 2perations Manager 5echCenter%
%ey features
5he Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007 Pro)ides: 3upport for 2perations Manager 2007 agent(managed systems running 1orefront 3ecurity for -&change 3er)er% Monitoring of the FhealthG of your agent(managed systems, informing you $hen they are running smoothly and $hen there are problems, both actual and potential% 1or e&ample, you are notified if o)er half of your scan engines ha)e failed to update or if it is determined that 1orefront 3ecurity for -&change 3er)er is not hoo,ed into the -&change interfaces *that is, messages are not being scanned+% Contains rules for: Monitoring the state of 1orefront 3ecurity and its ,ey components, by deri)ing data from the /pplication -)ent !og, the 3ystem -)ent !og, and the 1orefront 3ecurity Program!og%t&t log file% Collecting statistical data on scanning, detection, and remo)al of message attachments% Contains tas,s for: Immediately launching manual scan #obs% Immediately launching a bac,ground scan #ob% Controlling 1orefront 3ecurity ser)ices and related ser)ices $ith dependencies% 3etting the 3tatistic 5hreshold Percentage to $arn of )irus outbrea,s%
5
5riggering scan engine updates% etrie)ing scan engine update )ersions%
!aunching the /dministrator Console *133/+ and the Management Console *133MC+
#nsta""ation and configuration $ FFSMP for SCOM 2007

5here are se)eral steps in)ol)ed in the installation and configuration process: -nsure that the re?uirements are met Install the product 0eploy agents Configure notification groups
&e'uirements
5hese are the re?uirements for installing the Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007%
Operations Manager 2007 server re'uirements

Hou must ha)e an operational ser)er running Microsoft 3ystem Center 2perations Manager 2007% 0o$nload the Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007 file *see Installing the Management Pac,+to this ser)er%
#nsta""ing t(e management pack

5he Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007 for 1orefront 3ecurity for -&change 3er)er is a file called 13MPac,2007I13-%mp% 5his is a EsealedE file *a binary+ that cannot be edited *although many parameters can be o)erridden+% )o insta"" *import+ t(e management pack 9% 3elect and do$nload the soft$are from the Microsoft Management Pac, Catalog to the des,top on the 2perations Manager 2007 ser)er% 5o manage Microsoft 1orefront 3ecurity for -&change 3er)er systems, do$nload the 1orefront 3er)er 3ecurity for -&change, $ith 3P9 Management Pac,% 2% !og on $ith an account that is a member of the Operations Manager ,dministrator role% ;% In the 2perations Manager 2007 Console, open the ,dministration space% Ma,e sure that the ,dministration folder is selected%
6
A% ight(clic, the Management Packs node and select #mport Management Packs% 5he Se"ect Management Packs to import dialog bo& appears% <% 4a)igate to the location of the file you do$nloaded% >% 3elect the %mp file, and then clic, Open% 7% 5he #mport Management Packs dialog bo& appears% C% Clic, #mport to import the management pac,% 9% /fter the management pac, has been imported, you should see the message E/ll Management Pac,s successfully imported%E Clic, C"ose to continue% 90% 5he management pac, no$ displays in the Management Packs list% 1or more information about importing Management Pac,s, refer to the product help and documentation at the Microsoft 3ystem Center 2perations Manager 5echCenter%
-ep"oying agents
5o administer remote computers $ith Microsoft 1orefront 3ecurity for -&change 3er)er installed, you must deploy 2perations Manager 2007 agents to them% 5hese agents communicate bet$een the managed ser)ers and 2perations Manager 2007% /n agent is a 3ystem Center 2perations Manager ser)ice that runs on each computer that you $ant to monitor% /n agent captures information from the computer on $hich it is running, applies predefined rules to the captured data, and performs actions as defined by the rules% 3ystems that ha)e had the agents installed are referred to as agent$managed systems% /gents are deployed using the 0isco)ery "i'ard, $hich is used to disco)er all the computers that can be managed% Hou deploy the agents from $ithin the 0isco)ery "i'ard, after the computers are disco)ered% 1or more information about deploying 2perations Manager 2007 agents, refer to the product help and documentation at the Microsoft 3ystem Center 2perations Manager 5echCenter%
.otifications
-(mail and paging notifications can be sent $hen alerts occur% 1or more information about configuring notifications $ithin 2perations Manager 2007, refer to the product help and documentation at the Microsoft 3ystem Center 2perations Manager 5echCenter%
Computer ,ttri/utes $ FFSMP for SCOM 2007

5here are se)eral custom computer attri/utes $ithin 2perations Manager 2007% 5he computer attri/utes for Forefront Security for 01c(ange Server systems are: 1orefront for -&change egistry =ey 1orefront for -&change ;2bit -&change Bub 5ransport egistry =ey
7
egistry =ey
-&change -dge 5ransport
egistry =ey
-&change Mailbo& egistry =ey
5he follo$ing list sho$s the specifics of each of the Forefront Security for 01c(ange Server computer attributes% Forefront for 01c(ange &egistry %ey /ttribute 5ype egistry Path 1unction egistry =ey B=!MJ3oft$areJMicrosoftJ1orefront 3er)er 3ecurityJ-&change 3er)erJ0atabasePath 0etects ;2(bit agent(managed systems running 1orefront 3ecurity for -&change 3er)er
Forefront for 01c(ange 22 /it &egistry %ey /ttribute 5ype egistry Path 1unction egistry =ey B=!MJ3oft$areJ"o$>A;24odeJMicrosoftJ1orefront 3er)er 3ecurityJ -&change 3er)erJ0atabasePath 0etects >A(bit agent(managed systems running ;2( bit 1orefront 3ecurity for -&change 3er)er
01c(ange 3u/ )ransport &egistry %ey /ttribute 5ype egistry Path 1unction egistry =ey B=!MJ3oft$areJMicrosoftJ-&changeJ)C%0JBub5ransport ole 0etects >A(bit agent(managed systems $ith an -&change hub transport ser)er role
01c(ange 0dge )ransport &egistry %ey /ttribute 5ype egistry Path 1unction egistry =ey B=!MJ3oft$areJMicrosoftJ-&changeJ)C%0J-dge5ransport ole 0etects >A(bit agent(managed systems $ith an -&change edge transport ser)er role
01c(ange Mai"/o1 &egistry %ey /ttribute 5ype egistry Path 1unction egistry =ey B=!MJ3oft$areJMicrosoftJ-&changeJ)C%0JMailbo& ole 0etects >A(bit agent(managed systems $ith an -&change mailbo& ser)er role
&u"es $ FFSMP for SCOM 2007

ules monitor the 1orefront 3ecurity products, engine updating, scan #obs, and 1orefront 3ecurity ser)ices% 5hey e&amine e)ents generated by those processes to determine if alerts should be generated% ules also retrie)e statistics for scan #obs% 5here are se)eral different ,inds of rules included $ith 113MP%
&u"es for Forefront Security for 01c(ange Server

/ll rules are stored in the Management Pac,s 2b#ects node in the /uthoring space of the /dministrator Console% 5hey monitor e)ents specific to the particular type of ser)er% 5here are se)eral categories of rules for 1orefront 3ecurity for -&change 3er)er% ules can be )ie$ed in the 2perator Console and modified in the /uthoring space% 4ote that rules ending in E"E are for $arningsK those ending in E-E are for errors% Forefront Security for 01c(ange Server 4 ,"" Servers #nsta""ation! clusters, engines, licenses, rollbac,s, state and updates% ules that monitor
Forefront Security for 01c(ange Server 4 0dge )ransport #nsta""ation! ules for scan #obs and performance counter e)ents that collect data about scan rates, detection statistics, and ser)ices for agent(managed systems that are -dge 5ransport ser)ers% Forefront Security for 01c(ange Server 4 3u/ )ransport5 Mai"/o1 and Pu/"ic Fo"der #nsta""ation! ules for scan #obs and performance counter e)ents that collect data about scan rates and detection statistics for agent(managed systems that are mailbo& ser)ers and public folder ser)ers% It also contains additional rules for monitoring ser)ices and )ransport6 &ea"time6 and Manua" scan #obs on hub transport6mailbo& ser)ers% Forefront Security for 01c(ange Server 4 3u/ )ransport #nsta""ation! ules that collect statistics on agent(managed But 5ransport ser)ers% 5hey also monitor scanning and ser)ices% Forefront Security for 01c(ange Server 4 Mai"/o1 and Pu/"ic Fo"der #nsta""ation! ules that collect statistics on agent(managed ser)ers that ha)e a Mailbo& or Public 1older role% 5hey also monitor ealtime and Manual scanning acti)ities and ser)ices%
&u"e types
5hese are the types of rules% Co""ection 0vent &u"es! -&amine e)ents that occur on agent(managed systems and determine if an alert should be prepared% 5hese can be e)ents $ritten to "indo$s e)ent logs by the "indo$s components being monitored or they can be e)ents that are generated by 2perations Manager 2007 itself% 5he e)ents and any alerts generated from them are stored in the 2perations Manager 2007 database% 1or more information see -)ent ules% ,"ert Generating &u"es! -&amine generated alerts and determine if a notification should be prepared% 1or more information, see /lert ules% Co""ection Performance$7ased &u"es! etrie)e performance data from agent(managed systems% 2perations Manager 2007 stores performance data in the 2perations Manager 2007 database% 1or more information see Performance ules%
0vent ru"es
-)ent rules e&amine e)ents that ha)e occurred on managed ser)ers% 5he agents retrie)e the e)ents and store them in the database% 5he e)ent rules then e&amine them and display logged information about errors and significant e)ents from the agent systems% -)ent rules can be classified by data source: Pro)ider(based e)ent rules, Collection e)ent rules, and /lert e)ent rules%
Provider$/ased event ru"es

Pro)ider(based e)ent rules use four pro)ider types as data sources: 5he "indo$s -)ent !og 5he "indo$s 3ystem -)ent !og 5he 1orefront 3ecurity Program!og%t&t file 5imed -)ent
"ith the e&ception of the 5imed -)ent pro)ider, the e)ent rules are configured based on certain criteria, including -)ent 3ource, -)ent I0 4umber, and 0escription 5e&t%
Co""ection event ru"es

Collection e)ent rules are typically used for non(critical informational e)ents that may be of interest to operators, such as ser)ices starting and stopping, scan tas,s being enabled and disabled, and engine update e)ents% 5hey only generate e)ent entries in the -)ent :ie$s of the 2perations Manager 2007 2perator Console and store the e)ent parameters in the 2perations Manager 2007 database%
,"ert event ru"es

5he creation of an alert record *see /lert ules+ itself causes the generation of an e)ent entry in the -)ent :ie$s of the 2perations Manager 2007 2perator Console%
10
,"ert ru"es
/lert rules e&amine the alerts generated by alert e)ent rules to determine if a notification needs to be prepared% 5hey are configured to trigger a notification $hen an alert $ith a se)erity le)el of FCritical -rrorG is generated% "hen an alert e)ent rule generates an alert, it passes certain properties to it: ,"ert Severity! Possible )alues include FCritical -rrorG, F-rrorG, F"arningG, or FInformationG% 5he )alue depends upon the percei)ed se)erity of the e)ent that caused the alert to be generated% / FCritical -rrorG indicates a potentially dangerous loss of ser)ice% CustomFie"d ! /ll e)ent rules that generate an alert insert Microsoft Forefront Security Server in this field% CustomFie"d2! -)ent rules in the 1orefront 3ecurity for -&change 3er)er rule group insert a )alue of Microsoft Forefront Security for 01c(ange Server in this field% -)ent rules in the -ngine Update Monitoring FcommonG rule group lea)e this field blan,% CustomFie"d2!3pecifies the rule group origin of the -)ent ule that created the alert record% 1or e&ample, an e)ent rule that generates an alert from the -ngine Update Monitoring rule group inserts a )alue of E-ngineUpdate1ailureE in this field% 5hese custom field )alues are used as criteria $hen building alert )ie$s in the 2perations Manager 2007 2perator Console% 5his is e&plained in more detail in :ie$s ( 113MP for 3C2M 2007% 4otification methods and notification group membership need to be configured and implemented by the managers of the 2perations Manager 2007 en)ironment%
Performance ru"es
Performance rules retrie)e statistics for all scan #obs, in the follo$ing categories: 5otal number of attachments scanned 5otal number of attachments cleaned 5otal number of attachments remo)ed 5otal number of attachments detected 5otal number of messages detected 5otal number of messages purged 5otal number of messages scanned 5otal number of messages tagged in the 3ub#ect line ate of scanning *number of attachments scanned per second+
5hese performance rules are located in Bub 5ransport Installation *5ransport statistics+, -dge 5ransport Installation *5ransport statistics+, Bub 5ransport: Mailbo&6Public 1olders *5ransport, ealtime, and Manual statistics+, and Mailbo&6Public 1older Installation * ealtime and Manual statistics+%
11
Performance counter providers

Performance rules in 2perations Manager 2007 re?uire "indo$s Performance Counter pro)iders to supply the sampled data% 5he pro)iders included $ith the Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007 are configured to a sample rate of 9C00 seconds *;0 minutes+, $ith the e&ception of the pro)iders used to determine scanning rates and processor times for the scan #obs, $hich are configured to a sample rate of ;00 seconds *< minutes+%
&u"es %no8"edge 7ase

/ll rules contained in the Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007 ha)e a =no$ledge @ase entry containing a summary or description of the e)ent% 5his entry e&plains the e)entLs significance, possible causes, and possible resolutions% =no$ledge @ase entries can be )ie$ed through 2perations Manager 2007 2perator Console% )o vie8 a %no8"edge 7ase entry 9% 3elect a rule in the &u"es section of the ,ut(oring space% 2% ight(clic, the rule% / shortcut menu appears% ;% Choose Properties from the shortcut menu% A% Clic, the Product %no8"edge tab%
)asks $ FFSMP for SCOM 2007

5as,s pro)ide centrali'ed control o)er some basic administrati)e processes that may be re?uired to troubleshoot or correct problems identified through the 2perations Manager 2007 Console% 5he included tas,s are all optional% Hou can run them manually for selected agent(managed systems% 5hese tas,s are not triggered automatically by 2perations Manager 2007% 5hese are the ,ey functions that can be controlled by the tas,s on agent(managed systems: 0isplay the 1orefront 3er)er 3ecurity /dministrator or the 1orefront 3er)er 3ecurity Management Console% 3ee Client console tas,s% 3et the statistic threshold percentage% 5rigger an immediate manual scan #ob% 5rigger an immediate bac,ground scan% Control ser)ices centrally: stop, start, and restart them% un scan engine updates% etrie)e scan engine update )ersions%
12
Scripts
/ll tas,s e&ecute scripts remotely on the selected agent(managed systems% "hen you trigger a script(based tas, from the 2perations Manager 2007 2perator Console, it is scheduled to run on the agent(managed systems% /ll scripts are $ritten in :@3cript and are imported into 2perations Manager 2007 as part of the 113MP installation% 5hese scripts are called by tas,s and rules% #mportant5 Hou should neither modify these scripts nor run them directly% 5o successfully e&ecute :@3cript code, agent(managed systems must support the "indo$s 3cripting Bost and "indo$s Management Instrumentation% 5hese re?uirements are met by default on Microsoft "indo$s 2000 and Microsoft "indo$s 3er)er 200; operating system en)ironments%
Script parameters
3cript parameters are )ariable )alues that control script functionality% 3cript parameters are passed to the script by the controlling tas, $hen it is initiali'ed from the 2perations Manager 2007 2perator Console% /ll included scripts ha)e at least one script parameter% Most of the script parameters used in the tas,s ha)e been preset $ith the appropriate )alue% 5here are, ho$e)er, some tas,s for $hich you may need to set or modify a script parameter $hen the tas, is e&ecuted% 3pecific parameters are discussed further in these sections: Client console tas,s, 3et statistic threshold percentage, Immediate manual scan tas,, Immediate bac,ground scan tas,, 3er)ices control tas,s, -ngine update tas,s, etrie)e update )ersion tas,s%
Contro""ing script "ogging

"hen scripts are e&ecuted, they ma,e entries in a log on the remote agent(managed systems% 5hese entries are simple te&t records describing each tas, that $as e&ecuted and its result% 5he log file *)asks!"og+ is automatically created in the Operations Manager 2007 9ogs subfolder under the Microsoft 1orefront 3ecurity product installation folder% If the file already e&ists, ne$ entries are appended to it% 5his is the path for the 5as,s%log file: M1orefront Product Install PathNJM2M!ogsJ 1or e&ample, the default path is: C:JProgram 1iles*&C>+JMicrosoft 1orefront 3ecurityJ-&change 3er)erJM2M!ogsJ .ote5 If the subfolder or the log file is deleted, it $ill be recreated automatically on the ne&t log file " I5- action generated by a script%
13
)e1t9og parameter
-ach scripting tas, has a parameter called )e1t9og that controls logging for that tas,% 5he default )alue for the 5e&t!og parameter is )rue *that is, data should be logged+% 5o disable logging of a particular tas,, set its 5e&t!og parameter to Fa"se $hen you e&ecute the tas,% Bo$e)er, since logging is non()erbose and can be )ery useful, $e recommend that it remain enabled%
&unning a task
5his is the procedure for running a tas,% )o run a task 9% 3elect the Monitoring space on the 2perations Manager 2007 2perator Console% 2% 3elect the Computers node% ;% 3elect one or more computers in the Computers pane% Hou can use the C)&9 and S3#F) ,eys to ma,e multiple selections% A% ight(clic, and select :indo8s Computer )asks% / menu $ith all a)ailable tas,s appearsK choose the tas, to be run% If the /ctions pane is )isible, all of the tas,s appear in itK you can clic, a tas, to run it% 1or most tas,s, the &un )ask dialog bo& then opens% 5he 1orefront 3er)er 3ecurity /dministrator and 1orefront 3er)er 3ecurity Management Console run $ith no modifiable parameters and therefore do not display the &un )ask dialog bo&% <% Hou can clear any of the ser)er chec, bo&es sho$n in the 5arget section, so that the tas, does not run on those particular ser)ers% >% 5he parameters for the tas, are sho$n in the )ask Parameters section% Hou can change them by clic,ing Override, to display the Override )ask Parameters dialog bo&% -nter the modified )alue in the .e8 Va"ue field, and then clic, Override% .ote5 Most )alues should not be changed *see the indi)idual tas,s to learn more about specific parameters+% 7% Hou can either use the predefined &un ,s account or select Ot(er and enter a User .ame, Pass8ord, and -omain% C% If selected, the )ask Confirmation indicates that, $hen this tas, runs again, the information specified in this dialog bo& is reused and that the dialog bo& $ill not normally be displayed again% If you $ant to change the parameters at a later time, you can force the un 5as, dialog bo& to appear by right(clic,ing the tas, name in the /ctions pane and selecting &un )ask% 5his displays &un )ask and clears the )ask Confirmation% 9% Clic, &un to submit the configured tas,%
14
C"ient conso"e tasks

5here are t$o C"ient Conso"e tas,s that can be launched from the 2perations Manager 2007 Console% 2ne opens the Forefront Server Security ,dministratorConso"e and the other opens the Forefront Server Security Management Conso"e *FSSMC+% /s there are no configurable parameters for these tas,s, neither displays the un 5as, dialog bo&% 5he Forefront Server Security ,dministrator tas, opens the local 1orefront 3er)er 3ecurity /dministrator client by launching 133/Client%e&e from a command line on a pre( configured path% .ote5 5his re?uires the 1orefront 3er)er 3ecurity /dministrator to be installed on the system $here the 2perations Manager 2007 2perator Console is running% 5he Forefront Server Security Management Conso"e tas, launches a local $eb bro$ser and opens the Management Conso"e by na)igating to http:66localhost6113MConsole%
Set statistic t(res(o"d percentage

/llo$s you to set the percentage of infected messages recei)ed $ithin the last hour to designate a )irus outbrea, in your organi'ation% 5he default is <0O% *5hat is, if more than <0O of the messages recei)ed in the last hour $ere infected, it is considered a )irus outbrea, and an error e)ent is generated%+ 5his tas, permits you to change the percentage% 5he script for this tas, accepts t$o parameters: )(res(o"d% / number representing the percentage of infected messages recei)ed $ithin the last hour to designate a )irus outbrea,% Possible )alues are 0 to 900K the default is <0% )e1t9og% 3ets te&t file logging% 5o turn off te&t file logging, see Controlling script logging%
#mmediate manua" scan task

5he #mmediate manua" scan tas, triggers an immediate manual scan #ob on the selected agent( managed systems% 5he script for this tas, accepts t$o parameters: Scan#-% 5he )alue P;P identifies the #ob as a manual scan% 0o not change this parameter% )e1t9og% 3ets te&t file logging% 5o turn off te&t file logging, see Controlling script logging%
#mmediate /ackground scan task

5he #mmediate /ackground scan tas, triggers an immediate bac,ground scan #ob on the selected agent(managed systems to scan mailbo&es and public folders% 5he #ob starts in appro&imately one minute from the time the tas, is launched% 5he script for this tas, accepts t$o parameters:
15
Scan#-% 5he )alue PA;P identifies the #ob as a bac,ground scan% 0o not change this parameter% )e1t9og% 3ets te&t file logging% 5o turn off te&t file logging, see Controlling script logging%
Services contro" tasks

5he 3er)ices Control tas,s control 1orefront 3ecurity and related ser)ices on the selected agent( managed systems% 5he tas,s are: &estart ,""% / combination of the Stop ,"" and Start ,"" 5as,s% .ote5 2n some en)ironments, ser)ices might not restart $ith the E estart /llE command% 5his could happen if the tas, ta,es o)er fi)e minutes to stop and restart all of the ser)ices% If this occurs, simply use the E3top /llE and E3tart /llE tas,s instead of E estart /llE% &estart 0ssentia"% / combination of the Stop 0ssentia" and Start 0ssentia" 5as,s% Start ,""% 3tarts all 1orefront( and -&change(related ser)ices% 5his is the re)erse of the Stop ,"" tas,% Start 0ssentia"% 5his $ill start only the re?uired 1orefront ser)ices% 5his is the re)erse of the Stop 0ssentia" tas,% Stop ,""% 5his tas, $ill properly stop all 1orefront( and -&change(related ser)ices, ta,ing into account any ser)ice dependencies% Stop 0ssentia"% 5his tas, $ill only stop those ser)ices re?uired to stop 1orefront% 4o -&change ser)ices $ill be stopped% 5he script for this tas, accepts three parameters: )e1t9og% 3ets te&t file logging% 5o turn off te&t file logging, see Controlling script logging% Mode% Bas the )alue *-ssential+ or 2 */ll+% 0o not change this parameter% Function% Bas the )alue Start, Stop, or &estart% 0o not change this parameter%
0ngine update tasks

5hese tas,s trigger scan engine updates on the selected agent(managed systems% 5here is a separate update tas, for each of the scan engines, plus one for the "orm !ist% 5he script for these tas,s accepts three parameters: UpdatePat(% 3ets the engine update source path% 5he UpdatePat( parameter is initially set to the default Microsoft B55P update path% If you are not using that path for engine updates you must modify this parameter to reflect the correct one% -nter any )alid B55P or U4C path to an engine update source%
16
.ote5 If you change the path in the un 5as, dialog bo& $hen you run an update tas,, it $ill temporarily o)erride the default% )e1t9og% 3ets te&t file logging% 5o turn off te&t file logging, see Controlling script logging% 0ngine% Identifies the engine to be updated% 0o not change this parameter%
&etrieve update version tasks

5hese tas,s retrie)e engine update )ersions for the scan engines on the selected agent( managed systems% -ach tas, retrie)es and displays a scan engineLs Update :ersion as an e)ent entry in the 2perations Manager 2007 2perator Console% 5here is a separate tas, a)ailable for each of the scan engines, plus one for the "orm !ist% .ote5 5he Forefront Security &etrieve Update .um/er script is also automatically triggered as a response to the EUpdate3uccessfulE -)ent ule% 5herefore, $hen a scan engine is successfully updated, the ne$ Update :ersion for that engine is automatically retrie)ed and $ritten as an e)ent to the 2perations Manager 2007 2perator console% 5he script for these tas,s accepts t$o parameters: )e1t9og% 3ets te&t file logging% 5o turn off te&t file logging, see Controlling script logging% 0ngine% Identifies the engine to be updated% 0o not change this parameter%
Vie8s $ FFSMP for SCOM 2007

5he Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007 pro)ides a set of )ie$s that are accessible through the Monitoring space of the 2perations Manager 2007 2perator Console% 5hese )ie$s separate and filter the alert, state, e)ent, and performance data recei)ed from 2perations Manager 2007 agents into a relational hierarchy% 5his is the :ie$s hierarchy: Microsoft Forefront Server Security% :ie$s of data for all 1orefront 3er)er 3ecurity products% ,"erts 4 Microsoft Forefront% /ll alerts for monitored 1orefront 3er)er 3ecurity systems% 5hese are the alerts generated by /lert ules% "hile e)ent )ie$s sho$ you the success or failure of, for e&ample, engine updates, alert rules $ould normally only sho$ you failures *since you $ould not choose to be alerted to the success of an update process+% If an alert can apply to any Microsoft 1orefront product, it $ill only appear in this section% If an alert applies to a specific 1orefront product *for e&ample, Microsoft 1orefront 3ecurity for -&change 3er)er+, it $ill appear both here and in the specific section *for e&ample, ,"erts 4 Forefront For 01c(ange+% 0vents 4 Microsoft Forefront% /ll e)ents for monitored 1orefront 3er)er 3ecurity systems%
17
State Vie8% 5he state of all monitored 1orefront 3er)er 3ecurity systems% State Vie8 displays a Esummari'ed stateE of your systems that matches a set of specified criteria% @y obser)ing the red, yello$, and green icons you can instantly determine if any of your ser)ers are in less than EhealthyE condition% )ask Status Vie8% 5he status of all tas,s run on monitored systems% 0ngines 0ngine Update Fai"ure% Problems encountered $hen attempting to update engines, including $arnings about engines being out of date% 0ngine Update Status% 5he status of the engines, sho$ing successful engine updates% Forefront For 01c(ange% :ie$s of data for 1orefront for -&change 3er)er systems% ,"erts 4 Forefront For 01c(ange% 3ho$s all alerts for 1orefront for -&change 3er)er systems% 0vents 4 Forefront For 01c(ange% 3ho$s all e)ents for 1orefront for -&change 3er)er systems% Scan ;o/s% 3ho$s the performance data for 1orefront for -&change 3er)er systems% 3tatistics are graphed for ealtime and 5ransport items that $ere scanned, detected, cleaned, remo)ed, purged, and tagged% 5here is a #ob that sho$s the scan rate for the ealtime and 5ransport #obs% 5hese are all presented as graphed output% 2ther #obs sho$ 3can Job 1ailure and 3can Job 3tatus% Services% 3ho$s Service Fai"ure and Service Status for 1orefront for -&change 3er)er systems% 5he 3er)ice 3tatus )ie$ sho$s e)ents that indicate the 3top and 3tart status of the ser)ices% 1or more information about the criteria for these :ie$s, see :ie$s reference ( 1orefront 3ecurity for -&change 3er)er ( 113MP for 3C2M 2007%
3ea"t( Monitoring $ FFSMP for SCOM 2007

133MP proacti)ely monitors the EhealthE of your 1orefront agent(managed systems, by loo,ing at e)ents in the 7000(7999 range% -)ents are logged $hen transitions occur from one state to another% Bealth is indicated by a color code: 8reen *success+ Q e)erything is functioning properly and performing $ell% 8reen e)ents indicate success% .ote5 8reen e)ents do not trigger alerts% Hello$ *$arning+ Q performance is poor or a problem is impairing non(critical functionality% Hello$ e)ents trigger $arning alerts% ed *error+ Q critical functionality has been lost and error alerts $ill be generated%
18
Pro/"em types
5hese are the )arious types of problems that 133MP ,eeps trac, of for you%
0ngines
5hese are the monitored engine problems%
Monitored 0vent Success *green+ :arning *ye""o8+ 0rror *red+
-ngine updates enabled .ote5 If engine updating is handled by 133MC, health monitoring $ill not display an -rror e)ent in case of a problem% -ngine updates successful
5he engines selected in the client are those enabled for updates%
5he engines selected in the client are not those enabled in the updates%
4ot applicable%
/ll engines enabled /t least <0O of the for updates $ere engines enabled for successfully updated% updates $ere successfully updated% /ll engines enabled /t least <0O of the for updates $ere engines enabled for successfully updated% updates $ere successfully updated% /ll engines $ere updated in the last $ee,% 4ot applicable% 3ome of the engines $ere not updated in the last $ee,% 4ot applicable%
!ess than <0O of the engines enabled for updates $ere successfully updated% !ess than <0O of the engines enabled for updates $ere successfully updated% 4o engines $ere updated in the last $ee,% 5he selected scanning engines $ere not initiali'ed $hen the 5ransport 3can Job $as enabled% 5he selected scanning engines $ere not initiali'ed $hen the ealtime 3can Job $as enabled%
19
!ast engine update
!ast engine update
-ngines selected for the 5ransport 3can Job ha)e been initiali'ed
-ngines selected for the ealtime 3can Job ha)e been initiali'ed
4ot applicable%
4ot applicable%
)ransport and &ea"time Scan ;o/s *separate events for eac(+

5hese are the monitored 5ransport and ealtime 3can Job problems%
3can #ob enabled
5he scan #ob $as 5he scan #ob $as enabled from both enabled in only one 2perate6 un Job and of the areas% from 8eneral 2ptions% 5he scanning processes are running% !ess than <0O of all messages recei)ed in the last hour $ere infected% / scanning process timed out or had an e&ception and did not restart% 4ot applicable%
5he scan #ob $as not enabled in either area% 4o scanning processes restarted after a timeout or e&ception% /t least <0O of all messages recei)ed in the last hour $ere infected% 5his is considered to be a )irus outbrea,%
3can process state
3canning statistics *5ransport and Mailbo&+ .ote5 <0O is the default )alue and can be modified $ith the 3et 3tatistic 5hreshold Percentage tas,%
Services
5hese are the monitored ser)ices problems%
5ransport connected
5he edge 5ransport ser)ice is running and the 1orefront agent is registered $ith 13CController% 5he -&change Information 3tore is running and the 1orefront :3/PI library is registered $ith 133Controller%
4ot applicable%
5he edge 5ransport ser)ice is running, but the 1orefront agent is not registered $ith 13CController% 5he -&change Information 3tore is running, but the 1orefront :3/PI library is not registered $ith 133Controller
20
Mailbo& connected
4ot applicable%
Monitored 0vent
Success *green+
:arning *ye""o8+
0rror *red+
13C monitor
13C monitor is running%
4ot applicable%
13C monitor is not running%
9icense
5hese are the monitored license problems%
!icense state
1orefront license is enabled%
1orefront license is in the e)aluation, beta, or grace period%
1orefront license has e&pired%
Vie8s reference $ Forefront Security for 01c(ange Server $ FFSMP for SCOM 2007
5he follo$ing tables pro)ide a reference to each of the 1orefront 3ecurity for -&change )ie$s included in the Microsoft 1orefront 3er)er 3ecurity Management Pac, for 2perations Manager 2007% 1or more information about )ie$s, see :ie$s ( 113MP for 3C2M 2007%
,"ert Vie8s for Forefront Security $ Genera"

1older :ie$ 4ame Criteria Microsoft 1orefront 3er)er 3ecurity /lerts Q Microsoft 1orefront esolution 3tate RS E esol)edE ,.Custom1ield9 S EMicrosoft 1orefront 3er)er 3ecurityE ,.Computer 8roup S E/ll Computers in Management Pac,E /lert 0escription Critical errors or $arnings% 0isplays all alerts generated for agent(managed systems that are members of the EMicrosoft 1orefront 3er)er 3ecurityE computer group% In)estigate each alert%
esolution
21
1older :ie$ 4ame Criteria
Microsoft 1orefront 3er)er 3ecurityJ-ngines -ngine Update 1ailure esolution 3tate RS E esol)edE ,.Custom1ield9 S EMicrosoft 1orefront 3er)er 3ecurityE ,.Custom1ield; S E-ngineUpdate1ailureE ,.Computer 8roup S E/ll Computers in Management Pac,E
/lert
Hello$ $arning Q engine update $arnings% ed error Q critical engine update errors%
0escription esolution
0isplays alerts about engine update failures% In)estigate each alert%
,"ert Vie8s for Forefront for 01c(ange

1older :ie$ 4ame Criteria Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&change /lerts Q 1orefront for -&change esolution 3tate RS E esol)edE ,.Custom1ield9 S EMicrosoft 1orefront 3er)er 3ecurityE ,.Computer 8roup S E/ll Computers in Management Pac,E /lert 0escription Critical errors or $arnings 0isplays all alerts generated for agent(managed systems that are members of the E1orefront for -&changeE computer group% In)estigate each alert%
esolution
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 3can Job 1ailure esolution 3tate RS E esol)edE ,.22
Custom1ield9 S EMicrosoft 1orefront 3er)er 3ecurityE ,.Custom1ield2 S E1orefront 3ecurity for -&change 3er)erE ,.Custom1ield; S E3canJob1ailureE /lert 0escription esolution Critical errors or $arnings concerning scan #obs /lerts that indicate scan #ob failures% In)estigate each alert%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3er)ices 3er)ice 1ailure esolution 3tate RS E esol)edE ,.Custom1ield9 S EMicrosoft 1orefront 3er)er 3ecurityE ,.Custom1ield2 S E1orefront 3ecurity for -&change 3er)erE ,.Custom1ield; S E3er)ices1ailureE
/lert 0escription esolution
Critical errors or $arnings concerning 1orefront ser)ices or license state /lerts generated from e)ents that indicate ser)ice failures% In)estigate each alert%
State Vie8s
1older :ie$ 4ame Criteria Microsoft 1orefront 3er)er 3ecurity 3tate :ie$ 3tate *if 13CController and 13CMonitor ser)ices are running, the state is green, other$ise the state is red+ 3ee Bealth 3tate -)ents 0isplays the health of all 1orefront ser)ers%
/lert 0escription
23
esolution
3ee Bealth 3tate -)ents
0vent Vie8s for Forefront Security $ Genera"

Parent 1older :ie$ 4ame Criteria Microsoft 1orefront 3er)er 3ecurity -)ents Q Microsoft 1orefront 8enerated in the last 7 days /40 Computer 8roup S E/ll Computers in Management Pac,E 0escription 0isplays all e)ents generated by agent( managed systems that are members of the EMicrosoft 1orefront 3er)er 3ecurityE computer group%
Parent 1older :ie$ 4ame Criteria
Microsoft 1orefront 3er)er 3ecurityJ-ngines -ngine Update 3tatus -)ent I0 S *209A or 209> or >092 or >09A or 9<2< or 9C97 or 9C9C+ /40 8enerated in the last 7 days /40 Computer 8roup S E/ll Computers in Management Pac,E
0escription
0isplays all e)ents that indicate a successfully( completed scan engine update on EMicrosoft 1orefront 3er)er 3ecurityE systems% 4one re?uired%
esolution
0vent Vie8s for Forefront for 01c(ange

Parent 1older :ie$ 4ame Criteria Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&change -)ents Q 1orefront for -&change 8enerated in the last 7 days /40 Computer 8roup S E/ll Computers in
24
Management Pac,E 0escription 0isplays all e)ents generated from agent( managed systems in the E1orefront for -&changeEE computer group%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 3can Job 3tatus -)ent I0 S *2000 or 2009 or 2002 or 200< or 2007 or 200C+ /40 8enerated in the last 7 days /40 Computer 8roup S E/ll Computers in Management Pac,E
0escription
0isplays all e)ents that indicate 3can Jobs going into an enabled or disabled state on E1orefront for -&changeE systems% 4one re?uired%
esolution
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3er)ices 3er)ices 3tatus -)ent I0 S *;;2 or ;;; or 9002 or 900; or 900< or 900> or 9007 or 900C or 70;>+ /40 8enerated in the last 7 days /40 Computer 8roup S E/ll Computers in Management Pac,E
0escription
0isplays e)ents that indicate 1orefront 3ecurity and related ser)ices started or stopped successfully on E1orefront for -&changeE systems% 4one re?uired%
esolution
Performance Vie8s for Forefront for 01c(ange

25
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime /ttachment 3can ate Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E/ttachments 3canned ateE
/ttachment scan rate for the 4one re?uired%
ealtime scanner%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime /ttachments Cleaned Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal /ttachments CleanedE
5otal number of attachments cleaned by the ealtime 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime /ttachments 0etected Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal /ttachments 0etectedE
26
5otal number of attachments detected by the ealtime 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime /ttachments emo)ed Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal /ttachments emo)edE
5otal number of attachments remo)ed by the ealtime 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime /ttachments 3canned Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal /ttachments 3cannedE
5otal number of attachments scanned by the ealtime 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime Messages 0etected Computer 8roup S E/ll Computers in
27
Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal Messages 0etectedE 0escription esolution 5otal number of messages detected by the ealtime 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime Messages Purged Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal Messages PurgedE
5otal number of messages purged by the ealtime 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime Messages 3canned Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal Messages 3cannedE
5otal number of messages scanned by the ealtime 3can% 4one re?uired%
28
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs ealtime Messages 5agged Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E ealtime 3can JobE Counter name S E5otal Messages 5aggedE
5otal number of messages tagged by the ealtime 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport /ttachment 3can ate
Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E/ttachments 3canned ateE
/ttachment scan rate for the 5ransport scanner% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport /ttachments Cleaned Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal /ttachments CleanedE
29
5otal number of attachments cleaned by the 5ransport 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport /ttachments 0etected Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal /ttachments 0etectedE
5otal number of attachments detected by the 5ransport 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport /ttachments emo)ed Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal /ttachments emo)edE
5otal number of attachments remo)ed by the 5ransport 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport /ttachments 3canned Computer 8roup S E/ll Computers in
30
Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal /ttachments 3cannedE 0escription esolution 5otal number of attachments scanned by the 5ransport 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport Messages 0etected Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal Messages 0etectedE
5otal number of messages detected by the 5ransport 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport Messages Purged Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal Messages PurgedE
5otal number of messages purged by the 5ransport 3can% 4one re?uired%
31
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport Messages 3canned Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal Messages 3cannedE
5otal number of messages scanned by the 5ransport 3can% 4one re?uired%
Microsoft 1orefront 3er)er 3ecurityJ1orefront for -&changeJ3can Jobs 5ransport Messages 5agged Computer 8roup S E/ll Computers in Management Pac,E 2b#ect name S EMicrosoft 1orefront 3er)er 3ecurity 3canE Instance S E5ransport 3can JobE Counter name S E5otal Messages 5aggedE
5otal number of messages tagged by the 5ransport 3can% 4one re?uired%
0vent #- codes $ FFSMP for SCOM 2007

5he follo$ing table contains all the Microsoft 1orefront 3er)er 3ecurity 2007 administrati)e e)ents for -&change, 3harePoint, and instant messaging% 1orefront 3er)er 3ecurity generates system e)ents, so that you can troubleshoot and )erify the performance of components, features, and ser)ices% -)ent :ie$er trac,s error e)ents, $arning e)ents, and informational e)ents%
32
0vent #-
Category
0vent type
Va"ue or description
9000 9009 9002 900; 9007 900C 9009 9090
Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6
Information Information Information Information Information Information Information Information
1orefront 3er)er 3ecurity ser)ice is running% 1orefront 3er)er 3ecurity ser)ice has stopped% 13-IMC ser)ice started% 13-IMC ser)ice stopped% 1orefront 3er)er 3ecurity Monitor detected Information 3tore process started% 1orefront 3er)er 3ecurity Monitor detected Information 3tore shutdo$n% 1orefront 3er)er 3ecurity Monitor detected abnormal Information 3tore shutdo$n% 1orefront 3er)er 3ecurity Information 3tore scanning subsystem online% Ignore pre)ious $arning% 1orefront 3er)er 3ecurity $aiting $hile Information 3tore ser)ice starts% 1orefront 3er)er 3ecurity Information 3tore scanning subsystem has been ta,en offline% 1orefront 3er)er 3ecurity Monitor is acti)e% 1orefront 3er)er 3ecurity Monitor is inacti)e% -&ceeded the ma&imum process e)ents limit% 1ailed to register or enable the O9 /gent% 5his pre)ents the Microsoft -&change 5ransport ser)ice from starting% 133PController started% 133PController stopped% 1orefront 3er)er 3ecurity ser)ice is starting%
33
9099 9092 909; 909A 909< 909>
Information Information Information Information -rror -rror
909C 9099 9020
Information Information Information
0vent #-
Category
0vent type
5ermination 9029 9022 902; 902A 902< Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Information Information Information Information Information 1orefront 3er)er 3ecurity ser)ice is stopping% 1orefront 3er)er 3ecurity :ersion: O9 O2% 1orefront 3er)er 3ecurity 3er)ice Pac,: 3er)ice Pac, O9% Product I0: O9% !icensed Components:OnComponent !icense 5ype -&piration 0ateOn((((((((( (((((((((((((( (((((((((((((((OnO9 !icensed -ngines: O9% 3ystem Information:OnO9 1orefront 3er)er 3ecurity Mail Pic,up ser)ice is running% 1orefront 3er)er 3ecurity Mail Pic,up ser)ice has stopped% 1orefront 3er)er 3ecurity Mail Pic,up ser)ice has paused% 1orefront 3er)er 3ecurity Mail Pic,up ser)ice has resumed% 13CController ser)ice failed to start% -)ent 5racing could not be started% On -rror code: O9 -)ent 5racing session has been started% -)ent 5racing reported an error: On -5" function: O9On eturn code: O2% -)ent 5racing could not be enabled%
902> 902C 9029 90;0 90;9 90;2 90;; 90;> 90;7 90;C 90;9
Information Information Information Information Information Information -rror "arning Information "arning "arning
34
0vent #-
Category
0vent type
90A0 90A9 90A2 90A; 90AA 90A< 90A> 90A7 90AC 90A9 90<0 9070 9079 9072 907; 907< 907>
Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination Initiali'ation6 5ermination
"arning Information Information Information Information Information Information Information Information Information Information -rror -rror -rror -rror Information Information
-)ent 5racing could not be disabled% 3cheduled 3can has been started% 3cheduled 3can is running% 3cheduled 3can has stopped% 3cheduled 3can has completed% 2n(0emand 3can started% /pplication I0: O9 2n(0emand 3can suspended% /pplication I0: O9 2n(0emand 3can resumed% /pplication I0: O9 2n(0emand 3can stopped% /pplication I0: O9 5he 1se2n0emand4a) ser)ice is running% 5he 1se2n0emand4a) ser)ice has stopped% 1ailed to register or enable the O9% 1ailed to register or enable the O9% 1ailed to unregister the O9% 1ailed to unregister the O9% 5he 1orefront 3er)er 3ecurity -)enting 3er)ice has started% 5he 1orefront 3er)er 3ecurity -)enting 3er)ice has stopped%
35
0vent #-
Category
0vent type
2000 2009 2002 200; 200A 200< 2007 200C 2009 2090 2099
8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral
Information Information Information Information Information Information Information Information Information Information Information
ealtime 3can Job enabled% ealtime 3can Job disabled% Manual 3can Job started% Manual 3can Job paused% Manual 3can Job resumed% Manual 3can Job stopped% 5ransport 3can Job enabled% 5ransport 3can Job disabled% IM 3can Job enabled% IM 3can Job disabled% 1orefront 3er)er 3ecurity did not detect any ne$ scan engine updates%On 3can -ngine: O9On Update Path: O2On O; 1orefront 3er)er 3ecurity performed a successful scan engine update%On 3can -ngine: O9On Update Path: O2On O; 1orefront 3er)er 3ecurity has rolled bac, a scan engine%On 3can -ngine: O9 Call to enable the scan engine returned the )alue: hr S O9% O9 scan engine $as loaded for the 3can Job% ealtime
2092
8eneral
Information
2097 209C 2099 2020 2029 2022 202; 202A 202<
8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral
Information "arning Information Information Information Information Information Information Information
1orefront 3er)er 3ecurity scan engine $as loaded for the ealtime 3can Job% 3can engine $as unloaded for the ealtime 3can Job% 1orefront 3er)er 3ecurity scan engine $as unloaded for the ealtime 3can Job% O9 scan engine $as loaded for the Manual 3can Job% 1orefront 3er)er 3ecurity scan engine $as loaded for the Manual 3can Job% 3can engine $as unloaded for the Manual
36
0vent #-
Category
0vent type
3can Job% 202> 2027 202C 2029 20;0 20;; 20;A 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral Information Information Information Information Information Information Information 1orefront 3er)er 3ecurity scan engine $as unloaded for the Manual 3can Job% O9 scan engine $as loaded for the Internet 3can Job% 1orefront 3er)er 3ecurity scan engine $as loaded for the Internet 3can Job% 3can engine $as unloaded for the Internet 3can Job% 1orefront 3er)er 3ecurity scan engine $as unloaded for the Internet 3can Job% 3can engine $as unloaded for the IM 3can Job% 1orefront 3er)er 3ecurity is attempting a scan engine update%On 3can -ngine: O9On Update Path: O2On O;% O9 scan engine $as loaded for the IM 3can Job% In)alid scan engine update action% /ction S O9% 1orefront 3er)er 3ecurity scan engine $as unloaded for the IM 3can Job% O9 scan engine for 1orefront 3er)er 3ecurity has been installed% 5esting the O9 scan engine% O9 scan engine for 1orefront 3er)er 3ecurity has been staged% 1orefront 3er)er 3ecurity scan engine $as loaded for the IM 3can Job% 1orefront 3er)er 3ecurity performed a successful rollbac,%On 3can -ngine: O9 3can or clean document O9 failed due to timeout error% 3can or clean document failed due to timeout
37
20;> 20;7 20;9 20A0 20A2 20A; 20A< 20A9 20<A 20<<
8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral
Information "arning Information Information -rror Information Information Information -rror -rror
0vent #-
Category
0vent type
error% 20<7 8eneral Information O9OnOnPlease contact your Microsoft sales representati)e to purchase 1orefront 3er)er 3ecurity% -&change 3er)er pic,up folder O9 does not e&ist% Une&pected error mo)ing the file O9 to the -&change pic,up folder% 5he error reported by the system is: O2% -rror occurred% O9 Une&pected 3M5P ser)er response% -&pected: O9, actual: O2, $hole response: O;% In)alid 3M5P ser)er response: O9% 1ailed to authenticate to the 3M5P ser)er% 1ailed to authenticate to the 3M5P ser)er: error S O9% O9 is not an e&pected 3M5P authentication mechanism% 5!3 /PI failure: error S O9% 5!3 protocol failure% /lready connected to the 3M5P ser)er $ith address O9% 4ot connected to the 3M5P ser)er $ith address O9% Can only authenticate $ith mutual 8eneric 3ecurity 3er)ices /pplication Programming Interface *833/PI+ $hen the connection is o)er 5ransport !ayer 3ecurity *5!3+% 1ailed to connect to the 3M5P ser)er O9% 1ailed to identify the O9 header in the -M! file% 5he O9 scan engine $as loaded for the 3cheduled 3can Job
38
20>9 20>2
8eneral 8eneral
-rror -rror
20>; 20>A
8eneral 8eneral
-rror -rror
20>< 20>> 20>7 20>C 20>9 2070 2079 2072 207;
8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral
-rror -rror -rror -rror -rror -rror -rror -rror -rror
207A 207< 207>
8eneral 8eneral 8eneral
-rror -rror Information
0vent #-
Category
0vent type
2077 207C 2079 20C0 20C9 20C2 20C; 20CA 20C< 20C>
8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral 8eneral
Information Information Information Information Information Information Information Information Information Information
5he 1orefront 3er)er 3ecurity scan engine $as loaded for the 3cheduled 3can Job% 5he scan engine $as unloaded for the 3cheduled 3can Job% 5he 1orefront 3er)er 3ecurity scan engine $as unloaded for the 3cheduled 3can Job% 3cheduled scan enabled% 3cheduled scan disabled% 5ransport scan bypassed% ealtime scan bypassed% 3cheduled scan bypassed% 5he O9 scan engine $as loaded for the 2n( 0emand 3can Job% /pplication I0: O2 5he 1orefront 3er)er 3ecurity scan engine $as loaded for the 2n(0emand 3can Job% /pplication I0: O9 5he scan engine $as unloaded for the 2n( 0emand 3can Job% /pplication I0: O9 5he 1orefront 3er)er 3ecurity scan engine $as unloaded for the 2n(0emand 3can Job% /pplication I0: O9 5he 043 @loc,list loo,up domain O9 could not be contacted% 5his $ill pre)ent 043 @loc,list loo,ups% Please )erify your net$or, connecti)ity% 5he O9 scan engine has been mar,ed as deprecated% Updates for this engine $ill only be a)ailable until O2%OnOn1or more information, see the follo$ing ,no$ledge base article: O; ealtime scan found )irus: On 1older: O9On Message: O2On 1ile: O;On Incident: OAOn 3tate: O<% Internet scan found )irus: On 1older: O9On Message: O2On Message I0: O;On 1ile:
39
20C7 20CC
8eneral 8eneral
Information Information
209C
8eneral
-rror
2099
8eneral
"arning
;000
3can
esults
Information
;002
3can
esults
Information
0vent #-
Category
0vent type
OAOn Incident: O<On 3tate: O>% ;00; 3can esults Information IM scan found )irus: On 1older: O9On Message: O2On 1ile: O;On Incident: OAOn 3tate: O<% ealtime scan found )irus: On 1older: O9On 1ile: O;On Incident: OAOn 3tate: O<% /pplication scan found )irus: On 1older: O9On 1ile: O;On Incident: OAOn 3tate: O<% Manual scan found )irus: On 1older: O9On 1ile: O;On Incident: OAOn 3tate: O<% 3cheduled scan found )irus: On 1older: O9On Message: O2On 1ile: O;On Incident: OAOn 3tate: O< 2n(0emand 3can found )irus: On 1older: O9On Message: O2On 1ile: O;On Incident: OAOn 3tate: O<On /pplication I0: O> Monitor thread not started% 3er)ice Control Bandler not installed% Unappro)ed )ersion of -&change detected *0&O9, 0&O2, 0&O;, 0&O;+% Unable to create scan #ob% Unable to create 13CController ser)ice% Unable to create ealtime 3can Job% Unable to create Manual 3can Job% Unable to create Internet 3can Job% Unable to create IM 3can Job% Unable to register ealtime 3can Job% Unable to register Manual 3can Job% Unable to register Internet 3can Job% Unable to register IM 3can Job%
40
;00<
3can
esults
Information
;00>
3can
esults
Information
;00C ;009
3can 3can
esults esults
Information Information
;090
3can
esults
Information
A009 A002 A00< <000 <009 <002 <00; <00A <00< <00> <007 <00C <009
3er)er6IMC -rror 3er)er6IMC -rror 3er)er6IMC -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror
0vent #-
Category
0vent type
<090 <099 <092 <09; <09A <09< <09> <097 <09C <099 <020 <029 <022 <02; <02A
3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror
Unable to create e)ent ob#ect% Unable to initiali'e 2!-% Unable to register main $indo$% Unable to create main $indo$% Manual 3can Job failed% 5ransport 3can Job e&ceeded the allo$ed scan time limit% IM 3can Job aborted% Unable to retrie)e realtime monitor% Unable to retrie)e internet monitor% Unable to retrie)e IM monitor% Unable to get realtime monitor interface% Unable to retrie)e internet monitor interface% Unable to retrie)e IM monitor interface% Unable to ad)ise notification sin,% /n e&ception occurred $ithin the scan engine $hile trying to clean a file for the ealtime 3can Job *file EO9E, message EO2E, folder EO;E+% /n e&ception occurred $ithin the scan engine $hile trying to clean a file for the Manual 3can Job *file EO9E, message EO2E, folder EO;E+% /n e&ception occurred $ithin the scan engine $hile trying to clean a file for the Internet 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the ealtime 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the Manual 3can Job *file EO9E, message EO2E, folder
41
<02<
3can -rror
-rror
<02>
3can -rror
-rror
<027
3can -rror
-rror
<02C
3can -rror
-rror
0vent #-
Category
0vent type
EO;E+% <029 3can -rror -rror 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the Internet 3can Job *file EO9E, message EO2E, folder EO;E+% Could not load 1orefront 3er)er 3ecurity engine% Could not load engine mapper% Could not lin, $ith 1orefront 3er)er 3ecurity -ngine methods% Could not lin, $ith engine mapper methods for scanner% Could not create 1orefront 3er)er 3ecurity -ngine ob#ect% Could not create mapper ob#ect% Problems loading or initiali'ing scan engine% Unable to get engine )ersion% Unable to register $or, $indo$% Unable to create $or, $indo$% Call to engine scan function returned 0&OA $ithin ealtime 3can Job *file EO9E, message EO2E, folder EO;E+% Call to engine scan function returned 0&OA $ithin Manual 3can Job *file EO9E, message EO2E, folder EO;E+% Call to engine scan function returned 0&OA $ithin Internet 3can Job *file EO9E, message EO2E, folder EO;E+% 5ransport scan e&ceeded the allo$ed scan time limit during scan retry% Message $ill be archi)ed to the undeli)erable folder and purged% 5ransport scan e&ception occurred during scan retry% Message $ill be archi)ed to the
42
<0;0 <0;9 <0;2 <0;; <0;A <0;< <0;> <0;C <0;9 <0A0 <0A2
3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror
<0A;
3can -rror
-rror
<0AA
3can -rror
-rror
<0A<
3can -rror
-rror
<0A>
3can -rror
-rror
0vent #-
Category
0vent type
undeli)erable folder and purged% <0A7 3can -rror -rror 5ransport scan un,no$n e&ception occurred during scan% Message $ill be archi)ed to the undeli)erable folder and purged% Unable to create 1orefront 3er)er 3ecurity na)igators and remote stub% Unable to install remote stub into pro&y library% Unable to initiali'e Manual 3can Job because ser)er is too busy% Unable to retrie)e na)igator factory% Unable to get na)igator factory interface% Unable to get remote stub interface% !icense period for O9 has e&pired% 5he O2 feature has re)erted to its e&piration action of O;% gIcs8lobal%0ebugInfo SS 0&O9% Unable to retrie)e 3M5P remoting layer% Unable to retrie)e 3M5P remoting layer interface% Unable to install 3M5P remote stub% Unable to unregister 3M5P e)ent sin, binding% ealtime 3can Job e&ceeded the allo$ed scan time limit% Multiple engines returned errors $ithin Internet 3can Job *file EO9E, message EO2E, folder EO;E+% Multiple engines returned errors $ithin ealtime 3can Job *file EO9E, message EO2E, folder EO;E+% Multiple engines returned errors $ithin Manual 3can Job *file EO9E, message EO2E, folder EO;E+%
43
<0AC <0A9 <0<0 <0<9 <0<2 <0<; <0<9
3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror -rror -rror
<0>0 <0>9 <0>2 <0>; <0>A <0>> <070
3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror -rror -rror
<079
3can -rror
-rror
<072
3can -rror
-rror
0vent #-
Category
0vent type
<07C <079 <0C0 <0C9
3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror
13C5ransport3canner command line argument error% 13C ealtime3canner command line argument error% 13CManual3canner command line argument error% /n e&ception occurred $ithin the scan engine $hile trying to clean a file for the IM 3can Job *file EO9E, message EO2E, folder EO;E+% /n e&ception occurred $ithin the scan engine $hile trying to scan a file for the IM 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the IM 3can Job *file EO9E, message EO2E, folder EO;E+% /n e&ception occurred $ithin the Manual 3can *most li,ely caused by deeply nested folders+% B S O9% 5he 3can -ngine $as stuc, in a -/0 or " I5- loop $hile trying to clean a file for the IM 3can Job *file EO9E, message EO2E, folder EO;E+ 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the Manual 3can Job *file EO9E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the /pplication 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the /pplication 3can Job *file EO9E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to clean a file for the ealtime 3can Job *file EO9E, folder EO;E+%
<092
3can -rror
-rror
<902
3can -rror
-rror
<90;
3can -rror
-rror
<90A
3can -rror
-rror
<907
3can -rror
-rror
<90C
3can -rror
-rror
<999
3can -rror
-rror
<99;
3can -rror
-rror
44
0vent #-
Category
0vent type
<99<
3can -rror
-rror
3can engine $as stuc, in a -/0 or " I5loop $hile trying to scan a file for the IM 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to scan a file for the Manual 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to scan a file for the Manual 3can Job *file EO9E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to scan a file for the /pplication 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to scan a file for the ealtime 3can Job *file EO9E, message EO2E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to scan a file for the /pplication 3can Job *file EO9E, folder EO;E+% 3can engine $as stuc, in a -/0 or " I5loop $hile trying to scan a file for the ealtime 3can Job *file EO9E, folder EO;E+% 8etProc/ddress failed to get address of 8et-ngineMethods for the engine mapper% Could not set the scan engine directory% Call to engine scan function returned 0&OA $ithin IM 3can Job *file EO9E, message EO2E, folder EO;E+% Call to engine scan function returned 0&OA $ithin Manual 3can Job *file EO9E, folder EO;E+% Call to engine scan function returned 0&OA $ithin /pplication 3can Job *file EO9E, message EO2E, folder EO;E+%
<997
3can -rror
-rror
<99C
3can -rror
-rror
<999
3can -rror
-rror
<929
3can -rror
-rror
<922
3can -rror
-rror
<92A
3can -rror
-rror
<92> <927 <92C
3can -rror 3can -rror 3can -rror
-rror -rror -rror
<929
3can -rror
-rror
<9;0
3can -rror
-rror
45
0vent #-
Category
0vent type
<9;2
3can -rror
-rror
Call to engine scan function returned 0&OA $ithin /pplication 3can Job *file EO9E, folder EO;E+% Call to engine scan function returned 0&OA $ithin ealtime 3can Job *file EO9E, folder EO;E+% !icense period for this component has e&pired% 5he feature has re)erted to its e&piration action of 3,ip 0etect% 3harePoint ealtime 3can Job e&ceeded the allo$ed scan time limit% /3J scan e&ceeded the allo$ed scan time limit% Multiple engines returned errors $ithin IM 3can Job *file EO9E, message EO2E, folder EO;E+% Multiple engines returned errors $ithin Manual 3can Job *file EO9E, folder EO;E+% Multiple engines returned errors $ithin /pplication 3can Job *file EO9E, folder EO;E+% Multiple engines returned errors $ithin ealtime 3can Job *file EO9E, folder EO;E+% Unable to create /do4a)igator>A 1actory% Unable to create 4amed 1ile 1ilter 3can Job% Unable to create 1orefront 3er)er 3ecurity ser)ice for ealtime scanner% Unable to retrie)e 3harePoint monitor% Unable to retrie)e /3J monitor% 1ailed to unregister the O9 /gent% 5his pre)ents the M35ransport 3er)ice from starting% Please see 3er)er 3ecurity documentation on ho$ to unregister the /gent manually% Problems loading scan #ob from etrie)eManual%
46
<9;A
3can -rror
-rror
<9;>
3can -rror
-rror
<9;7 <9;C <9A7
3can -rror 3can -rror 3can -rror
-rror -rror -rror
<9AC <9<9 <9<; <9<> <9<7 <9>9 <9>; <9>A <9><
3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror -rror -rror -rror -rror
<9>>
3can -rror
-rror
0vent #-
Category
0vent type
<9>7 <9>C <9>9 <970 <97< <97C <979 <9C0
3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror -rror -rror -rror
1orefront 3er)er 3ecurity Monitor detected abnormal O9 shutdo$n% 1orefront 3er)er 3ecurity Monitor detected abnormal O9 shutdo$n during initiali'ation% ealtime scan engine e&ception occurred% 5ransport scan engine e&ception occurred% Unable to create 3cheduled scan% Unable to create 1orefront 3er)er 3ecurity ser)ice for 3cheduled scanner% Unable to retrie)e 3cheduled monitor% 5he 3can -ngine $as stuc, in a -/0 or " I5- loop $hile trying to scan a file for the 3cheduled 3can Job *file EO9E, message EO2E, folder EO;E+ Multiple engines returned errors $ithin 3cheduled scan #ob *file EO9E, folder EO;E+ 3cheduled scan e&ceeded the allo$ed scan time limit% Unable to register 3cheduled scan% Unable to get 3cheduled monitor interface% 5he 3can -ngine $as stuc, in a -/0 or " I5- loop $hile trying to clean a file for the 3cheduled 3can Job *file EO9E, message EO2E, folder EO;E+ Call to engine scan function returned 0&OA $ithin 3cheduled scan #ob *file EO9E, message EO2E, folder EO;E+ 2n(0emand 3can failed% /pplication I0: O9 Unable to create 2n(0emand 3can% /pplication I0: O9 Unable to register 2n(0emand 3can% /pplication I0: O9 /n e&ception occurred $ithin the 2n(0emand 3can *most li,ely caused by deeply nested
47
<9C9 <9C; <9CA <9C< <9C7
3can -rror 3can -rror 3can -rror 3can -rror 3can -rror
-rror -rror -rror -rror -rror
<9C9
3can -rror
-rror
<990 <999 <992 <99A
3can -rror 3can -rror 3can -rror 3can -rror
0vent #-
Category
0vent type
folders+% B S O9% /pplication I0: O2 >009 >00< >092 -ngine -rror -ngine -rror -ngine -rror -rror -rror -rror 2 : 2ut of memory in O9%
-rror: O9 1orefront 3er)er 3ecurity encountered an error $hile performing a scan engine update% On 3can engine: O9On -rror Code: O2On O;% 1orefront 3er)er 3ecurity encountered an error $hile performing a scan engine update% On 3can -ngine: O9On Update Path: O2On O;On -rror Code: OAOn O<% 1orefront 3er)er 3ecurity encountered an error $hile performing a scan engine rollbac,% On 3can -ngine: O9On -rror Code: O2On O;% Microsoft 1orefront 3er)er 3ecurity encountered an error $hile performing a scan engine update% On Update Path: O9On -rror 0etail: O2 Microsoft 1orefront 3er)er 3ecurity encountered an error $hile performing a scan engine update% On -rror 0etail: O9 Microsoft 1orefront 3er)er 3ecurity encountered an error $hile performing a scan engine update% On 3can -ngine: O9On -rror 0etail: O2 Microsoft 1orefront 3er)er 3ecurity encountered an error $hile performing a scan engine update% On 3can -ngine: O9On Update Path: O2On -rror 0etail: O; Microsoft 1orefront 3er)er 3ecurity encountered an error $hile chec,ing scan engine status% /ll the antimal$are engines selected in the 1orefront /dministrator Console for scanning ha)e been enabled for signature updates%
>09A
-ngine -rror
-rror
>09>
-ngine -rror
-rror
>097
-ngine -rror
-rror
>09C
-ngine -rror
-rror
>099
-ngine -rror
-rror
>020
-ngine -rror
-rror
>029
-ngine -rror
-rror
7000
Bealth 3tatus
Information
48
0vent #-
Category
0vent type
7009
Bealth 3tatus
"arning
4ot all the antimal$are engines selected in the 1orefront /dministrator Console for scanning ha)e been enabled for signature updates% /ll the antimal$are engines enabled for updates ha)e updated successfully at the last attempt% 4ot all the antimal$are engines enabled for updates ha)e updated successfully at the last attempt% !ess than half of the antimal$are engines enabled for updates ha)e updated successfully at the last attempt% /ll the antimal$are engines enabled for updates ha)e updated successfully in the fi)e days% /t least one of the antimal$are engines enabled for updates ha)e not been updated in the fi)e days% 4one of the antimal$are engines enabled for updates ha)e been updated in the last fi)e days% 5he antimal$are engines selected for transport scanning ha)e been initiali'ed% 4one of the antimal$are engines selected for transport scanning ha)e been initiali'ed% 5he antimal$are engines selected for realtime scanning ha)e been initiali'ed% 4one of the antimal$are engines selected for realtime scanning ha)e been initiali'ed% 5he transport scan #ob is enabled% 5he transport scan #ob is not enabled from the 1orefront /dministrator Console% 5he transport scan #ob is disabled from the 1orefront /dministrator Console%
7002
Bealth 3tatus
Information
700;
Bealth 3tatus
"arning
700A
Bealth 3tatus
-rror
700<
Bealth 3tatus
Information
700>
Bealth 3tatus
"arning
7007
Bealth 3tatus
-rror
700C 7009 7090 7099 7092 709; 709A
Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus
Information -rror Information -rror Information "arning -rror
49
0vent #-
Category
0vent type
709< 709> 7097 709C 7099 7020 7029 7022 702; 702A 702<
Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus
Information "arning -rror Information "arning -rror Information "arning -rror Information -rror
5he realtine scan #ob is enabled% 5he realtime scan #ob is not enabled from the 1orefront /dministrator Console% 5he realtime scan #ob is disabled from the 1orefront /dministrator Console% 5he realtime scanning processes are running normally $ith no issues% 3ome of the realtime scanning processes did not restart% 4one of the realtime scanning processes ha)e restarted% 5he transport scanning processes are running normally $ith no issues% 3ome of the transport scanning processes did not restart% 4one of the transport scanning processes ha)e restarted% 5he M3 -&change 5ransport 3er)ice is running and the 1orefront /gent is registered% 5he M3 -&change 5ransport 3er)ice is running but the 1orefront /gent is not registered% 5he M3 Information 3tore is running and the 1orefront :3/PI !ibrary is registered% 5he M3 Information 3tore is running but the 1orefront :3/PI !ibrary is not registered% 5he 1orefront 3er)er 3ecurity Product is $ithin the license period% 5he 1orefront 3er)er 3ecurity Product license $ill e&pire in ;0 days or less% Please contact your sales representati)e to purchase or rene$ your license% Upon e&piration, the product may operate $ith reduced functionality% 5he 1orefront 3er)er 3ecurity Product license
50
702> 7027 702C 7029
Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus
Information -rror Information "arning
70;0
Bealth 3tatus
-rror
0vent #-
Category
0vent type
has e&pired% Please contact your sales representati)e to purchase or rene$ your license% 5he product may operate $ith reduced functionality% 70;9 Bealth 3tatus Information 1orefront 3er)er 3ecurity: Percentage of messages infected in the last one hour is less than O9 percent of all messages recei)ed% 1orefront 3er)er 3ecurity: Percentage of messages infected in the last one hour is greater than O9 percent of all messages recei)ed% 5he antimal$are engines selected for scheduled scanning ha)e been initiali'ed% 4one of the antimal$are engines selected for scheduled scanning ha)e been initiali'ed% 5here is at least <9200 =@ of dis, space a)ailable% 5here is less than <9200 =@ of dis, space a)ailable, but at least 2<>00 =@ of dis, space a)ailable% 5here is less than 2<>00 =@ of dis, space a)ailable% 5his could ha)e a negati)e impact on systemLs scanning% 5he -)enting 3er)ice *13C-)enting+ is functioning% 5he -)enting 3er)ice *13C-)enting+ is not functioning% 5he Mail Pic,up 3er)ice *13CMailPic,up+ is functioning% 5he Mail Pic,up 3er)ice *13CMailPic,up+ is not functioning% Content filter is enabled and signatures ha)e been updated in the last one hour% Content 1ilter is enabled and the signatures $ere last updated in the past 9(92 hours%
70;2
Bealth 3tatus
Information
70;; 70;A 70;< 70;>
Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus
Information -rror Information "arning
70;7
Bealth 3tatus
-rror
70A0 70A9 70AA 70A< 70A> 70A7
Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus
Information -rror Information -rror Information "arning
51
0vent #-
Category
0vent type
70AC 70<9 70<2 70<; 70<A 70<< 70<>
Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus Bealth 3tatus
-rror Information -rror Information -rror Information Information
Content 1ilter is enabled and the last signature update $as o)er 92 hours ago% 5he monitor ser)ice *13CMonitor+ is functioning% 5he monitor ser)ice *13CMonitor+ is not functioning% 5he 3harePoint ser)ice is running and the 1orefront :3/PI !ibrary is registered% 5he 3harePoint ser)ice is running but the 1orefront :3/PI !ibrary is not registered% O9: 2ld log files in the directory O2 older than O; are deleted% O9: !og directory: O2 has reached the directory ?uota of O;% 0eleted OA oldest logs to remain $ithin the directory ?uota% O9: 1ailed to create the log directory: O2 because of the error: O;% !ogs $ill not be generated until the problem is corrected% O9: 1ailed to $rite logs because of the error: O2% Could not retrie)e root ob#ect from /cti)e 0irectory% Could not retrie)e the !0/P configuration naming conte&t% -rror code: O9% Could not bind to /cti)e 0irectory 8C% -rror code: O9% etrie)ing the 8C ob#ect failed% -rror code: O9% TueryInterface for II0II0irectory3earch pointer failed% -rror code: O9% 8etColumn failed for column O9% -rror code: O2% /0s@uild-numerator failed% -rror code: O9% Could not retrie)e directory search ob#ect
52
70<7
Bealth 3tatus
"arning
70<C C009 C002 C00A C00< C00> C007 C00C C009
Bealth 3tatus /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory
"arning -rror -rror -rror -rror -rror -rror -rror -rror
0vent #-
Category
0vent type
from the /cti)e 0irectory% C090 C099 C092 C09; C09A C09< C09> C097 C09C C099 C020 C029 C022 C02< C02> C027 C02C C029 /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror Could not load acti)eds%dll% /ttempt to load acti)eds%dll for -&change <%& or earlier% Could not get process address *O9+ for O2% Could not open the 3M5P file in the supplied pic,up folder path% Could not create recipient list% Could not get ser)er name% Could not bind to /cti)e 0irectoryPs root ob#ect% -rror code: O9% Could not bind to /cti)e 0irectory configuration conte&t% -rror code: O9% Could not retrie)e configuration conte&t ob#ect from /cti)e 0irectory% Could not set search preference for /cti)e 0irectory% -rror code: O9% Could not e&ecute search for /cti)e 0irectory% -rror code: O9% Could not retrie)e first ro$ of data from /cti)e 0irectory% -rror code: O9% Could not retrie)e ne&t ro$ of data from /cti)e 0irectory% -rror code: O9% Could not retrie)e storage group 8UI0% -rror code: O9% Could not bind to database ob#ect% -rror code: O9% Could not retrie)e database ob#ect from /cti)e 0irectory% Could not retrie)e database 8UI0% -rror code: O9% Could not bind to storage group ob#ect% -rror code: O9%
53
0vent #-
Category
0vent type
C0;0 C0A9 C0A2
/cti)e 0irectory /cti)e 0irectory /cti)e 0irectory
-rror "arning -rror
Could not retrie)e storage group ob#ect from the /cti)e 0irectory% 8etColumn failed% Column: O9 ecipient: O2 -rror code: O;% /n error occurred $hile retrie)ing a scan engine )ersion% On 3can engine: O9On -rror: O2 2ne or more scan engines pre)iously used ha)e been remo)ed% Please re)ie$ the scan engines chosen for your scan #obs and ma,e another selection% Pre)ious /0 Mar, 1ound and /0 Mar, Created% Unable to Create /d Mar,, 1ailed to bind Computer 2b#ect% O9 Unable to Create /d Mar,, 1ailed to create 3CP: O9 @ad arguments passed to Is/dMar,er egistered% Unable to emo)e /d Mar,, registry opening or ?uery failed: O9 Unable to emo)e /d Mar,, /0s8et2b#ect failed: O9 Unable to failed O9 emo)e /d Mar,, TueryInterface emo)ed%
C0AA
/cti)e 0irectory
-rror
C0A< C0A> C0A7 C0AC C0A9 C0<0 C0<9 C0<2 C0<; C0<A C0<< 9000 9009
/cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory /cti)e 0irectory CC CC 3er)ice 3er)ice
Information Information -rror -rror -rror -rror -rror -rror -rror -rror "arning Information Information
Unable to emo)e /d Mar,, 0elete2b#ect failed, O9 Unable to emo)e /d Mar, eg=ey :alue, eg2pen=ey-& failed: O9 /d Mar, emo)ed ( 1ailed to 0elete =ey% 1orefront 3er)er 3ecurity CC ser)ice is running% 1orefront 3er)er 3ecurity CC eg
eplication eplication
54
0vent #-
Category
0vent type
ser)ice has stopped% 9002 900; 90<0 9900 9909 9902 CC CC CC CC CC CC 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice Information Information -rror -rror -rror -rror 1orefront 3er)er 3ecurity CC ser)ice has paused% 1orefront 3er)er 3ecurity CC ser)ice has resumed% eplication eplication
1orefront 3er)er 3ecurity CC eplication ser)ice encountered a ser)ice error% 1orefront 3er)er 3ecurity CC ser)ice encountered an error% eplication
1orefront 3er)er 3ecurity CC eplication ser)ice encountered an un,no$n error% /n error occurred $hile 1orefront 3er)er 3ecurity CC eplication ser)ice transitioned to the passi)e state% /n error occurred $hile 1orefront 3er)er 3ecurity CC eplication ser)ice loo,ed for the acti)e node% 4o configuration file specified for 1orefront 3er)er 3ecurity CC eplication ser)ice% 1orefront 3er)er 3ecurity CC ser)ice configuration error% eplication
990;
CC
3er)ice
-rror
9200 9209 9;00 9;09 9A00 9A02
CC CC CC CC CC CC
3er)ice 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice
-rror -rror Information Information -rror "arning
1orefront 3er)er 3ecurity CC eplication ser)ice node state is no$ acti)e% 1orefront 3er)er 3ecurity CC ser)ice node state is passi)e% eplication
1orefront 3er)er 3ecurity CC eplication ser)ice file synchroni'ation error% 1orefront 3er)er 3ecurity CC eplication ser)ice configuration parameter is in)alid% 5he ma&imum bac,ups must be at least O9K using O2% 1orefront 3er)er 3ecurity CC eplication ser)ice configuration parameter is in)alid% 5he ma&imum bac,ups must be greater than or e?ual to the minimum bac,upsK using O9%
55
9A0;
CC
3er)ice
"arning
0vent #-
Category
0vent type
9A0A
CC
3er)ice
"arning
1orefront 3er)er 3ecurity CC eplication ser)ice configuration parameter is in)alid% 5he minimum bac,up age must be at least O9K using O2% 1orefront 3er)er 3ecurity CC eplication ser)ice configuration parameter is in)alid% 5he ma&imum bac,up age must be at least O9K using O2% 1orefront 3er)er 3ecurity CC eplication ser)ice configuration parameter is in)alid% 5he ma&imum bac,up age must be at least O9K using O2% 1orefront 3er)er 3ecurity CC eplication ser)ice configuration parameter is in)alid% 5he ma&imum bac,up age must be greater than or e?ual to the minimum bac,up ageK using O9% 1orefront 3er)er 3ecurity CC eplication ser)ice file synchroni'ation monitoring has begun% 1orefront 3er)er 3ecurity CC eplication ser)ice file synchroni'ation monitoring has ended% 1orefront 3er)er 3ecurity CC eplication ser)ice forcing initial file synchroni'ation% 1orefront 3er)er 3ecurity CC eplication ser)ice has s,ipped replication of a file% On 1ile: O9On eason: Cannot obtain a 1orefront loc,% un
9A0<
CC
3er)ice
"arning
9A0>
CC
3er)ice
"arning
9A07
CC
3er)ice
"arning
9A0C
CC
3er)ice
Information
9A09
CC
3er)ice
Information
9A90 9A99
CC CC
3er)ice 3er)ice
Information "arning
9A92
CC
3er)ice
Information
1orefront 3er)er 3ecurity CC eplication ser)ice file replication succeeded% On 1ile: O9
9A9A
CC
3er)ice
"arning
1orefront 3er)er 3ecurity CC eplication ser)ice s,ipping replication of a file% On 1ile: O9
9A9<
CC
3er)ice
-rror
1orefront 3er)er 3ecurity CC
eplication
56
0vent #-
Category
0vent type
ser)ice file replication failed% On 1ile: O9 9A9> CC 3er)ice "arning 1orefront 3er)er 3ecurity CC eplication ser)ice successfully bac,ed up a file% On 2riginal 1ile: O9On @ac,up 1ile: O2 9A97 CC 3er)ice "arning 1orefront 3er)er 3ecurity CC eplication ser)ice s,ipped bac,ing up a file% On 2riginal file: O9On eason: 5he file does not e&ist% 9A9C CC 3er)ice -rror 1orefront 3er)er 3ecurity CC eplication ser)ice failed to bac,up a file% On 2riginal file: O9 9A99 CC 3er)ice Information 1orefront 3er)er 3ecurity CC eplication ser)ice successfully pruned bac,ups for a file% On 2riginal 1ile: O9 9A20 CC 3er)ice -rror 1orefront 3er)er 3ecurity CC eplication ser)ice failed to prune bac,ups for a file% On 2riginal file: O9 9A29 CC 3er)ice "arning 1orefront 3er)er 3ecurity CC eplication ser)ice s,ipping replication of files% On eason: /cti)e node not a)ailable% 9A22 9A2; CC CC 3er)ice 3er)ice Information "arning 1orefront 3er)er 3ecurity CC eplication ser)ice initial replication seeding complete% 1orefront 3er)er 3ecurity CC eplication ser)ice initial replication seeding has not completed% 1orefront 3er)er 3ecurity CC eplication ser)ice engine synchroni'ation monitoring has begun% 1orefront 3er)er 3ecurity CC eplication ser)ice engine synchroni'ation monitoring has ended% 1orefront 3er)er 3ecurity CC eplication
57
9<02
CC
3er)ice
Information
9<0;
CC
3er)ice
Information
9<0A
CC
3er)ice
Information
0vent #-
Category
0vent type
ser)ice engine replication succeeded% On -ngine: O9 9<0< CC 3er)ice Information 1orefront 3er)er 3ecurity CC eplication ser)ice s,ipping replication of an engine% On -ngine: O9On eason: 3ource for engine is not a)ailable% 9<0> CC 3er)ice Information 1orefront 3er)er 3ecurity CC eplication ser)ice s,ipping replication of an engine% On -ngine: O9On eason: 4o update is a)ailable% 9<07 CC 3er)ice -rror 1orefront 3er)er 3ecurity CC eplication ser)ice engine replication failed% On -ngine: O9 9<0C CC 3er)ice "arning 1orefront 3er)er 3ecurity CC eplication ser)ice has s,ipped replication of an engine% On -ngine: O9On eason: /n error occurred $hile obtaining the 1orefront un loc, and the -ngine Update loc,% 9<09 CC 3er)ice "arning 1orefront 3er)er 3ecurity CC eplication ser)ice has s,ipped replication of an engine% On -ngine: O9On eason: / timeout occurred $hile obtaining the 1orefront un loc, and the -ngine Update loc,% 9<90 CC 3er)ice "arning 1orefront 3er)er 3ecurity CC eplication ser)ice s,ipping replication of engines% On eason: /cti)e node not a)ailable% 9>00 9>09 9>02 CC CC CC 3er)ice 3er)ice 3er)ice Information Information "arning 1orefront 3er)er 3ecurity CC eplication ser)ice cluster state monitoring has begun% 1orefront 3er)er 3ecurity CC eplication ser)ice cluster state monitoring has ended% 1orefront 3er)er 3ecurity CC eplication ser)ice cluster state monitoring has failed to
58
0vent #-
Category
0vent type
recei)e cluster notifications% On 0etails: Unable to retrie)e cluster change notifications% 9>0; CC 3er)ice -rror 1orefront 3er)er 3ecurity CC eplication ser)ice cluster state monitoring has encountered a problem% On 0etails: Unable to open a connection to the cluster% 90000 90009 90900 90909 90902 9090; 9090A 9090< 9090> 90907 9090C 90909 90990 90999 90992 9099; 8eneral 8eneral 8eneric 8eneric !ogging !ogging !ogging !ogging 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer "arning -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror "arning, a problem has occurred% B SO9% /n error has occurred% B SO9% 5he operation completed successfully% 5he system returned the follo$ing e&ception: 5he application $as unable to $rite to the program log% 5he program log path is in)alid% 5he application $as unable to initiali'e the program log% 5he program log mute& timed out after U0V seconds on this message: U9V /n error occurred $hile processing a file transfer in)itation: U0V Une&pected error occurred $hile generating ne$ encryption ,eys: U0V -&ception setting up do$nloader for outbound connection to U0V:U9V -rror setting up uploader for outbound connection to U0V:U9V 1ailed to negotiate a secure Ms15P transfer session% /n e&ception occurred $hile deleting U0V /n e&ception occurred $hile performing Ms15P 0o$nload% /n e&ception occurred $hile $aiting for a
59
0vent #-
Category
0vent type
connection% 9099A 9099< 9099> 90997 9099C 90999 90920 90929 90922 9092; 9092A 9092< 9092> 90927 9092C 90929 909;0 909;9 909;2 909;; 1ile5ransfer 4otifications 1ile5ransfer 3er)ice 3er)ice 4otifications 4otifications 3er)ice 3er)ice 3canning 4otifications 4otifications 4otifications 4otifications 4otifications 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror /n error occurred $hile sending a file% -rror occurred $hile starting the notification agent process 1ailed to delete temporary file: U0V /n e&ception occurred loading configuration information% Unable to connect to 5C 3er)er% etrying%
/n e&ception occurred $hile trying to initiali'e 4otify% -rror shutting do$n notification agent% /n e&ception occurred $hile processing a message% 5he message $ill be re#ected% 1orefront 5CPro&y detected an une&pected e&ception% /ttempting to shutdo$n ser)ices% -&ception occurred $hile scanning ra$ message content% -rror occurred $hile sending notifications% 1ailed to notify sender% U0VP%P 1ailed to notify recipient% U0VP%P -rror accessing notification agent% 4otifications are not a)ailable% Intercept/nd3can5hread recei)ed arguments of the $rong type: U0V 1ailed to establish connection to file transfer recipient% 1ailed to configure ser)er to listen for inbound connections from file transfer sender% 1ailed to establish connection to file transfer sender% / connection to the file sender could not be established in an ade?uate amount of time%
60
0vent #-
Category
0vent type
909;A 909;< 909;> 909;7 909;C 909;9
1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer 1ile5ransfer
-rror -rror -rror -rror -rror -rror
3ender did not pro)ide the file si'e in an ade?uate amount of time% 1ile transfer failed: U0V% /n e&ception occurred $hile trying to intercept and scan a file transfer% -rror occurred $hile )erifying local file transfer directory% 1ailed to send file to recipient: U0V% Could not establish a connection to the file transfer recipient in an ade?uate amount of time% 1ailed to send file to recipient: U0V% Could not find a )alid IP)A address for the ser)er% 1ailed to send ,eep(ali)e response 5here $as an error updating the 3IP /pplication 2rder% Cannot get numbers of messages in ser)er agent% 3ystem o)erload detected% U0V messages in the ser)er% -nabling throttling% ecei)ed 4ull e?uest% 3er)er message ?ueue is full% Processed message $as attempted to be for$arded $ithout success% 5he 2C3 ser)er may be busy% /ttempt to accept file transfer for a session that does not e&ist% Could not find a )alid IP /ddress to accept incoming connections on% /n e&ception occurred $hile attempting to do$nload data from an inbound connection% /n e&ception occurred $hile attempting to upload data to an inbound connection%
61
909A0 909A9 909A2 909A; 909AA 909A< 909A> 909A7
1ile5ransfer 1ile5ransfer 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice
-rror -rror -rror -rror -rror -rror -rror -rror
909AC 909A9 909<0 909<9
3er)ice 3er)ice 1ile5ransfer 1ile5ransfer
0vent #-
Category
0vent type
909<2 909<; 909<A 909<< 909<>
1ile5ransfer 1ile5ransfer 3er)ice 4otifications 4otifications
-rror -rror -rror -rror -rror
/n e&ception occurred $hile attempting to do$nload data from an outbound connection% 1ailed to register a remoting channel% /n error occurred $hile trying to connect to the 2C3 ser)er% 5he 4otification /gent IM Client encountered an error: U0V ( U9V 5he 4otification /gent client is not yet online% 4otifications $ill ?ueue until the client comes online% /n une&pected notification $as found in the $or, ?ueue% 4otification agent encoutered an une&pected return )alue $hile $aiting for e)ents% 5he 4otification /gent configuration is in)alid% :erify that the ser)er name and user uri are correctly set% 5he 4otification /gent configuration is in)alid% :erify that the transport type is correctly set% 1ailed to login% -rror occurred logging in to ser)er: U0V% -rror occurred $hile trying to delete local file% 1ailed to delete local file U0V% 5he 4otification /gent IM Client encountered an error% /n e&ception $as thro$n $hile disposing the scanning thread% 3can 0ispatcher failed to start U0V out of U9V scanning threads% 3can 0ispatcher failed to start any of the scanning threads% 1orefront is disabled% 3can 0ispatcher cannot start scanning threads% 3can 0ispatcher failed to start scanning
62
909<7 909<C 909<9
3er)ice 4otifications 4otifications
-rror -rror -rror
909>0 909>9 909>2 909>; 909>A 909>< 909>> 909>7 909>C 909>9 90970
4otifications 4otifications 4otifications 4otifications 4otifications 4otifications 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice
-rror -rror -rror -rror -rror -rror -rror -rror -rror -rror -rror
0vent #-
Category
0vent type
thread $ith id ( U0V% 90979 90972 9097; 9097A 9097< 9097> 90977 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice 3er)ice -rror -rror -rror -rror -rror -rror -rror /n e&ception $as thro$n from 132C3canner during scanning% -ncountered an unsupported content type% U0VP%P 3can 0ispatcher timed out scanning the message ( U0VU9V1rom ( U2VU;V5o ( UAV 3can 0ispatcher timed out scanning the file ( U0VU9V1rom ( U2VU;V5o ( UAV 3can 0ispatcher encountered an error% Unable to read 1orefront-nabled registry ,ey *defaulting to enabled+, error is /n e&ception $as caught and handled $hile $aiting for the 1orefront 5CPro&y ser)ice to stop% /n e&ception $as caught and handled $hile stopping the 1orefront 5CPro&y ser)ice% Unable to connect to 2C3 3er)er% etrying%
9097C 90979 ;0009
3er)ice 3er)ice 3er)er -rror
-rror -rror -rror
5he message contains the error string I0: /dministration1ault% It indicates that the 123- 8ate$ay has recei)ed an /dministration1ault from 123-% 5he message contains the error string I0: Communication-rror% It indicates that the 123- 8ate$ay has recei)ed a Communication-&ception% 5he message contains the error string I0: Configuration-rror% It indicates that an un,no$n error has occurred during communication $ith Configuration ser)ice% 5he message contains the error string I0: 0irectory4ot1ound% It indicates that the specified directory could not be found and a 0irectory4ot1ound-&ception error has occurred%
;0002
3er)er -rror
-rror
;000;
8eneral
-rror
;000A
8eneral
-rror
63
0vent #-
Category
0vent type
;000<
8eneral
-rror
5he message contains the error string I0: 1oseCompany4ame4ot1ound and the string E5he 123- Company name not found%E It indicates that the 123- company name cannot be found from the configuration or the import data% 5he message contains the error string I0: 1oseUsername4ot1ound and the string E5he 123- Client username not foundE% It indicates that the 123- username cannot be found from the configuration or the import data% 5he message contains the error string I0: 1osePass$ord4ot1oundE, and the string E5he 123- Client pass$ord not found%E It indicates that the 123- pass$ord cannot be found from the configuration or the import data% 5he message contains the error string I0: 1ose3er)ice2peration5imedout% It indicates that the 123- 8ate$ay has recei)ed a 5imeout-&ception% 5he message contains the error string I0: 1ose eportPing1ailure, and the string E5he 123- eporting $eb ser)ice Ping failed%E It indicates that the 123- $eb ser)ice operation, ping, has failed% 5he message contains the error string I0: 1ile4ot1ound% It indicates that the specified file could not be found and a 1ile4ot1ound-&ception has occurred% 5he message contains the error string I0: Impossible eport5imePeriod, and the string E3tart0ate cannot be later than -nd0ate%E 5he message contains the error string I0: In)alid1oseCredentials, and the string EIn)alid 123- Client credentials *username or pass$ord+%E 5he message contains the error string I0:
64
;000>
8eneral
-rror
;0007
8eneral
-rror
;000C
3er)er -rror
-rror
;0009
3er)er -rror
-rror
;0090
8eneral
-rror
;0099
8eneral
-rror
;0092
3er)er -rror
-rror
;009>
8eneral
-rror
0vent #-
Category
0vent type
In)alidParameter, and the string E eport dates must be dates in the past and you can only fetch data $ithin the past MnN days $here MnN is a positi)e integerE% ;0097 3er)er -rror -rror 5he message contains the error string I0: In)alid eport0ate1rom1ose, and the string E123- eportPs inbound data contains incorrect start and6or end date%E 5he message contains the error string I0: In)alid3pam1ilter/ction, and the string EIn)alid spam filter action in WM!%E 5he message contains the error string I0: In)alid3pam1ilter0irection, and the string EIn)alid spam filter direction in WM!%E 5he message contains the error string I0: In)alidPro&y3er)erPort, and the string EIn)alid Pro&y 3er)er port%E 5he message contains the error string I0: In)alidWM!0ata, and the &ml string that is in)alid% 5he message contains the error string I0: Message3ecurity-rror% It indicates that the 123- 8ate$ay has recei)ed a Message3ecurity-&ception% 5he message contains the error string I0: 4ullImport0ata, and the string E4ull import data from either PPathP or PConfig3treamP%E 5he message contains the error string I0: 4ull eport0ata1rom1ose, and the string E123- report $eb ser)ice returned null data%E 5he message contains the error string I0: 2peration1ailed% It indicates that the current operation failed due to an un,no$n error% In the case of Import, it indicates that the attempt to import 123- policies failed% In the case of -&port, it indicates that the attempt to e&port 123- policies failed% In the case of eport, it t indicates that the attempt to
65
;009C
8eneral
-rror
;0099
8eneral
-rror
;0020
8eneral
-rror
;0029
8eneral
-rror
;0022
3er)er -rror
-rror
;002;
8eneral
-rror
;002A
3er)er -rror
-rror
;002<
3er)er -rror
-rror
0vent #-
Category
0vent type
retrie)e 123- report failed% ;002> 8eneral -rror 5he message contains the error string I0: Pro&yUsername4ot1ound, and the string E5he Pro&y 3er)er Pass$ord is specified but not the Username%E 5he message contains the error string I0: Pro&yPass$ord4ot1ound, and the string E5he Pro&y 3er)er Username is specified but not the Pass$ord%E 5he message contains the error string I0: Pro&y3er)erU !4ot1ound, and the string EPro&y 3er)er U ! not found%E 5he message contains the error string I0: ecei)edXeroConfiguration, and the string EConfiguration 3er)ice returned 'ero configuration%E 5he message contains the error string I0: eg=eyInstalledPath4ot/)ailable, and the string E1orefront 3er)er 3ecurity 123registry ,ey PInstalledPathP not a)ailable%E 5he message contains the error string I0: eport5ime3pan5oo!arge, and the string EHou ha)e re?uested too many days of data% 5he ma&imum number of days you may re?uest is: E 5he message contains the error string I0: 5oo1e$Parameters, and the string E4ot enough parameters specified for this command%E 5he message contains the error string I0: 5ooManyParameters, and the string E5oo many parameters specified for this command%E 5he message contains the error string I0: Unable5o2penI2% It indicates that an error has occurred $ith regard to opening the e&port file specified at the command line in the case of -&port(13-Bosted3er)icesPolicy,
66
;0027
8eneral
-rror
;002C
8eneral
-rror
;0029
8eneral
-rror
;00;0
8eneral
-rror
;00;9
8eneral
-rror
;00;2
8eneral
-rror
;00;;
8eneral
-rror
;00;A
3er)er -rror
-rror
0vent #-
Category
0vent type
or that the attempt to open the import &ml file failed in the case of Import( 13-Bosted3er)icesPolicy% ;00;< 8eneral -rror 5he message contains the error string I0: Unable5o0eseriali'e1romWM!% It indicates that the attempt to de(seriali'e &ml to an ob#ect failed% 5he message contains the error string I0: Unable5o8etConfiguration, and the string EUnable to retrie)e configuration from Configuration 3er)ice%E 5he message contains the error string I0: Unable5o3etConfiguration, and the string EUnable to set configuration $ith Configuration 3er)ice%E 5he message contains the error string I0: Unauthori'ed/ccess% It indicates an I2 error% 5he message contains the error string I0: Unable5o3eriali'e5oWM!% It indicates that the attempt to seriali'e an ob#ect to &ml failed% 5he message contains the error string I0: Unable5oCreateClientPro&y, and the string EUnable to create 123- /dministration Client pro&yE or EUnable to create 123- eporting Client pro&yE or EUnable to create 123Client pro&y%E 5he message contains the error string I0: Unable5o etrie)eCompany1rom1ose, and the string EUnable to retrie)e Company information from 123-%E 5he message contains the error string I0: Unable5o etrie)eCompanyConfig1rom1ose, and the string EUnable to retrie)e Company Configuration from 123-%E 5he message contains the error string I0: Unable5o etrie)e0omain1rom1ose, and the string EUnable to retrie)e 0omain information from 123-%E
67
;00;>
8eneral
-rror
;00;7
8eneral
-rror
;00;C ;00;9
8eneral 8eneral
-rror -rror
;00A0
8eneral
-rror
;00A9
3er)er -rror
-rror
;00A2
3er)er -rror
-rror
;00A;
3er)er -rror
-rror
0vent #-
Category
0vent type
;00AA
3er)er -rror
-rror
5he message contains the error string I0: Unable5o etrie)e0omainConfig1rom1ose, and the string EUnable to retrie)e 0omain configuration from 123-%E 5he message contains the error string I0: Unable5o etrie)e3pam1ilter1rom1ose, and the string EUnable to retrie)e 3pam 1ilter settings from 123-%E 5he message contains the error string I0: Un,no$n3er)ice1ault% It indicates that the 123- 8ate$ay has recei)ed a 1ault-&ception from 123- ser)ice% 5he message contains the error string I0: Wml3chema1ile4ot1ound, and the string EUnable to find the )alidation schema file for the import WM!%E 5he message contains the error string I0: Wml:alidation1ailed% It indicates that the import &ml is in)alid% 5he message contains the error string I0: 3ync0ata5imer1ailure% It indicates that the attempt by /P5/ to retrie)e sync data failed% 5he message contains the error string I0: eport5imer1ailure% It indicates that the attempt by /P5/ to retrie)e 123- report data failed% 5he message contains the $arning string I0: 0uplicatePolicy ule, and the string E/ duplicate policy rule has been deleted $ith uleIdSE% It indicates 123- has disco)ered a duplicate Policy ule and that 1238ate$ay has deleted it% 5he message contains the $arning string I0: Policy uleBas@eenModified, and the string E5he follo$ing policy rule has been modified since its deployment to 123-: E It indicates that a Policy ule may ha)e been modified at the /dministration Center UI%
68
;00A<
3er)er -rror
-rror
;00A>
3er)er -rror
-rror
;00A7
8eneral
-rror
;00AC
8eneral
-rror
;9009
8eneral
-rror
;9002
8eneral
-rror
A0009
3er)er -rror
"arning
A0002
3er)er -rror
"arning
0vent #-
Category
0vent type
A000;
3er)er -rror
"arning
5he message contains the $arning string I0: 3pam1ilterBas@eenModified, and the string E5he 3pam 1ilter has been modified since its deployment to 123-%E It indicates that the 3pam 1ilter may ha)e been modified at the /dministration Center UI% 5he message contains the information string I0: ImportComplete, and the string EImport( 13-Bosted3er)icesPolicy: 3ynchroni'ation $ith 123- completed%E 5he message contains the information string I0: ImportCredentialsComplete, and the string EImport(13-Bosted3er)icesPolicy: 3etting credentials completed%E 5he message contains the information string I0: Import0ata, and the string E Import( 13-Bosted3er)icesPolicy recei)ed the follo$ing data:E, follo$ed by the import &ml% 5he message contains the information string I0: -&portCompete, and the string E-&port( 13-Bosted3er)icesPolicy: etrie)ing Policies from 123- completed%E 5he message contains the information string I0: 8et0ataCenterIPComplete, and the string E8et(13-Bosted3er)ices: etrie)ing 0ata Center IP information from 123- completed%E 5he message contains the information string I0: 8et123-0omainComplete, and the string E8et(13-Bosted3er)ices: etrie)ing 0omain information from 123- completed%E 5he message contains the information string I0: 8et123-3tatusComplete, and the string E8et(13-Bosted3er)ices: etrie)ing 3ync 0ata and 123- 3tatus completed%E 5he message contains the information string I0: eportComplete, and the string E8et( 13-Bosted3er)ices eport: etrie)ing eport from 123- completed%E
69
<0009
Bealth 3tatus
Information
<0002
Bealth 3tatus
Information
<000;
Bealth 3tatus
Information
<000A
Bealth 3tatus
Information
<000<
Bealth 3tatus
Information
<000>
Bealth 3tatus
Information
<0007
Bealth 3tatus
Information
<000C
Bealth 3tatus
Information
0vent #-
Category
0vent type
<9009
Bealth 3tatus
Information
5he message contains the information string I0: 3ync0ata5imerComplete, and the string E etrie)ing 3ync 0ata completed%E It indicates that the attempt by /P5/ to retrie)e 3ync 0ata is successful% 5he message contains the information string I0: eport5imerComplete, and the string E etrie)ing 123- eport completed%E It indicates that the attempt by /P5/ to retrie)e eport 0ata is successful%
<9002
Bealth 3tatus
Information
70

SCOM

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

SCOM

Загружено:

Авторское право:

Доступные форматы

Microsoft Forefront Server Security Management Pack for Microsoft System Center Operations Manager 2007 User Guide

#ntroduction $ FFSMP for SCOM 2007

5riggering scan engine updates% etrie)ing scan engine update )ersions%

#nsta""ation and configuration $ FFSMP for SCOM 2007

Operations Manager 2007 server re'uirements

#nsta""ing t(e management pack

Computer ,ttri/utes $ FFSMP for SCOM 2007

-&change -dge 5ransport

-&change Mailbo& egistry =ey

&u"es $ FFSMP for SCOM 2007

&u"es for Forefront Security for 01c(ange Server

Provider$/ased event ru"es

Co""ection event ru"es

,"ert event ru"es

Performance counter providers

&u"es %no8"edge 7ase

)asks $ FFSMP for SCOM 2007

Contro""ing script "ogging

C"ient conso"e tasks

Set statistic t(res(o"d percentage

#mmediate manua" scan task

#mmediate /ackground scan task

Services contro" tasks

0ngine update tasks

&etrieve update version tasks

Vie8s $ FFSMP for SCOM 2007

3ea"t( Monitoring $ FFSMP for SCOM 2007

!ast engine update

!ast engine update

)ransport and &ea"time Scan ;o/s *separate events for eac(+

3can #ob enabled

3can process state

13C monitor is running%

13C monitor is not running%

1orefront license is enabled%

1orefront license is in the e)aluation, beta, or grace period%

1orefront license has e&pired%

,"ert Vie8s for Forefront Security $ Genera"

1older :ie$ 4ame Criteria

0isplays alerts about engine update failures% In)estigate each alert%

,"ert Vie8s for Forefront for 01c(ange

1older :ie$ 4ame Criteria

1older :ie$ 4ame Criteria

/lert 0escription esolution

3ee Bealth 3tate -)ents

0vent Vie8s for Forefront Security $ Genera"

Parent 1older :ie$ 4ame Criteria

0vent Vie8s for Forefront for 01c(ange

Parent 1older :ie$ 4ame Criteria

Parent 1older :ie$ 4ame Criteria

Performance Vie8s for Forefront for 01c(ange

1older :ie$ 4ame Criteria

/ttachment scan rate for the 4one re?uired%

1older :ie$ 4ame Criteria

5otal number of attachments cleaned by the ealtime 3can% 4one re?uired%

1older :ie$ 4ame Criteria

5otal number of attachments detected by the ealtime 3can% 4one re?uired%

1older :ie$ 4ame Criteria

5otal number of attachments remo)ed by the ealtime 3can% 4one re?uired%

1older :ie$ 4ame Criteria

5otal number of attachments scanned by the ealtime 3can% 4one re?uired%

1older :ie$ 4ame Criteria

1older :ie$ 4ame Criteria