The FEP2010 Reporting account is defined during the FEP server setup, with the installation of the Reporting role to be exact.
The account is used by SQL Reporting Services (SRS) to access the FEP data source used by reporting. Incorrect credentials may result in an error as below or similar:

This post is to provide you with the steps needed to change the reporting account in the occasion you have a need to do so.

Note: all below steps must be executed with an administrator account.

Access to the FEP database used by reporting

These steps must be executed on the SQL Server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

1. Open SQL Management Studio and select Database engine from the Server type list. Enter or browse the SQL Server name hosting the reporting database.
2. Under the Security container in SQL Management Studio, right-click Logins and then click New Login.
3. Enter the login name (including domain) for your new reporting account.
4. On the left-hand side in the Page selection area, select User Mappings.
5. On the right-hand side, select the FEPDW_XXX database.
6. In the Database role membership area below, check AN_ReaderRole and then click OK.

Access to the OLAP cube

These steps must be executed on the SQL server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

1. In SQL Management Studio, select Connect Object Explorer from the File menu.
2. In the Connect to Server window, select Analysis Services from the Server type list.
3. Expand the FEPDW_XXX database and the Roles container.
4. Right-click the ReportsUserReadRole and click Properties.
5. Click the Membership page on the right-hand side.
6. Add your new reporting account if it is not listed on the right-hand pane by clicking the Add button.
7. Remove the old reporting account from the list.

Change the account on the Reporting server

These steps can be executed from any system. XXX is your Configuration Manager site code.

1. Open http://<reportserver>/reports (replace <reportserver> with the name of the report server).
2. Click the Forefront Endpoint Protection_XXX link.
3. Click the Show Details button in the top right.
4. Click the DataSources link.
5. Click the DefaultDataSource link
6. Enter the credentials of the new reporting account and click Apply.

Update the reporting account in the registry

These steps must be executed on the server hosting the FEP2010 Reporting role.

1. Open the registry editor on the reporting server.
2. Navigate to HKLM\Software\Microsoft\Microsoft Forefront\Forefront Endpoint Protection 2010\Server
3. Double-click REPORTUSER and enter the new reporting account (in the format domain\username).
4. Close the registry editor.

Kurt Sarens, Senior Support Engineer

An issue has been identified in Forefront Client Security (FCS) where when viewing the computer details report from the Forefront Client Security management console, the antimalware client version on 64-bit clients is not reported accurately. This is because of an error in the way the Operations Manger 2005 Management Pack collects this information.

During Forefront Client Security installation, the antimalware package creates several registry keys and creates files in several different directories. During the antimalware installation on 64-bit computers, the following key is created under [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Forefront\Client Security\1.0\AM]

"InstallLocation=C:\\Program Files (x86)\\Microsoft Forefront\\Client Security\\Client\\Antimalware\\"

The antimalware version is not reported because the MOM agent is 32-bit and on 64-bit computers runs under Windows on windows subsystem. Because of this the MOM agent queries the WOW6432 node of HKEY_LOCAL_MACHINE. When the MOM script queries for the installation path and gets a value of “C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Antimalware,” it then attempts to discover the file version for MsMpEng.exe, which is not located in this directory. On 64-bit computers MsMpEng.exe is located in “c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware. When this query fails, the AM version property is set to “N/A”.

If you are experiencing this issue, we suggest you open a support case with using one of the methods documented here: http://support.microsoft.com/select/Default.aspx?target=assistance

Thanks,

Chris Norman, Senior Escalation Engineer

One of our support engineers, Jeramy Skidmore, has posted a fantastic article on how to provision a limited FEP Administrator in the Configuration Manager console.

He walks you through the process of provisioning the new FEP Administrator, installing the Configuration Manager console and then the FEP console extensions for Configuration Manager, and then creating the custom MMC for the newly provisioned FEP Admin.

Take a look: http://social.technet.microsoft.com/wiki/contents/articles/setting-up-a-new-fep-administrator.aspx

Thanks Jeramy!!

We wanted to update you about an issue with FEP that you may have seen in your organization. This is a known issue, and we’ll keep you up to date with developments.

Symptoms:

Periodically, the FEP data collection job (FEP_GetNewData_FEPDW_xyz) fails. When the job fails, the FEP Health Management Pack for Operations Manager and the FEP BPA report an error with the FEP datawarehouse job either failing or not running. The failure is in one of the following job steps:

• Step 6: End raise error section on DW, raise errors that were thrown from DW DB
• Step 7: ssisFEP_GetErrorsDuringUpload_FEPDW_xyz

Cause:

This happens because of the following scenario:

1. The antimalware client is from time to time sending a malformed malware detection data item to the FEP server.
2. The server tries to process this data item as part of the data collection job (FEP_GetNewData_FEPDW_xyz).
3. During data item processing, the job sees that this data item is malformed and ignores it.
4. After processing completes, the data collection job (FEP_GetNewData_FEPDW_xyz) looks to see if any data items were malformed, and if so, it fails the job.

Impact:

• Malformed data items are lost (they don’t get processed); all properly-formed data items are processed.
• You may experience a small performance impact during the data collection job (FEP_GetNewData_FEPDW_xyz) due to the handling of malformed data items.
• The data collection job (FEP_GetNewData_FEPDW_xyz) appears as failed in the job history.
• If the SQL Server Monitoring Management Pack is installed on your Operations Manager server, the data collection job (FEP_GetNewData_FEPDW_xyz) appears with an error.
• If the Forefront Endpoint Protection Server Health Monitoring Management Pack is installed on your Operations Manager server, the FEP deployment appears as critical and an alert is issued.

Greetings!

Attached to this blog post is the FEP Datawarehouse Space Capacity Planning worksheet. You can use this worksheet to help estimate the amount of disk space needed based on the following values:

• Number of client computers in your FEP 2010 deployment
• The number of days to retain data (the retention period)
• The average number of Configuration Manager collections to which each client computer belongs
• The average number of detections per client computer, per day

After you enter in your values in the yellow area, the calculated results appear in the next set of rows. Each row contains information about average record sizes, number of records per computer per day, total size of the record type in the database, and the percent of the total space used by the record item.

The final row in the spreadsheet, in green, gives you the total estimated size of the FEP Datawarehouse, given the values you supplied.

Enjoy!