By default, the FEP 2010 Deployment – Install package is configured to download and run the installation program on the client computer. If you modify the advertisement to run the install from the Distribution Point (DP), the install fails with the following error message:

“The program for advertisement "XYZ" failed ("XYZ - "Install"). The failure description was "FEP failed compiling CCM_ISV_SoftwarePolicy required for applying policy. Error code: 0x1".”

If you want to run the FEP Client install from the DP you need to do the following:

1. Create a new program in the FEP Deployment software package and give it a new name, for example DP Install.
   1. Copy the setting from the Install program in the FEP Deployment package to the newly created DP – Install program. (Unfortunately there is no way to copy a package in Configuration Manager.) You can copy and paste the Command line text.
   2. On the Environment tab, change the Drive mode option to Requires drive letter (pictured below) , and then click OK.
   
   
   
2. Advertise the deployment of the FEP client and select the program you just created (DP Install) as the program to advertise. 

1. Because  you need to make a change to the advertisement so it will successfully install, you should set the time for the advertisement to be at least 1/2 hour in the future. This will give you the necessary time to make the required changes. For more information about creating the FEP client advertisement, see Deploying by Using Configuration Manager Packages ( http://technet.microsoft.com/en-us/library/ff823885.aspx)
2. On the Distribution Points tab, under When a client is connected within a fast (LAN) network boundary click Run program from distribution point (pictured below), and then click OK. 

Thanks!

Gershon Levitz, Technical Writer MSDiX

Greetings!

Attached to this blog post is the FEP Datawarehouse Space Capacity Planning worksheet. You can use this worksheet to help estimate the amount of disk space needed based on the following values:

• Number of client computers in your FEP 2010 deployment
• The number of days to retain data (the retention period)
• The average number of Configuration Manager collections to which each client computer belongs
• The average number of detections per client computer, per day

After you enter in your values in the yellow area, the calculated results appear in the next set of rows. Each row contains information about average record sizes, number of records per computer per day, total size of the record type in the database, and the percent of the total space used by the record item.

The final row in the spreadsheet, in green, gives you the total estimated size of the FEP Datawarehouse, given the values you supplied.

Enjoy!

We wanted to update you about an issue with FEP that you may have seen in your organization. This is a known issue, and we’ll keep you up to date with developments.

Symptoms:

Periodically, the FEP data collection job (FEP_GetNewData_FEPDW_xyz) fails. When the job fails, the FEP Health Management Pack for Operations Manager and the FEP BPA report an error with the FEP datawarehouse job either failing or not running. The failure is in one of the following job steps:

• Step 6: End raise error section on DW, raise errors that were thrown from DW DB
• Step 7: ssisFEP_GetErrorsDuringUpload_FEPDW_xyz

Cause:

This happens because of the following scenario:

1. The antimalware client is from time to time sending a malformed malware detection data item to the FEP server.
2. The server tries to process this data item as part of the data collection job (FEP_GetNewData_FEPDW_xyz).
3. During data item processing, the job sees that this data item is malformed and ignores it.
4. After processing completes, the data collection job (FEP_GetNewData_FEPDW_xyz) looks to see if any data items were malformed, and if so, it fails the job.

Impact:

• Malformed data items are lost (they don’t get processed); all properly-formed data items are processed.
• You may experience a small performance impact during the data collection job (FEP_GetNewData_FEPDW_xyz) due to the handling of malformed data items.
• The data collection job (FEP_GetNewData_FEPDW_xyz) appears as failed in the job history.
• If the SQL Server Monitoring Management Pack is installed on your Operations Manager server, the data collection job (FEP_GetNewData_FEPDW_xyz) appears with an error.
• If the Forefront Endpoint Protection Server Health Monitoring Management Pack is installed on your Operations Manager server, the FEP deployment appears as critical and an alert is issued.

The FEP2010 Reporting account is defined during the FEP server setup, with the installation of the Reporting role to be exact.
The account is used by SQL Reporting Services (SRS) to access the FEP data source used by reporting. Incorrect credentials may result in an error as below or similar:

This post is to provide you with the steps needed to change the reporting account in the occasion you have a need to do so.

Note: all below steps must be executed with an administrator account.

Access to the FEP database used by reporting

These steps must be executed on the SQL Server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

1. Open SQL Management Studio and select Database engine from the Server type list. Enter or browse the SQL Server name hosting the reporting database.
2. Under the Security container in SQL Management Studio, right-click Logins and then click New Login.
3. Enter the login name (including domain) for your new reporting account.
4. On the left-hand side in the Page selection area, select User Mappings.
5. On the right-hand side, select the FEPDW_XXX database.
6. In the Database role membership area below, check AN_ReaderRole and then click OK.

Access to the OLAP cube

These steps must be executed on the SQL server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

1. In SQL Management Studio, select Connect Object Explorer from the File menu.
2. In the Connect to Server window, select Analysis Services from the Server type list.
3. Expand the FEPDW_XXX database and the Roles container.
4. Right-click the ReportsUserReadRole and click Properties.
5. Click the Membership page on the right-hand side.
6. Add your new reporting account if it is not listed on the right-hand pane by clicking the Add button.
7. Remove the old reporting account from the list.

Change the account on the Reporting server

These steps can be executed from any system. XXX is your Configuration Manager site code.

1. Open http://<reportserver>/reports (replace <reportserver> with the name of the report server).
2. Click the Forefront Endpoint Protection_XXX link.
3. Click the Show Details button in the top right.
4. Click the DataSources link.
5. Click the DefaultDataSource link
6. Enter the credentials of the new reporting account and click Apply.

Update the reporting account in the registry

These steps must be executed on the server hosting the FEP2010 Reporting role.

1. Open the registry editor on the reporting server.
2. Navigate to HKLM\Software\Microsoft\Microsoft Forefront\Forefront Endpoint Protection 2010\Server
3. Double-click REPORTUSER and enter the new reporting account (in the format domain\username).
4. Close the registry editor.

Kurt Sarens, Senior Support Engineer

FEP 2010 clients require the Windows Filtering Platform (WFP) rollup package KB981889 on Windows Vista, 2008, 2008 R2, and Windows 7 – and installation of this package requires a client reboot.

One of our support engineers, Jeramy, recently needed to assist a customer in getting the rollup distributed to client computers ahead of time, to allow the reboot to happen during the normal maintenance cycle.

Jeramy wrote up the steps you need to take in order to deploy rollup KB981889 before deploying the FEP client software – take a look:

http://social.technet.microsoft.com/wiki/contents/articles/fep-2010-deploying-client-kb981889-ahead-of-time.aspx

Thanks for reading – and thanks Jeramy!