by Jeramy Skidmore

You can move the Configuration Manager site database and associated Forefront Endpoint Protection (FEP) databases after setup has completed to a different SQL Server computer system by:

1. Backing up the FEP data warehouse (FEPDW_<sitecode>)
2. Backing up the Configuration Manager Site Database (SMS_<sitecode>)
3. Uninstalling the FEP reporting component
4. Restoring the site database and FEP data warehouse to their new locations
5. Relocating the site database via Configuration Manager setup
6. And then reinstalling the FEP Reporting component

Detailed steps follow.

To move the databases

Important: You will require access to the FEP 2010 installation media in order to successfully complete these steps.

1. Back up the site database on the current site database server and restore it on the new site database server computer using the SQL Server Management Studio. For more information, see How to Move the Site Database.
2. Back up the FEP data warehouse (FEPDW_sitecode) on the current FEP Reporting SQL Server and restore it to the new Reporting SQL Server. (If you have a remote reporting database and are not moving the FEP reporting database, you can skip this step.)

   Note

   Ensure that the database access permissions are the same on the new databases as they are on the original databases.

3. On the site server, in Add/Remove programs, uninstall Microsoft Forefront Endpoint Protection 2010 Reporting.
4. Ensure the primary site server computer account has administrative privileges over the new site database server computer.
5. Close any open Configuration Manager console connections to the site server.
6. On the primary site server computer, use the hierarchy maintenance tool (Preinst.exe) to stop all site services by using the following command: Preinst /stopsite.
7. On the primary site server computer, click Start, click All Programs, click Microsoft System Center, click Configuration Manager 2007, and click ConfigMgr Setup, or navigate to the .\bin\i386 directory of the Configuration Manager 2007 installation media and double-click Setup.exe.
8. Click Next on the Configuration Manager Setup Wizard Welcome page.
9. Click Perform site maintenance or reset this site on the Configuration Manager Setup Wizard Setup Options page.
10. Select Modify SQL Server configuration on the Configuration Manager Setup Wizard Site Maintenance page.
11. Enter the appropriate SQL Server name and instance (if applicable) for the new site database server as well as the site database name on the Configuration Manager Setup Wizard SQL Server Configuration page.
    Configuration Manager Setup performs the SQL Server configuration process.
12. Restart the primary site server computer, and verify the site is functioning normally.
13. On the site server, run serversetup.exe from the FEP installation media.
14. On the Installation Options step, choose Advanced Topology.
15. On the Advanced Toplogy step, ensure that FEP 2010 Reporting and Alerts is selected.
16. On the Reporting Configuration step, provide the proper computer, instance, and database name for your SQL implementation. Ensure the Reuse existing database check box is selected.
17. Proceed through setup. This process will recreate the FEP database alongside the relocated site database, and recreate the SQL jobs necessary to move information from the site database into the FEP databases. The FEPDB will be repopulated according to the information stored in the site database.

Hi folks,

There have been some questions about these two areas of definition updates, so I wanted to clarify this a bit.

Whenever FEP does a definition update, a silent rescan of all running processes and loaded modules is performed. If there is malware running that is now detected by the new definitions, that malware is detected within a few seconds of performing the update. There is no action needed on your part after new definitions are downloaded – this silent rescan happens automatically.

Additionally, the FEP client can be configured to check for definition updates automatically on service start. The behavior is the same as described in Checking for definition updates when starting (yes, that particular blog article deals with FCS, but the FEP behavior is the same). The registry key already exists in the FEP ADMX, which you can download as part of the FEP2010grouppolicytools-<locale>.exe here. For full documentation about all the values in the ADMX, see the FEP ADMX Reference.

Thanks!

 By Adwait Joshi

Hello,

An Update Rollup for Forefront Endpoint Protection 2010 is now available here: http://go.microsoft.com/fwlink/?LinkId=223229 .

 In addition to hotfixes, this Update also includes some important changes to note:

1. Support for Windows Embedded 7 platforms:  With this update, the FEP client software is supported on certain Windows Embedded 7 platforms (including Windows Thin PC) and Windows Server 2008 Server Core.  For more information about the additional support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client Computer.
2. Signature Update Automation Tool used with Configuration Manager Software Update:  This tool automates downloading FEP definition updates using Configuration Manager 2007 Software Updates.  This is a command line tool that uses Configuration Manager APIs to get new definitions from Microsoft Update via the Configuration Manager software update feature, distribute the content to distribution points, and deploy the updates to Endpoint Protection clients on a recurring schedule.  The automation of the tool is done through the Windows task scheduler. To download the tool, see http://go.microsoft.com/fwlink/?LinkID=221205
3. Two new preconfigured policy templates for the following server workloads:
1. Microsoft Forefront Threat Management Gateway
2. Microsoft Lync 2010

You can find more details in the “What’s New” document on the  Technet site.  Please check out this KB article for a full list of fixes included in this Update Rollup.

Thanks,

Adwait Joshi

Sr. Technical Product Manager

Forefront Endpoint Protection

Hey folks!

I wanted to let you know that we have guidance for migrating from FCS v1 to FEP 2010 here (http://technet.microsoft.com/en-us/library/gg477033.aspx).

The process involves the following high level steps:

1. Document the policy settings you want to preserve from FCS to FEP. There is no policy migration between the two versions.
2. In WSUS, unapprove all the FCS v1 client installation packages.
• If you forget to do this, you may end up with FCS v1 reinstalled.
3. Install FEP on your Config Mgr installation, and proceed with the FEP client deployment.
• The FCS v1 client software is automatically uninstalled and FEP is installed.
• Also – the definitions already on the client computers are preserved, speeding up the up-to-date process for definition downloading.

Thanks!

Kim Ditto-Ehlert
Senior Technical Writer

From Angela Latimer, CSS

If you are using Forefront Endpoint Protection (FEP) 2010, you may have tried running one of the three default FEP reports and noticed that not all areas or sub-reports display properly. You may see an error in processing the reporting data or retrieving the data, similar to the error displayed below:

Error while trying to run the Antimalware Activity Report:

We found this error was due to the installed version of Microsoft SQL Server not being up-to-date with the latest Cumulative Update package. Cumulative Update packages contain hot fixes that address issues in the currently installed version of Microsoft SQL Server which may be versions ranging from Release to Manufacturing (RTM), Service Pack (SP), or Feature Release (R).

In digging into the details of the error related to FEP reports not displaying properly, we found the following errors in the System Center Configuration Manager Console and/or in the %drive%:\Program Files (x86)\Microsoft Configuration Manager\Logs\SRSRP.log file, reporting Error ID 7403 related to the health of SRS Reporting Point thread:

STATMSG: ID=7403 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_SRS_REPORTING_POINT" SYS= SITE= PID=2880 TID=5572 GMTDATE=Wed Oct 21 17:57:26.302 2009 ISTR0="HACM01" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_SRS_REPORTING_POINT 10/21/2009 10:57:26 AM 5572 (0x15C4)  
Failures reported during periodic health check by the SRS Server . Will retry check in 57 minutes SMS_SRS_REPORTING_POINT 10/21/2009 10:57:26 AM 5572 (0x15C4)

In the two environments we discovered this issue, Microsoft SQL Server 2008 and SQL Server 2008 R2 were running, but had NOT had the Cumulative Update package installed. As soon as this update was installed, the FEP reports began displaying properly.

At the time of this blog, these are the most current Cumulative Update Packages for Microsoft SQL Server 2008 and 2008 R2. However, you should do a Bing search to ensure you are always installing the latest version.

• For SQL Server 2008 R2: Cumulative Update Package 7 for SQL Server 2008 R2 - http://support.microsoft.com/kb/2507770
• For SQL Server 2008 SP2: Cumulative Update Package 4 for SQL Server 2008 SP2 - http://support.microsoft.com/kb/2527180
• For SQL Server 2008: Cumulative Update Package 4 for SQL Server 2008 - http://support.microsoft.com/kb/963036