I have had a scenario with pretty simple FEP 2010 with Update Rollup 1 configuration: basic topology with remote reporting server. In this scenario I had two servers: one primary site server and another reporting server with SRSS on board.
After FEP server components installation everything works fine except alerts. I have tried to send test email using Windows Integrated or Anonymous authentication but had zero success results. Nothing was wrong on a first sight with primary site server, its firewall or destination email server. I checked email server by spoofing it via telnet and have test email arrived to my Inbox. (For those who curious how to do it you can find step by step instruction here http://support.microsoft.com/kb/153119). So nothing was wrong with email server or port on firewall. I have checked FEP event log and found nothing there connected to test email as well. I have had no choice so I called Microsoft Premier Support and ask them to help me. CritSit A was opened because this scenario was happened on customer FEP brand new installation and customer has intention to start production deployment of FEP clients in couple of days.
PSS guys asked me to change FEP event trace logging mode to Verbose. I stopped trace (trace file was cleaned). Started trace again and restarted Forefront Endpoint Protection Monitoring Service (FepSrv.exe) and tried to send test alert email again. After that I stopped FEP event trace and gave result file to PSS guys for further investigation. They came back to me with question about microsoft.configurationmanagement.managementprovider.dll file located in “C:\Program Files (x86)\Microsoft Configuration Manager\AdminUI\bin” folder. They told me FEP monitoring service couldn’t use it and asked me to check it. This is what I done: