Heroes Happen {Here} Challenge

While at Sydney Windows Infrastructure User Group looking at some of the funky NAP features of Windows 2008, our local Microsoft IT Pro Evangelist, Jeff Alexander, laid down a challenge to step up to the presenting podium and give a 10 minute presentation on a feature Windows 2008 .

It’s part of a national call and frankly looks like a great bit of fun. I stuck my hand up for giving it a go as did a few other brave souls. I’m going to leaf through some books and pick a topic to try.

Guess it’s time to build a real 2008 Server and stick Hyper-V on it – like I need the excuse :D

Passing the Forefront 070-557 exam

Few days ago, thought “what the heck” and booked in the 070-557 exam.

I’ve built enough labs and worked with the software for a while now and was feeling fairly confident I’d do okay.

The exam wasn’t what I expected or perhaps I over estimated what the questions would be. To be fair, the Ms Exam prep was pretty spot on for what you needed to understand.

The questions were fairly straight forward and if you’ve built a few Forefront systems, got them working correctly and read the guides published by Microsoft for Forefront I’d say you’d have a very decent chance of passing. The deployment and adminstration guide for Forefront and the user guides for Exchange and SharePoint where the most useful for real life and the exam prep.

You’ll have to have installed and configured the Exchange and SharePoint protection as well. You’ll need to understand some of the more obscure settings, but hey, it’s a test. If you don’t have access to test on these go an play on Ms excellent Virtual Labs they cover all three major components of the product. I spent a bit of time mucking around on the features in the virtual labs when my own labs weren’t available and found them excellent sandboxes to muck around in.

Not quite the full 1000, but close enough. A pass is a pass anyway ;-)

Microsoft Certified Technology Specialist: Microsoft Forefront Client and Server – Configuration

That’s one tick off on the study list.

Forefront Security Exchange Errors – Event ID: 6014 & 2017

While building another lab, I noticed these two errors popping up in the Application log:

Event Type: Error
Event Source: GetEngineFiles
Event Category: Engine Error
Event ID: 6014
Date: 4/13/2008
Time: 3:00:26 PM
User: N/A
Computer: EX
Description:
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Kaspersky5
Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky5
Proxy Settings: Disabled
Error Code: 0×80004005
Description: An error occurred while loading the scan engine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: GetEngineFiles
Event Category: General
Event ID: 2017
Date: 4/13/2008
Time: 2:44:19 PM
User: N/A
Computer: EX
Description:
Forefront Server Security has rolled back a scan engine.
Scan Engine: Norman

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

After wandering through Google, found a pointer. Basically, I hadn’t bothered to register the software (hey, it says I’ve got 120 days to do so …) and the updates weren’t being pulled down automatically because of that, hence the errors. Added the key, the errors when away and the AV engines and signatures updated.

SMS/SCCM Forefront deployment

In a quest to deploy Forefront in a bandwidth friendly manner I was playing with SMS/SCCM to deploy the client and updates. To my delight, I found the blog pages of Yaniv Feldman. Yaniv has been there, done that and written a guide SMS SCCM

Excellent work – then he goes and creates a Youtube video on How to install Forefront with SCCM

I’m subscribed to his RSS feed to see what else I can learn :-)

Stripping out Symantec Client Security problem

As part of testing, I was playing with a couple of laptops with Symantec Client Security.

Removing Symantec when smoothly, that was until I tried to enable the Window XP Sp 2 firewall after rebooting.

This charming error appeared when I attempted to start the Firewall service:

Error 0×80004015: The class is configured to run as a security id different from the caller

I guessed that Symantec had mangled something in the registry and hadn’t clean it up on removal.

After a bit of digging KB892199 provide to have the answer. Basically the permissions in two registry keys were stuffed up.

Using my mastery of the batch file, I knocked up this as part of a script to prepare a system for Forefront install

REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Security /f
REG DELETE HKLM\SOFTWARE\Classes\AppID\{ce166e40-1e72-45b9-94c9-3b2050e8f180} /f

After a reboot the XP firewall started up as if Symantec had never been there.